You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

5899 lines
319 KiB

  1. <?php
  2. // Project: Web Reference Database (refbase) <http://www.refbase.net>
  3. // Copyright: Matthias Steffens <mailto:refbase@extracts.de> and the file's
  4. // original author(s).
  5. //
  6. // This code is distributed in the hope that it will be useful,
  7. // but WITHOUT ANY WARRANTY. Please see the GNU General Public
  8. // License for more details.
  9. //
  10. // File: ./search.php
  11. // Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/search.php $
  12. // Author(s): Matthias Steffens <mailto:refbase@extracts.de>
  13. //
  14. // Created: 30-Jul-02, 17:40
  15. // Modified: $Date: 2017-04-13 02:00:18 +0000 (Thu, 13 Apr 2017) $
  16. // $Author: karnesky $
  17. // $Revision: 1416 $
  18. // This is the main script that handles the search query and displays the query results.
  19. // Supports three different output styles: 1) List view, with fully configurable columns -> displayColumns() function
  20. // 2) Details view, shows all fields -> displayDetails() function; 3) Citation view -> generateCitations() function
  21. // TODO: - Refactor so that query builder will use a few common functions
  22. // - I18n
  23. // Incorporate some include files:
  24. include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password
  25. include 'includes/header.inc.php'; // include header
  26. include 'includes/results_header.inc.php'; // include results header
  27. include 'includes/footer.inc.php'; // include footer
  28. include 'includes/include.inc.php'; // include common functions
  29. include 'includes/cite.inc.php'; // include citation functions
  30. include 'includes/export.inc.php'; // include export functions
  31. include 'includes/execute.inc.php'; // include functions that deal with execution of shell commands
  32. include 'includes/atomxml.inc.php'; // include functions that deal with Atom XML
  33. include 'includes/modsxml.inc.php'; // include functions that deal with MODS XML
  34. include 'includes/oaidcxml.inc.php'; // include functions that deal with OAI_DC XML
  35. include 'includes/odfxml.inc.php'; // include functions that deal with ODF XML
  36. include 'includes/opensearch.inc.php'; // include functions that return an OpenSearch response
  37. include 'includes/openurl.inc.php';
  38. include 'includes/srwxml.inc.php'; // include functions that deal with SRW XML
  39. include 'initialize/ini.inc.php'; // include common variables
  40. // --------------------------------------------------------------------
  41. // Extract the ID of the client from which the query originated:
  42. // this identifier is used to identify queries that originated from the refbase command line clients ("cli-refbase-1.1", "cli-refbase_import-1.0") or from a bookmarklet (e.g., "jsb-refbase-1.0")
  43. // (note that 'client' parameter has to be extracted *before* the call to the 'start_session()' function, since it's value is required by this function)
  44. if (isset($_REQUEST['client']))
  45. $client = $_REQUEST['client'];
  46. else
  47. $client = "";
  48. // START A SESSION:
  49. // call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:
  50. start_session(true);
  51. // Read out POST data that were saved as a session variable:
  52. // NOTE: this is done by 'show.php' if the original request was a POST (as is the case for the refbase command line client)
  53. // in order to retain large param/value strings (that would exceed the maximum string limit for GET requests)
  54. if (isset($_SESSION['postData']))
  55. {
  56. foreach ($_SESSION['postData'] as $varname => $value)
  57. {
  58. $_POST[$varname] = $value;
  59. $_REQUEST[$varname] = $value;
  60. }
  61. deleteSessionVariable("postData"); // function 'deleteSessionVariable()' is defined in 'include.inc.php'
  62. }
  63. // --------------------------------------------------------------------
  64. // Initialize preferred display language:
  65. // (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)
  66. include 'includes/locales.inc.php'; // include the locales
  67. // --------------------------------------------------------------------
  68. // EXTRACT FORM VARIABLES
  69. // [ Extract form variables sent through POST/GET by use of the '$_REQUEST' variable ]
  70. // [ !! NOTE !!: for details see <http://www.php.net/release_4_2_1.php> & <http://www.php.net/manual/en/language.variables.predefined.php> ]
  71. // Extract the form used for searching:
  72. $formType = $_REQUEST['formType'];
  73. // Extract the type of display requested by the user. Normally, this will be one of the following:
  74. // - '' => if the 'submit' parameter is empty, this will produce the default view
  75. // - 'List' => display records using the columnar output style ('displayColumns()' function)
  76. // - 'Display' => display details for all found records ('displayDetails()' function)
  77. // - 'Cite' => build a proper citation for all found records ('generateCitations()' function)
  78. // - 'Browse' => browse unique values from a given database field ('displayColumns()' function)
  79. // Note that the 'submit' parameter can be also one of the following:
  80. // - 'Export' => generate and return selected records in the bibliographic format specified by the user ('generateExport()' function)
  81. // - 'RSS' => these value gets included within the 'RSS' link (in the page header) and will cause 'search.php' to return results as RSS feed
  82. // - 'Search', 'Show' or 'Hide' => these values change/refine the search results or their appearance on screen (how many entries & which columns get displayed)
  83. // - 'Add', 'Remove' => these values will trigger actions that act on the selected records
  84. if (isset($_REQUEST['submit']) AND !empty($_REQUEST['submit']))
  85. $displayType = $_REQUEST['submit'];
  86. else
  87. $displayType = $_SESSION['userDefaultView']; // get the default view for the current user
  88. // extract the original value of the '$displayType' variable:
  89. // (which was included as a hidden form tag within the 'groupSearch' form of a search results page, the 'queryResults' form in Details view, and the 'duplicateSearch' form)
  90. if (isset($_REQUEST['originalDisplayType']))
  91. $originalDisplayType = $_REQUEST['originalDisplayType'];
  92. else
  93. $originalDisplayType = "";
  94. // we need to check if the user is allowed to view records with the specified display type:
  95. if ($displayType == "List")
  96. {
  97. if (isset($_SESSION['user_permissions']) AND !preg_match("/allow_list_view/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable does NOT contain 'allow_list_view'...
  98. {
  99. // return an appropriate error message:
  100. $HeaderString = returnMsg($loc["NoPermission"] . $loc["NoPermission_ForDisplayColumns"] . "!", "warning", "strong", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php'
  101. if (!preg_match("/^cli/i", $client))
  102. header("Location: index.php"); // redirect to main page ('index.php')
  103. exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  104. }
  105. }
  106. elseif ($displayType == "Display")
  107. {
  108. if (isset($_SESSION['user_permissions']) AND !preg_match("/allow_details_view/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable does NOT contain 'allow_details_view'...
  109. {
  110. // return an appropriate error message:
  111. $HeaderString = returnMsg($loc["NoPermission"] . $loc["NoPermission_ForDisplayDetails"] . "!", "warning", "strong", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php'
  112. if (!preg_match("/^cli/i", $client))
  113. header("Location: index.php"); // redirect to main page ('index.php')
  114. exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  115. }
  116. }
  117. elseif ($displayType == "Cite")
  118. {
  119. if (isset($_SESSION['user_permissions']) AND !preg_match("/allow_cite/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable does NOT contain 'allow_cite'...
  120. {
  121. // return an appropriate error message:
  122. $HeaderString = returnMsg($loc["NoPermission"] . $loc["NoPermission_ForCite"] . "!", "warning", "strong", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php'
  123. if (!preg_match("/^cli/i", $client))
  124. {
  125. if (preg_match("#/extract\.php#i", $referer)) // if the query was submitted by 'extract.php' (variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php')
  126. header("Location: " . $referer); // redirect to calling page
  127. else
  128. header("Location: index.php"); // redirect to main page ('index.php')
  129. }
  130. exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  131. }
  132. }
  133. elseif ($displayType == "Export")
  134. {
  135. if (isset($_SESSION['user_permissions']) AND !preg_match("/allow_export|allow_batch_export/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable does NOT contain either 'allow_export' or 'allow_batch_export'...
  136. {
  137. // return an appropriate error message:
  138. $HeaderString = returnMsg($loc["NoPermission"] . $loc["NoPermission_ForExport"] . "!", "warning", "strong", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php'
  139. if (!preg_match("/^cli/i", $client))
  140. header("Location: index.php"); // redirect to main page ('index.php')
  141. exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  142. }
  143. }
  144. if ($formType == "sqlSearch" AND preg_match("#/sql_search\.php#i", $referer))
  145. {
  146. // NOTES: - currently, we restrict this if clause to requests from 'sql_search.php'
  147. // - note that this if clause is in NO way fool-proof since it won't apply if:
  148. // - the SQL query gets sent from another (custom) script
  149. // - the '$referer' variable is empty or defaults to 'index.php'
  150. // - the SQL query contained in the 'search.php' request gets edited directly
  151. // - the other approach would be to disallow SQL searches (if the user has no permission to do so) from any but a few
  152. // selected scripts; however, at least the scripts 'search.php', 'opensearch.php', 'show.php', 'user_login.php' and
  153. // 'query_history.php' must be allowed
  154. // - in that case, 'show.php' should save the URL of the current 'show.php' request to the 'referer' session variable;
  155. // since function 'start_session()' prefers '$_SESSION['referer']' over '$_SERVER['HTTP_REFERER']', this means that
  156. // '$referer' then contains a 'show.php' URL and not e.g. a '*_search.php' URL; this, in turn, prevents the
  157. // "NoPermission_ForSQL" warning if a user clicked the "Show All" link in the header of any of the '*_search.php' pages
  158. // - however, since refbase currently relies heavily on embedded SQL queries, disallowing SQL searches from any but a few
  159. // selected scripts may fail in unforeseen cases; it would also prevent users to embed 'search.php' links in foreign pages
  160. // - since it would be always possible to edit the 'search.php' request directly, we currently just disallow SQL searches via
  161. // the GUI (i.e. the 'sql_search.php' form); BUT:
  162. // - note that further measures (e.g. to prevent cross-site scripting (XSS) attacks or access to unwanted SQL queries & tables)
  163. // are done below
  164. // TODO: is there a way to disallow manual SQL searches (if the user has no permission to do so) which still allows searches from
  165. // 'opensearch.php' & 'show.php' etc and which does not rely on any passed referrer?
  166. if (isset($_SESSION['user_permissions']) AND !preg_match("/allow_sql_search/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable does NOT contain 'allow_sql_search'...
  167. {
  168. // return an appropriate error message:
  169. $HeaderString = returnMsg($loc["NoPermission"] . $loc["NoPermission_ForSQL"] . "!", "warning", "strong", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php'
  170. if (!preg_match("/^cli/i", $client))
  171. {
  172. if (preg_match("#/sql_search\.php#i", $referer)) // if the sql query was entered in the form provided by 'sql_search.php'
  173. header("Location: " . $referer); // redirect to calling page
  174. else
  175. header("Location: index.php"); // redirect to main page ('index.php')
  176. }
  177. exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  178. }
  179. }
  180. // For a given display type, extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''):
  181. // ('' will produce the default 'Web' output style)
  182. if (isset($_REQUEST['viewType']))
  183. $viewType = ucfirst(strtolower($_REQUEST['viewType'])); // we normalize the case of passed values
  184. else
  185. $viewType = "";
  186. // Extract other variables from the request:
  187. if (isset($_REQUEST['sqlQuery']))
  188. $sqlQuery = $_REQUEST['sqlQuery'];
  189. else
  190. $sqlQuery = "";
  191. if (preg_match("/%20/", $sqlQuery)) // if '$sqlQuery' still contains URL encoded data... ('%20' is the URL encoded form of a space, see note below!)
  192. $sqlQuery = rawurldecode($sqlQuery); // URL decode SQL query (it was URL encoded before incorporation into hidden tags of the 'groupSearch', 'refineSearch', 'displayOptions' and 'queryResults' forms to avoid any HTML syntax errors)
  193. // NOTE: URL encoded data that are included within a *link* will get URL decoded automatically *before* extraction via '$_REQUEST'!
  194. // But, opposed to that, URL encoded data that are included within a form by means of a hidden form tag will *NOT* get URL decoded automatically! Then, URL decoding has to be done manually (as is done here)!
  195. if (isset($_REQUEST['showQuery']) AND ($_REQUEST['showQuery'] == "1"))
  196. $showQuery = "1";
  197. else
  198. $showQuery = "0"; // don't show the SQL query by default
  199. if (isset($_REQUEST['showLinks']) AND ($_REQUEST['showLinks'] == "0"))
  200. $showLinks = "0";
  201. else
  202. $showLinks = "1"; // show the links column by default
  203. if (isset($_REQUEST['showRows']) AND preg_match("/^[0-9]+$/", $_REQUEST['showRows'])) // NOTE: we cannot use "^[1-9]+[0-9]*$" here since 'maximumRecords=0' is used in 'opensearch.php' and 'sru.php' queries to return just the number of found records (and not the full record data)
  204. $showRows = $_REQUEST['showRows'];
  205. else
  206. $showRows = $_SESSION['userRecordsPerPage']; // get the default number of records per page preferred by the current user
  207. if (isset($_REQUEST['rowOffset']))
  208. {
  209. // Note: Besides passing the current value of '$rowOffset' within GET queries, this parameter was also included as a hidden tag into the 'queryResults' form.
  210. // This was done, so that the correct offset could be re-applied after the user pressed either of the 'Add' or 'Remove' buttons.
  211. // However, '$rowOffset' MUST NOT be set if the user clicked the 'Display' or 'Cite' button within the 'queryResults' form!
  212. // Therefore, we'll trap this case here:
  213. if (($formType != "queryResults") OR ($formType == "queryResults" AND !preg_match("/^(Display|Cite)$/", $displayType)))
  214. $rowOffset = $_REQUEST['rowOffset'];
  215. else // if ($formType == "queryResults" AND preg_match("/^(Display|Cite)$/", $displayType))
  216. $rowOffset = 0;
  217. }
  218. else
  219. $rowOffset = 0;
  220. if (isset($_REQUEST['wrapResults']) AND ($_REQUEST['wrapResults'] == "0"))
  221. $wrapResults = "0"; // 'wrapResults=0' causes refbase to output only a partial document structure containing solely the search results (e.g. for HTML, everything is omitted except for the <table> block containing the search results)
  222. else
  223. $wrapResults = "1"; // we'll output a full document (HTML, RTF, LaTeX, etc) structure unless the 'wrapResults' parameter is set explicitly to "0"
  224. // In order to generalize routines we have to query further variables here:
  225. if (isset($_REQUEST['citeStyle']) AND !empty($_REQUEST['citeStyle']))
  226. $citeStyle = $_REQUEST['citeStyle']; // get the cite style chosen by the user (only occurs in 'extract.php' form and in query result lists)
  227. else
  228. $citeStyle = $defaultCiteStyle; // if no cite style was given, we'll use the default cite style which is defined by the '$defaultCiteStyle' variable in 'ini.inc.php'
  229. if (preg_match("/%20/", $citeStyle)) // if '$citeStyle' still contains URL encoded data... ('%20' is the URL encoded form of a space, see note below!)
  230. $citeStyle = rawurldecode($citeStyle); // ...URL decode 'citeStyle' statement (it was URL encoded before incorporation into a hidden tag of the 'sqlSearch' form to avoid any HTML syntax errors)
  231. // NOTE: URL encoded data that are included within a *link* will get URL decoded automatically *before* extraction via '$_REQUEST'!
  232. // But, opposed to that, URL encoded data that are included within a form by means of a *hidden form tag* will NOT get URL decoded automatically! Then, URL decoding has to be done manually (as is done here)!
  233. if (isset($_REQUEST['exportFormat']) AND !empty($_REQUEST['exportFormat']))
  234. $exportFormat = $_REQUEST['exportFormat']; // get the export format style chosen by the user (only occurs in 'extract.php' form and in query result lists)
  235. else
  236. $exportFormat = $defaultExportFormat; // if no export format was given, we'll use the default export format which is defined by the '$defaultExportFormat' variable in 'ini.inc.php'
  237. if (preg_match("/%20/", $exportFormat)) // if '$exportFormat' still contains URL encoded data... ('%20' is the URL encoded form of a space, see note below!)
  238. $exportFormat = rawurldecode($exportFormat); // ...URL decode 'exportFormat' statement (it was URL encoded before incorporation into a hidden tag of the 'sqlSearch' form to avoid any HTML syntax errors)
  239. // NOTE: URL encoded data that are included within a *link* will get URL decoded automatically *before* extraction via '$_REQUEST'!
  240. // But, opposed to that, URL encoded data that are included within a form by means of a *hidden form tag* will NOT get URL decoded automatically! Then, URL decoding has to be done manually (as is done here)!
  241. // Standardize XML export format names:
  242. // NOTE: the below regex patterns are potentially too lax and might cause misbehaviour in case any custom export formats have been added
  243. if (preg_match("/^Atom/i", $exportFormat))
  244. $exportFormat = "Atom XML";
  245. elseif (preg_match("/^MODS/i", $exportFormat))
  246. $exportFormat = "MODS XML";
  247. elseif (preg_match("/^(OAI_)?DC/i", $exportFormat))
  248. $exportFormat = "OAI_DC XML";
  249. elseif (preg_match("/^ODF/i", $exportFormat))
  250. $exportFormat = "ODF XML";
  251. elseif (preg_match("/^SRW_DC/i", $exportFormat))
  252. $exportFormat = "SRW_DC XML";
  253. elseif (preg_match("/^SRW/i", $exportFormat))
  254. $exportFormat = "SRW_MODS XML";
  255. elseif (preg_match("/^Word/i", $exportFormat))
  256. $exportFormat = "Word XML";
  257. if (isset($_REQUEST['citeOrder']))
  258. $citeOrder = $_REQUEST['citeOrder']; // get information how the data should be sorted (only occurs in 'extract.php'/'sql_search' forms and in query result lists). If this param is set to 'year', records will be listed in blocks sorted by year.
  259. else
  260. $citeOrder = "";
  261. // get information how citation data shall be returned:
  262. // - 'html' => return citations as HTML with mime type 'text/html'
  263. // - 'RTF' => return citations as RTF data with mime type 'application/rtf'
  264. // - 'PDF' => return citations as PDF data with mime type 'application/pdf'
  265. // - 'LaTeX' => return citations as LaTeX data with mime type 'application/x-latex'
  266. // - 'Markdown' => return citations as Markdown TEXT data with mime type 'text/plain'
  267. // - 'ASCII' => return citations as TEXT data with mime type 'text/plain'
  268. // - 'LaTeX .bbl' => return citations as LaTeX .bbl file (for use with LaTeX/BibTeX) with mime type 'application/x-latex'
  269. if (isset($_REQUEST['citeType']) AND preg_match("/^(html|RTF|PDF|LaTeX|Markdown|ASCII|LaTeX \.bbl)$/i", $_REQUEST['citeType']) AND !preg_match("/^(Add|Remove)$/i", $displayType)) // we always return HTML if the user clicked either the 'Add' or the 'Remove' button
  270. $citeType = $_REQUEST['citeType'];
  271. else
  272. $citeType = "html";
  273. // get information how exported data shall be returned:
  274. // - 'text' => return data with mime type 'text/plain'
  275. // - 'html' => return data with mime type 'text/html'
  276. // - 'xml' => return data with mime type 'application/xml'
  277. // - 'rss' => return data with mime type 'application/rss+xml'
  278. // - 'file' => return data as downloadable file
  279. // - 'email' => send data as email (to the user's login email address)
  280. if (isset($_REQUEST['exportType']) AND preg_match("/^(text|html|xml|rss|file|email)$/i", $_REQUEST['exportType']))
  281. $exportType = $_REQUEST['exportType'];
  282. else
  283. $exportType = "html";
  284. if (isset($_REQUEST['exportStylesheet']))
  285. $exportStylesheet = $_REQUEST['exportStylesheet']; // extract any stylesheet information that has been specified for XML export formats
  286. else
  287. $exportStylesheet = "";
  288. if (isset($_REQUEST['orderBy']))
  289. $orderBy = $_REQUEST['orderBy']; // extract the current ORDER BY parameter so that it can be re-applied when displaying details (only occurs in query result lists)
  290. else
  291. $orderBy = "";
  292. if (preg_match("/%20/", $orderBy)) // if '$orderBy' still contains URL encoded data... ('%20' is the URL encoded form of a space, see note below!)
  293. $orderBy = rawurldecode($orderBy); // ...URL decode 'orderBy' statement (it was URL encoded before incorporation into a hidden tag of the 'queryResults' form to avoid any HTML syntax errors)
  294. // NOTE: URL encoded data that are included within a *link* will get URL decoded automatically *before* extraction via '$_REQUEST'!
  295. // But, opposed to that, URL encoded data that are included within a form by means of a *hidden form tag* will NOT get URL decoded automatically! Then, URL decoding has to be done manually (as is done here)!
  296. if ($orderBy == '') // if there's no ORDER BY parameter...
  297. $orderBy = "author, year DESC, publication"; // ...use the default ORDER BY clause
  298. if (isset($_REQUEST['headerMsg']))
  299. $headerMsg = $_REQUEST['headerMsg']; // get any custom header message (we strip any HTML tags from the custom header message below)
  300. // Note: this feature is provided in 'search.php' so that it's possible to include an information string within a link. This info string could
  301. // e.g. describe who's publications are being displayed (e.g.: "Publications of Matthias Steffens:"). I.e., a link pointing to a persons own
  302. // publications can include the appropriate owner information (it will show up as header message)
  303. else
  304. $headerMsg = "";
  305. if (preg_match("/%20/", $headerMsg)) // if '$headerMsg' still contains URL encoded data... ('%20' is the URL encoded form of a space, see notes above!)
  306. $headerMsg = rawurldecode($headerMsg); // ...URL decode 'headerMsg' statement (it was URL encoded before incorporation into a hidden tag of the 'displayOptions' form to avoid any HTML syntax errors)
  307. if (!empty($headerMsg))
  308. $headerMsg = stripTags($headerMsg); // strip any HTML tags from the custom header message to prevent cross-site scripting (XSS) attacks (function 'stripTags()' is defined in 'include.inc.php')
  309. if (isset($_SESSION['oldQuery']))
  310. $oldQuery = $_SESSION['oldQuery']; // get the query URL of the formerly displayed results page
  311. else
  312. $oldQuery = array();
  313. if (isset($_SESSION['queryHistory']))
  314. $queryHistory = $_SESSION['queryHistory']; // get any saved links to previous search results
  315. else
  316. $queryHistory = array();
  317. // Extract checkbox variable values from the request:
  318. if (isset($_REQUEST['marked']))
  319. $recordSerialsArray = $_REQUEST['marked']; // extract the values of all checked checkboxes (i.e., the serials of all selected records)
  320. else
  321. $recordSerialsArray = array();
  322. if (isset($_REQUEST['recordsSelectionRadio']))
  323. $recordsSelectionRadio = $_REQUEST['recordsSelectionRadio']; // for query results pages, extract user option whether we're supposed to process ALL records or just the ones that have been SELECTED on the current page
  324. else
  325. $recordsSelectionRadio = "1"; // process ALL records
  326. // check if the user did mark any checkboxes (and set up variables accordingly, they will be used within the 'displayDetails()', 'generateCitations()' and 'modifyUserGroups()' functions)
  327. if (preg_match("#[/_]search\.php#i", $referer) AND ($recordsSelectionRadio == "0") AND empty($recordSerialsArray)) // the "Selected Records" option was chosen, but NO checkboxes were marked
  328. $nothingChecked = true;
  329. else // the "All Found Records" option was chosen -OR- the "Selected Records" option was chosen and some checkboxes were marked -OR- the query resulted from another script like 'opensearch.php', 'show.php' or 'rss.php' (which has no checkboxes to mark!)
  330. $nothingChecked = false;
  331. // --------------------------------------------------------------------
  332. // VERIFY SQL QUERY:
  333. // Note that for user-generated SQL queries, further verification is done in function 'verifySQLQuery()'
  334. $notPermitted = false;
  335. // Prevent cross-site scripting (XSS) attacks:
  336. // Note that this is just a rough measure, everything that slips thru will get HTML encoded before output
  337. $htmlTagsArray = array("a", "applet", "base", "basefont", "bgsound", "blink", "body", "br", "div", "embed", "head", "html", "frame", "frameset", "ilayer", "iframe", "img", "input", "layer", "ilayer", "link", "meta", "script", "span", "style", "object", "table", "title", "xml");
  338. if (!empty($sqlQuery) AND preg_match("/(<|&lt;?|&#0*60;?|&#x0*3C;?|%3C|\\\\x3c|\\\\u003c)\/*(" . join("|", $htmlTagsArray) . ")/i", $sqlQuery)) // if the SQL query contains any unwanted HTML tags
  339. {
  340. $sqlQuery = preg_replace("/(<|&lt;?|&#0*60;?|&#x0*3C;?|%3C|\\\\x3c|\\\\u003c)\/*(" . join("|", $htmlTagsArray) . ").*?(>|&gt;?|&#0*62;?|&#x0*3E;?|%3E|\\\\x3e|\\\\u003e)*/i", "", $sqlQuery);
  341. $notPermitted = true;
  342. $HeaderString = $loc["NoPermission"] . $loc["NoPermission_ForThisQuery"] . "!";
  343. }
  344. // For a normal user we only allow the use of SELECT queries (the admin is allowed to do everything that is allowed by his GRANT privileges):
  345. // NOTE: This does only provide for minimal security!
  346. // To avoid further security risks you should grant the MySQL user (who's specified in 'db.inc.php') only those
  347. // permissions that are required to access the literature database. This can be done by use of a GRANT statement:
  348. // GRANT SELECT,INSERT,UPDATE,DELETE ON MYSQL_DATABASE_NAME_GOES_HERE.* TO MYSQL_USER_NAME_GOES_HERE@localhost IDENTIFIED BY 'MYSQL_PASSWORD_GOES_HERE';
  349. // if the SQL query isn't build from scratch but is accepted from user input (which is the case for the forms 'sqlSearch', 'duplicateSearch' and 'refineSearch'):
  350. if (!empty($sqlQuery) AND preg_match("/(sql|duplicate|refine)Search/i", $formType)) // the user used 'sql_search.php', 'duplicate_search.php' -OR- the "Search within Results" form above the query results list (that was produced by 'search.php')
  351. {
  352. if ((!isset($loginEmail)) OR ((isset($loginEmail)) AND ($loginEmail != $adminLoginEmail))) // if the user isn't logged in -OR- any normal user is logged in...
  353. {
  354. $all_fields = "author|author_count|online_citation|doi|online_publication|title|type|year|publication|abbrev_journal|volume|issue|pages|keywords|abstract|address|corporate_author|thesis|publisher|place|editor|language|summary_language|orig_title|series_editor|series_title|abbrev_series_title|series_volume|series_issue|edition|issn|isbn|medium|area|expedition|conference|notes|approved|contribution_id|online_publication|online_citation|created_date|created_time|created_by|modified_date|modified_time|modified_by|serial|call_number|marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related";
  355. if (isset($loginEmail))
  356. $all_fields .= "|location";
  357. $tablesArray = array($tableAuth, $tableDeleted, $tableDepends, $tableFormats, $tableLanguages, $tableQueries, $tableRefs, $tableStyles, $tableTypes, $tableUserData, $tableUserFormats, $tableUserOptions, $tableUserPermissions, $tableUserStyles, $tableUserTypes, $tableUsers);
  358. $forbiddenSQLCommandsArray = array("DROP DATABASE", "DROP TABLE"); // the refbase MySQL user shouldn't have permissions for these commands anyhow, but by listing & checking for them here, we can return a more appropriate error message
  359. // ...and the user did use anything other than a SELECT query:
  360. if (!preg_match("/^SELECT/i", $sqlQuery) OR preg_match("/" . join("|", $forbiddenSQLCommandsArray) . "/i", $sqlQuery))
  361. {
  362. $notPermitted = true;
  363. $HeaderString = $loc["NoPermission_ForSQLOtherThanSELECT"] . "!";
  364. }
  365. // ...or the user tries to SELECT stuff they really shouldn't
  366. elseif (!preg_match("/^SELECT ((" . $all_fields . "),* *)+ FROM/i", $sqlQuery))
  367. {
  368. $notPermitted = true;
  369. $HeaderString = $loc["NoPermission"] . $loc["NoPermission_ForThisQuery"] . "!";
  370. }
  371. // ...or the user tries to hack the SQL query (by providing e.g. the string "FROM refs" within the SELECT statement) -OR- if the user attempts to query anything other than the 'refs' or 'user_data' table:
  372. elseif ((preg_match("/FROM .*(" . join("|", $tablesArray) . ").+ FROM /i", $sqlQuery)) OR (!preg_match("/FROM $tableRefs( LEFT JOIN $tableUserData ON serial ?= ?record_id AND user_id ?= ?\d*)?(?= WHERE| ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|$)/i", $sqlQuery)))
  373. {
  374. $notPermitted = true;
  375. $HeaderString = $loc["NoPermission"] . $loc["NoPermission_ForThisQuery"] . "!";
  376. }
  377. }
  378. // note that besides the above validation, in case of 'duplicate_search.php' the SQL query will be further restricted so that generally only SELECT queries can be executed (this is handled by function 'findDuplicates()')
  379. }
  380. if ($notPermitted)
  381. {
  382. // return an appropriate error message:
  383. $HeaderString = returnMsg($HeaderString, "warning", "strong", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php'
  384. if (!preg_match("/^cli/i", $client))
  385. {
  386. if (preg_match("#/(sql|duplicate)_search\.php#i", $referer)) // if the sql query was entered in the form provided by 'sql_search.php' or 'duplicate_search.php'
  387. header("Location: " . $referer); // relocate back to the calling page
  388. else // if the user didn't come from 'sql_search.php' or 'duplicate_search.php' (e.g., if he attempted to hack parameters of a GET query directly)
  389. header("Location: index.php"); // relocate back to the main page
  390. }
  391. exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  392. }
  393. // --------------------------------------------------------------------
  394. // (1) OPEN CONNECTION, (2) SELECT DATABASE
  395. connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php'
  396. // --------------------------------------------------------------------
  397. if (isset($_REQUEST["loginEmail"]))
  398. $loginEmail = $_REQUEST["loginEmail"]; // extract the email address of the currently logged in user
  399. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  400. $userID = getUserID($loginEmail); // ...get the user's 'user_id' using his/her 'loginEmail' (function 'getUserID()' is defined in 'include.inc.php')
  401. else
  402. $userID = 0; // set variable to zero (a user with '$userID = 0' definitely doesn't exist) in order to prevent 'Undefined variable...' messages
  403. // --------------------------------------------------------------------
  404. // CONSTRUCT SQL QUERY from user input provided by any of the search forms:
  405. // --- Form 'sql_search.php': ------------------
  406. if ($formType == "sqlSearch") // the user either used the 'sql_search.php' form for searching -OR- used scripts like 'show.php' or 'rss.php' (which also use 'formType=sqlSearch')...
  407. {
  408. // verify the SQL query specified by the user and modify it if security concerns are encountered:
  409. // (this function does add/remove user-specific query code as required and will fix problems with escape sequences within the SQL query)
  410. $query = verifySQLQuery($sqlQuery, $referer, $displayType, $showLinks); // function 'verifySQLQuery()' is defined in 'include.inc.php' (since it's also used by 'rss.php')
  411. }
  412. // --- Form 'duplicate_search.php': ---------------
  413. elseif ($formType == "duplicateSearch") // the user used the 'duplicate_search.php' form for searching...
  414. {
  415. // find duplicate records within results of the given SQL query (using settings extracted from the 'duplicateSearch' form
  416. // in 'duplicate_search.php') and return a modified database query that only matches these duplicate entries:
  417. list($sqlQuery, $displayType) = findDuplicates($sqlQuery, $originalDisplayType);
  418. // by passing the generated SQL query thru the 'verifySQLQuery()' function we ensure that necessary fields are added as needed:
  419. // (this function does add/remove user-specific query code as required and will fix problems with escape sequences within the SQL query)
  420. $query = verifySQLQuery($sqlQuery, $referer, $displayType, $showLinks); // function 'verifySQLQuery()' is defined in 'include.inc.php' (since it's also used by 'rss.php')
  421. }
  422. // --- Form 'simple_search.php': ---------------
  423. elseif ($formType == "simpleSearch") // the user used the 'simple_search.php' form for searching...
  424. {
  425. $query = extractFormElementsSimple($showLinks, $userID);
  426. }
  427. // --- Form 'library_search.php': --------------
  428. elseif ($formType == "librarySearch") // the user used the 'library_search.php' form for searching...
  429. {
  430. $query = extractFormElementsLibrary($showLinks, $userID);
  431. }
  432. // --- Form 'advanced_search.php': -------------
  433. elseif ($formType == "advancedSearch") // the user used the 'advanced_search.php' form for searching...
  434. {
  435. $query = extractFormElementsAdvanced($showLinks, $loginEmail, $userID);
  436. }
  437. // --- Form within 'search.php': ---------------
  438. elseif ($formType == "refineSearch" OR $formType == "displayOptions") // the user used the "Search within Results" (or "Display Options") form above the query results list (that was produced by 'search.php')
  439. {
  440. list($query, $displayType) = extractFormElementsRefineDisplay($tableRefs, $displayType, $originalDisplayType, $sqlQuery, $showLinks, $citeOrder, $userID); // function 'extractFormElementsRefineDisplay()' is defined in 'include.inc.php' since it's also used by 'users.php'
  441. }
  442. // --- Form within 'search.php': ---------------
  443. elseif ($formType == "queryResults") // the user clicked one of the buttons under the query results list (that was produced by 'search.php')
  444. {
  445. list($query, $displayType) = extractFormElementsQueryResults($displayType, $originalDisplayType, $showLinks, $citeOrder, $orderBy, $userID, $sqlQuery, $referer, $recordSerialsArray, $recordsSelectionRadio);
  446. }
  447. // --- Form 'extract.php': ---------------------
  448. elseif ($formType == "extractSearch") // the user used the 'extract.php' form for searching...
  449. {
  450. $query = extractFormElementsExtract($showLinks, $citeOrder, $userID);
  451. }
  452. // --- My Refs Search Form within 'index.php': -------------------
  453. elseif ($formType == "myRefsSearch") // the user used the 'Show My Refs' search form on the main page ('index.php') for searching...
  454. {
  455. $query = extractFormElementsMyRefs($showLinks, $loginEmail, $userID);
  456. }
  457. // --- Quick Search Form within 'index.php': ---------------------
  458. elseif ($formType == "quickSearch") // the user used the 'Quick Search' form on the main page ('index.php') for searching...
  459. {
  460. list($query, $displayType) = extractFormElementsQuick($sqlQuery, $showLinks, $userID, $displayType, $originalDisplayType);
  461. }
  462. // --- Browse My Refs Form within 'index.php': -------------------
  463. elseif ($formType == "myRefsBrowse") // the user used the 'Browse My Refs' form on the main page ('index.php') for searching...
  464. {
  465. $query = extractFormElementsBrowseMyRefs($showLinks, $loginEmail, $userID);
  466. }
  467. // --- My Groups Search Form within 'index.php': ---------------------
  468. elseif ($formType == "groupSearch") // the user used the 'Show My Group' form on the main page ('index.php') or above the query results list (that was produced by 'search.php')
  469. {
  470. list($query, $displayType) = extractFormElementsGroup($sqlQuery, $showLinks, $userID, $displayType, $originalDisplayType);
  471. }
  472. // --------------------------------------------------------------------
  473. // this is to support the '$fileVisibilityException' feature from 'ini.inc.php':
  474. if (preg_match("/^SELECT/i", $query) AND ($displayType != "Browse") AND !empty($fileVisibilityException) AND !preg_match("/SELECT.+$fileVisibilityException[0].+FROM/i", $query)) // restrict adding of columns to SELECT queries (so that 'DELETE FROM refs ...' statements won't get modified as well);
  475. {
  476. $query = preg_replace("/(, orig_record)?(, serial)?(, file, url, doi, isbn, type)? FROM $tableRefs/i", ", $fileVisibilityException[0]\\1\\2\\3 FROM $tableRefs",$query); // add column that's given in '$fileVisibilityException'
  477. $addCounterMax = 1; // this will ensure that the added column won't get displayed within the 'displayColumns()' and 'displayDetails()' functions
  478. }
  479. else
  480. $addCounterMax = 0;
  481. // (3) RUN QUERY, (4) DISPLAY EXPORT FILE OR HEADER & RESULTS
  482. // (3) RUN the query on the database through the connection:
  483. $result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php'
  484. // (4) If the display type is 'Export', display the exported file...
  485. if (($displayType == "Export"))
  486. {
  487. // Find out how many rows are available:
  488. $rowsFound = @ mysqli_num_rows($result); // for all other display types, the '$rowsFound' variable is set within function 'seekInMySQLResultsToOffset()' (see below)
  489. if ($rowsFound > 0) // If there were rows found ...
  490. {
  491. generateExport($result, $rowOffset, $showRows, $exportFormat, $exportType, $exportStylesheet, $displayType, $viewType, $userID); // export records using the export format specified in '$exportFormat'
  492. // For export, we disconnect from the database and exit this php file:
  493. disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
  494. exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  495. }
  496. // else, if nothing was found, we proceed & return the "No records selected..." feedback (thru the 'displayColumns()' function)
  497. }
  498. // ...else, display HTML:
  499. // (4a) DISPLAY header:
  500. // First, build the appropriate SQL query in order to embed it into the 'your query' URL:
  501. if ($showLinks == "1")
  502. $query = preg_replace("/, file, url, doi, isbn, type FROM $tableRefs/i", " FROM $tableRefs", $query); // strip 'file', 'url', 'doi', 'isbn' & 'type columns from SQL query
  503. $query = preg_replace("/, serial FROM $tableRefs/i", " FROM $tableRefs", $query); // strip 'serial' column from SQL query
  504. $query = preg_replace("/, orig_record FROM $tableRefs/i", " FROM $tableRefs", $query); // strip 'orig_record' column from SQL query
  505. if (!empty($fileVisibilityException))
  506. $query = preg_replace("/, $fileVisibilityException[0] FROM $tableRefs/i", " FROM $tableRefs", $query); // strip column that's given in '$fileVisibilityException' (defined in 'ini.inc.php')
  507. if (preg_match("/(simple|advanced|library|quick)Search/", $formType)) // if $formType is "simpleSearch", "advancedSearch", "librarySearch" or "quickSearch" and there is more than one WHERE clause (indicated by '...AND...'):
  508. $query = preg_replace('/WHERE serial RLIKE "\.\+" AND/i', 'WHERE', $query); // strip first WHERE clause (which was added only due to an internal workaround)
  509. $queryURL = rawurlencode($query); // URL encode SQL query
  510. if (!preg_match("/^SELECT/i", $query)) // for queries other than SELECT queries (e.g. UPDATE, DELETE or INSERT queries that were executed by the admin via use of 'sql_search.php')
  511. $affectedRows = ($result ? mysqli_affected_rows ($connection) : 0); // get the number of rows that were modified (or return 0 if an error occurred)
  512. // If the previous query (which is stored in the 'oldQuery' session variable) is different
  513. // from the current query, we append it to the 'queryHistory' session variable:
  514. if (!empty($oldQuery))
  515. {
  516. // Extract the 'WHERE' clause from the current & the previous SQL query:
  517. $queryWhereClause = extractWHEREclause($query); // function 'extractWHEREclause()' is defined in 'include.inc.php'
  518. $oldQueryWhereClause = extractWHEREclause($oldQuery["sqlQuery"]);
  519. if ($queryWhereClause != $oldQueryWhereClause)
  520. {
  521. $oldQueryURL = generateURL("search.php", "html", $oldQuery, true); // function 'generateURL()' is defined in 'include.inc.php'
  522. $oldQueryTitle = encodeHTML(explainSQLQuery($oldQueryWhereClause)); // functions 'encodeHTML()' and 'explainSQLQuery()' are defined in 'include.inc.php'
  523. $queryHistory[] = "<a href=\"" . $oldQueryURL . "\">" . $oldQueryTitle . "</a>";
  524. if (count($queryHistory) > 30) // we only keep the 30 most recent queries
  525. array_shift($queryHistory); // remove the first array element (i.e. remove the oldest query) if there are more than 30 saved queries
  526. saveSessionVariable("queryHistory", $queryHistory);
  527. }
  528. }
  529. // Second, save the generated query to a session variable:
  530. // NOTE: we exclude queries for export formats & citation formats other than HTML
  531. // (otherwise the history list would contain links to non-HTML content such as RTF or BibTeX files)
  532. if (($displayType != "Export") AND preg_match("/^html$/i", $citeType))
  533. {
  534. $queryParametersArray = array("sqlQuery" => $query,
  535. "client" => $client,
  536. "formType" => "sqlSearch",
  537. "submit" => $displayType,
  538. "viewType" => $viewType,
  539. "showQuery" => $showQuery,
  540. "showLinks" => $showLinks,
  541. "showRows" => $showRows,
  542. "rowOffset" => $rowOffset,
  543. "wrapResults" => $wrapResults,
  544. "citeOrder" => $citeOrder,
  545. "citeStyle" => $citeStyle,
  546. "exportFormat" => $exportFormat,
  547. "exportType" => $exportType,
  548. "exportStylesheet" => $exportStylesheet,
  549. "citeType" => $citeType,
  550. "headerMsg" => $headerMsg
  551. );
  552. saveSessionVariable("oldQuery", $queryParametersArray);
  553. }
  554. // Third, find out how many rows are available and (if there were rows found) seek to the current offset:
  555. // Note that the 'seekInMySQLResultsToOffset()' function will also (re-)assign values to the variables
  556. // '$rowOffset', '$showRows', '$rowsFound', '$previousOffset', '$nextOffset' and '$showMaxRow'.
  557. list($result, $rowOffset, $showRows, $rowsFound, $previousOffset, $nextOffset, $showMaxRow) = seekInMySQLResultsToOffset($result, $rowOffset, $showRows, $displayType, $citeType); // function 'seekInMySQLResultsToOffset()' is defined in 'include.inc.php'
  558. // If the current result set contains multiple records, we save the generated query URL to yet another session variable:
  559. // (after a record has been successfully added/edited/deleted, this query will be included as a link ["Display previous search results"] in the feedback header message
  560. // if the SQL query in 'oldQuery' is different from that one stored in 'oldMultiRecordQuery', i.e. if 'oldQuery' points to a single record)
  561. if (($rowsFound > 1) AND ($displayType != "Export") AND preg_match("/^html$/i", $citeType)) // as above, we exclude queries for export formats & citation formats other than HTML
  562. saveSessionVariable("oldMultiRecordQuery", $queryParametersArray);
  563. // Fourth, setup an array of arrays holding URL and title information for all RSS/Atom feeds available on this page:
  564. // (appropriate <link...> tags will be included in the HTML header for every URL specified)
  565. $rssURLArray = array();
  566. if (isset($_SESSION['user_permissions']) AND preg_match("/allow_rss_feeds/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_rss_feeds'...
  567. {
  568. // ...extract the 'WHERE' clause from the SQL query to include it within the feed URL:
  569. $queryWhereClause = extractWHEREclause($query); // function 'extractWHEREclause()' is defined in 'include.inc.php'
  570. // generate an URL pointing to the RSS/Atom feed that matches the current query:
  571. $rssURL = generateURL("show.php", $defaultFeedFormat, array("where" => $queryWhereClause), true, $showRows); // function 'generateURL()' is defined in 'include.inc.php', variable '$defaultFeedFormat' is defined in 'ini.inc.php'
  572. // build a title string that matches the current query:
  573. // (alternatively we could always use: "records matching current query")
  574. $rssTitle = "records where " . encodeHTML(explainSQLQuery($queryWhereClause)); // functions 'encodeHTML()' and 'explainSQLQuery()' are defined in 'include.inc.php'
  575. $rssURLArray[] = array("href" => $rssURL,
  576. "title" => $rssTitle);
  577. }
  578. // Finally, build the appropriate header string (which is required as parameter to the 'showPageHeader()' function):
  579. if (!isset($_SESSION['HeaderString'])) // if there's no stored message available
  580. {
  581. if (!empty($headerMsg)) // if there's a custom header message available, e.g. one that describes who's literature is being displayed...
  582. {
  583. // ...we use that string as header message ('$headerMsg' could contain something like: "Literature of **Matthias Steffens**:"):
  584. // Perform search & replace actions on the provided header message (which will e.g. convert '**...**' to '<b>...</b>' etc):
  585. // (the array '$transtab_refbase_html' in 'transtab_refbase_html.inc.php' defines which search & replace actions will be employed)
  586. $HeaderString = searchReplaceText($transtab_refbase_html, encodeHTML($headerMsg), true); // functions 'searchReplaceText()' and 'encodeHTML()' are defined in 'include.inc.php'
  587. }
  588. else // provide the default message:
  589. {
  590. if (preg_match("/^SELECT/i", $query)) // for SELECT queries:
  591. {
  592. if ($rowsFound == 1)
  593. {
  594. if ($displayType == "Browse")
  595. $HeaderStringPart = " item ";
  596. else
  597. $HeaderStringPart = " record ";
  598. }
  599. else
  600. {
  601. if ($displayType == "Browse")
  602. $HeaderStringPart = " items ";
  603. else
  604. $HeaderStringPart = " records ";
  605. }
  606. $HeaderStringPart .= "found matching ";
  607. /* Removed 2016-Nov-5 to sanitizie HeaderString
  608. if (isset($_SESSION['user_permissions']) AND preg_match("/allow_sql_search/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_sql_search'...
  609. // ...generate a link to 'sql_search.php' with a custom SQL query that matches the current result set & display options:
  610. $HeaderString = $HeaderStringPart
  611. . "<a href=\"sql_search.php?customQuery=1"
  612. . "&amp;sqlQuery=" . $queryURL
  613. . "&amp;showQuery=" . $showQuery
  614. . "&amp;showLinks=" . $showLinks
  615. . "&amp;showRows=" . $showRows
  616. . "&amp;submit=" . $displayType
  617. . "&amp;citeStyle=" . rawurlencode($citeStyle)
  618. . "&amp;citeOrder=" . $citeOrder
  619. . "\"" . addAccessKey("attribute", "sql_query") . " title=\"modify your current query" . addAccessKey("title", "sql_query") . "\">your query</a>"; // function 'addAccessKey()' is defined in 'include.inc.php'
  620. else // use of 'sql_search.php' isn't allowed for this user */
  621. $HeaderString = $HeaderStringPart . "your query"; // so we omit the link
  622. /* Removed 2016-Nov-5 to sanitizie HeaderString
  623. // add query links:
  624. $queryLinksArray = array();
  625. if (isset($_SESSION['loginEmail']) AND (isset($_SESSION['user_permissions']) AND preg_match("/allow_user_queries/", $_SESSION['user_permissions']))) // if a user is logged in AND the 'user_permissions' session variable contains 'allow_user_queries'...
  626. {
  627. // ...we'll show a link to save the current query:
  628. $queryLinksArray[] = "<a href=\"query_manager.php?customQuery=1"
  629. . "&amp;sqlQuery=" . $queryURL
  630. . "&amp;showQuery=" . $showQuery
  631. . "&amp;showLinks=" . $showLinks
  632. . "&amp;showRows=" . $showRows
  633. . "&amp;displayType=" . $displayType
  634. . "&amp;citeStyle=" . rawurlencode($citeStyle)
  635. . "&amp;citeOrder=" . $citeOrder
  636. . "&amp;viewType=" . $viewType
  637. . "\"" . addAccessKey("attribute", "save_query") . " title=\"save your current query" . addAccessKey("title", "save_query") . "\">save</a>";
  638. }
  639. if (isset($_SESSION['user_permissions']) AND preg_match("/allow_rss_feeds/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_rss_feeds'...
  640. {
  641. // ...we'll display a link that will generate a dynamic RSS feed for the current query:
  642. $queryLinksArray[] = "<a href=\"" . $rssURL . "\" title=\"track newly added records matching your current query by subscribing to this RSS feed\">RSS</a>";
  643. }
  644. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  645. {
  646. // ...we'll show a link to find any duplicates within the current query results:
  647. $queryLinksArray[] = "<a href=\"duplicate_search.php?customQuery=1"
  648. . "&amp;sqlQuery=" . $queryURL
  649. . "&amp;showLinks=" . $showLinks
  650. . "&amp;showRows=" . $showRows
  651. . "&amp;originalDisplayType=" . $displayType
  652. . "&amp;citeStyle=" . rawurlencode($citeStyle)
  653. . "&amp;citeOrder=" . $citeOrder
  654. . "\"" . addAccessKey("attribute", "dups") . " title=\"find duplicates that match your current query" . addAccessKey("title", "dups") . "\">dups</a>";
  655. }
  656. if (isset($_SESSION['queryHistory']))
  657. {
  658. // ...include a link to display the query history (if any) for the user's current session:
  659. $queryLinksArray[] = "<a href=\"query_history.php"
  660. . "\"" . addAccessKey("attribute", "history") . " title=\"recall a previous query from your current session" . addAccessKey("title", "history") . "\">history</a>";
  661. }
  662. if (!empty($queryLinksArray))
  663. $HeaderString .= " (" . implode("&nbsp;|&nbsp;", $queryLinksArray) . ")";
  664. if ($showQuery == "1")
  665. $HeaderString .= ":\n<br>\n<br>\n<code>" . encodeHTML($query) . "</code>"; // function 'encodeHTML()' is defined in 'include.inc.php'
  666. else // $showQuery == "0" or wasn't specified */
  667. $HeaderString .= ":";
  668. if ($rowsFound > 0)
  669. $HeaderString = ($rowOffset + 1) . "-" . $showMaxRow . " of " . $rowsFound . $HeaderString;
  670. elseif ($rowsFound == 0)
  671. $HeaderString = $rowsFound . $HeaderString;
  672. else
  673. $HeaderString = $HeaderString; // well, this is actually bad coding but I do it for clearity reasons...
  674. }
  675. else // for queries other than SELECT queries (e.g. UPDATE, DELETE or INSERT queries that were executed by the admin via use of 'sql_search.php') display the number of rows that were modified:
  676. {
  677. if ($affectedRows == 1)
  678. $HeaderStringPart = " record was ";
  679. else
  680. $HeaderStringPart = " records were ";
  681. $HeaderString = $affectedRows . $HeaderStringPart . "affected by "
  682. . "<a href=\"sql_search.php?customQuery=1"
  683. . "&amp;sqlQuery=" . $queryURL
  684. . "&amp;showQuery=" . $showQuery
  685. . "&amp;showLinks=" . $showLinks
  686. . "&amp;showRows=" . $showRows
  687. . "&amp;submit=" . $displayType
  688. . "&amp;citeStyle=" . rawurlencode($citeStyle)
  689. . "&amp;citeOrder=" . $citeOrder
  690. . "\">your query</a>:";
  691. if ($showQuery == "1")
  692. $HeaderString .= "\n<br>\n<br>\n<code>" . encodeHTML($query) . "</code>";
  693. }
  694. }
  695. }
  696. else
  697. {
  698. $HeaderString = $_SESSION['HeaderString']; // extract 'HeaderString' session variable (only necessary if register globals is OFF!)
  699. // Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
  700. deleteSessionVariable("HeaderString"); // function 'deleteSessionVariable()' is defined in 'include.inc.php'
  701. }
  702. // Now, show the login status:
  703. showLogin(); // function 'showLogin()' is defined in 'include.inc.php'
  704. if (!preg_match("/^cli/i", $client) AND ($wrapResults != "0") AND (!(($displayType == "Cite") AND (!preg_match("/^html$/i", $citeType))) OR ($rowsFound == 0))) // we exclude the HTML page header for citation formats other than HTML if something was found
  705. {
  706. // Then, call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
  707. displayHTMLhead(encodeHTML($officialDatabaseName) . " -- Query Results", "index,follow", "Results from the " . encodeHTML($officialDatabaseName), "", true, "", $viewType, $rssURLArray);
  708. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!preg_match("/^inc/i", $client))) // Note: we omit the visible header in print/mobile view ('viewType=Print' or 'viewType=Mobile') and for include mechanisms!
  709. showPageHeader($HeaderString);
  710. }
  711. // (4b) DISPLAY results:
  712. if ($displayType == "Display") // display full record details (Details view)
  713. displayDetails($result, $rowsFound, $query, $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $previousOffset, $nextOffset, $wrapResults, $nothingChecked, $citeStyle, $citeOrder, $orderBy, $showMaxRow, $headerMsg, $userID, $displayType, $viewType, $addCounterMax, $formType);
  714. elseif ($displayType == "Cite") // return found records as citations (Citation view)
  715. generateCitations($result, $rowsFound, $query, $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $previousOffset, $nextOffset, $wrapResults, $nothingChecked, $citeStyle, $citeOrder, $citeType, $orderBy, $headerMsg, $userID, $viewType);
  716. else // produce the columnar output style (List view or Browse view)
  717. displayColumns($result, $rowsFound, $query, $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $previousOffset, $nextOffset, $wrapResults, $nothingChecked, $citeStyle, $citeOrder, $headerMsg, $userID, $displayType, $viewType, $addCounterMax, $formType);
  718. // --------------------------------------------------------------------
  719. // (5) CLOSE CONNECTION
  720. disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
  721. // --------------------------------------------------------------------
  722. // SHOW THE RESULTS IN AN HTML <TABLE> (columnar layout)
  723. function displayColumns($result, $rowsFound, $query, $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $previousOffset, $nextOffset, $wrapResults, $nothingChecked, $citeStyle, $citeOrder, $headerMsg, $userID, $displayType, $viewType, $addCounterMax, $formType)
  724. {
  725. global $searchReplaceActionsArray; // these variables are defined in 'ini.inc.php'
  726. global $databaseBaseURL;
  727. global $defaultDropDownFieldsEveryone;
  728. global $defaultDropDownFieldsLogin;
  729. global $displayResultsHeaderDefault;
  730. global $displayResultsFooterDefault;
  731. global $showFieldItemLinks;
  732. global $showLinkTypesInListView;
  733. global $maximumBrowseLinks;
  734. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  735. global $loc; // '$loc' is made globally available in 'core.php'
  736. global $client;
  737. if (preg_match("/.+LIMIT *[0-9]+/i",$query)) // query does contain the 'LIMIT' parameter
  738. $orderBy = preg_replace("/.+ORDER BY (.+) LIMIT.+/i","\\1",$query); // extract 'ORDER BY'... parameter (without including any 'LIMIT' parameter)
  739. else // query does not contain the 'LIMIT' parameter
  740. $orderBy = preg_replace("/.+ORDER BY (.+)/i","\\1",$query); // extract 'ORDER BY'... parameter
  741. if (($formType != "queryResults") OR (($formType == "queryResults") AND !($nothingChecked))) // some checkboxes were marked within the 'queryResults' form (or the request stems from a different script without checkboxes)
  742. {
  743. // If the query has results ...
  744. if ($rowsFound > 0)
  745. {
  746. // BEGIN RESULTS HEADER --------------------
  747. // 1) First, initialize some variables that we'll need later on
  748. if ($showLinks == "1" AND $displayType != "Browse") // we exclude the Browse view since it has a special type of 'Links' column and the 'file', 'url', 'doi', 'isbn' & 'type columns weren't included in the query
  749. $CounterMax = 5; // When displaying a 'Links' column truncate the last five columns (i.e., hide the 'file', 'url', 'doi', 'isbn' & 'type columns)
  750. else
  751. $CounterMax = 0; // Otherwise don't hide any columns
  752. // count the number of fields
  753. $fieldsFound = mysqli_num_fields($result);
  754. if ($displayType != "Browse")
  755. {
  756. // hide those last columns that were added by the script and not by the user
  757. $fieldsToDisplay = $fieldsFound-(2+$CounterMax+$addCounterMax); // (2+$CounterMax) -> $CounterMax is increased by 2 in order to hide the 'orig_record' & 'serial' columns (which were added to make checkboxes & dup warning work)
  758. // $addCounterMax is set to 1 when the field given in '$fileVisibilityException[0]' (defined in 'ini.inc.php') was added to the query, otherwise '$addCounterMax = 0'
  759. }
  760. else // for Browse view the 'orig_record' & 'serial' columns weren't included in the query
  761. $fieldsToDisplay = $fieldsFound;
  762. // Calculate the number of all visible columns (which is needed as colspan value inside some TD tags)
  763. if ($showLinks == "1")
  764. $NoColumns = (1+$fieldsToDisplay+1); // add checkbox & Links column
  765. else
  766. $NoColumns = (1+$fieldsToDisplay); // add checkbox column
  767. // Save the current List view query to a session variable:
  768. saveSessionVariable("lastListViewQuery", $query);
  769. // Defines field-specific search & replace 'actions' that will be applied to all those refbase
  770. // fields that are listed in the corresponding 'fields' element:
  771. // (These search and replace actions will be performed *in addition* to those specified globally
  772. // in '$searchReplaceActionsArray' (defined in 'ini.inc.php'). Same rules apply as for
  773. // '$searchReplaceActionsArray'.)
  774. $fieldSpecificSearchReplaceActionsArray = array(
  775. array(
  776. 'fields' => array("thesis", "approved", "marked", "copy", "selected"), // see also note for '$encodingExceptionsArray' below
  777. 'actions' => array("/(.+)/e" => "\$loc['\\1']") // use localized field values (e.g., in case of german we display 'ja' instead of 'yes', etc)
  778. ),
  779. array(
  780. 'fields' => array("type"),
  781. 'actions' => array("/(.+)/e" => "\$loc['type\\1']") // for the 'type' field, prefix variable with 'type' to match to localized value
  782. )
  783. );
  784. // NOTE: We substitute contents of the given fields with localized field values from variable
  785. // '$loc' (see '$fieldSpecificSearchReplaceActionsArray'). Since the locales in '$loc'
  786. // are already HTML encoded, we have to exclude these fields from any further HTML encoding.
  787. static $encodingExceptionsArray = array("thesis", "approved", "marked", "copy", "selected", "type");
  788. // Note: we omit the results header, browse links & query form for CLI clients, and when outputting only a partial document structure ('wrapResults=0')
  789. if (!preg_match("/^cli/i", $client) AND ($wrapResults != "0"))
  790. {
  791. // Note: we also omit the results header in print/mobile view! ('viewType=Print' or 'viewType=Mobile')
  792. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!isset($displayResultsHeaderDefault[$displayType]) OR (isset($displayResultsHeaderDefault[$displayType]) AND ($displayResultsHeaderDefault[$displayType] != "hidden"))))
  793. {
  794. if ($displayType == "Browse")
  795. $selectedField = preg_replace("/^SELECT (\w+).*/i","\\1", $query); // extract the field that's currently used in Browse view (so that we can re-select it in the drop-downs of the 'refineSearch' and 'displayOptions' forms)
  796. elseif (preg_match("/ WHERE [ ()]*(\w+)/i", $query)) // extract the first field from the 'WHERE' clause:
  797. $selectedField = preg_replace("/.+ WHERE [ ()]*(\w+).*/i", "\\1", $query);
  798. else
  799. $selectedField = "author"; // otherwise we'll select the 'author' field by default
  800. // Map MySQL field names to localized column names:
  801. $fieldNamesArray = mapFieldNames(true); // function 'mapFieldNames()' is defined in 'include.inc.php'
  802. $localizedDropDownFieldsArray = array();
  803. if (isset($_SESSION['loginEmail']) AND !empty($defaultDropDownFieldsLogin)) // if a user is logged in -AND- there were any additional fields specified...
  804. $dropDownFieldsArray = array_merge($defaultDropDownFieldsEveryone, $defaultDropDownFieldsLogin); // ...add these additional fields to the list of fields visible in the dropdown menus of the results header
  805. else
  806. $dropDownFieldsArray = $defaultDropDownFieldsEveryone;
  807. foreach ($dropDownFieldsArray as $field)
  808. {
  809. if (isset($fieldNamesArray[$field]))
  810. $localizedDropDownFieldsArray[$field] = $fieldNamesArray[$field];
  811. else // no localized field name exists, so we use the original field name
  812. $localizedDropDownFieldsArray[$field] = $field;
  813. }
  814. // 2) Build forms containing options to show the user's groups, refine the search results or change the displayed columns:
  815. // TODO for 2b+2c: should we allow users to choose via the web interface which columns are included in the popup menus?
  816. // 2a) Build a FORM with a popup containing the user's groups:
  817. $formElementsGroup = buildGroupSearchElements("search.php", $queryURL, $query, $showQuery, $showLinks, $showRows, $citeStyle, $citeOrder, $displayType); // function 'buildGroupSearchElements()' is defined in 'include.inc.php'
  818. // 2b) Build a FORM containing options to refine the search results:
  819. // Call the 'buildRefineSearchElements()' function (defined in 'include.inc.php') which does the actual work:
  820. $formElementsRefine = buildRefineSearchElements("search.php", $queryURL, $showQuery, $showLinks, $showRows, $citeStyle, $citeOrder, $localizedDropDownFieldsArray, $selectedField, $displayType);
  821. // 2c) Build a FORM containing display options (show/hide columns or change the number of records displayed per page):
  822. // Call the 'buildDisplayOptionsElements()' function (defined in 'include.inc.php') which does the actual work:
  823. $formElementsDisplayOptions = buildDisplayOptionsElements("search.php", $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $citeStyle, $citeOrder, $localizedDropDownFieldsArray, $selectedField, $fieldsToDisplay, $displayType, $headerMsg);
  824. echo displayResultsHeader("search.php", $formElementsGroup, $formElementsRefine, $formElementsDisplayOptions, $displayType); // function 'displayResultsHeader()' is defined in 'results_header.inc.php'
  825. // and insert a divider line (which separates the results header from the browse links & results data below):
  826. echo "\n<hr class=\"resultsheader\" align=\"center\" width=\"93%\">";
  827. }
  828. // 3) Build a TABLE with links for "previous" & "next" browsing, as well as links to intermediate pages
  829. // call the 'buildBrowseLinks()' function (defined in 'include.inc.php'):
  830. $BrowseLinks = buildBrowseLinks("search.php", $query, $NoColumns, $rowsFound, $showQuery, $showLinks, $showRows, $rowOffset, $previousOffset, $nextOffset, $wrapResults, $maximumBrowseLinks, "sqlSearch", $displayType, $citeStyle, $citeOrder, $orderBy, $headerMsg, $viewType);
  831. echo $BrowseLinks;
  832. // 4) Start a FORM
  833. if ((!preg_match("/^Print$/i", $viewType)) AND (!isset($displayResultsFooterDefault[$displayType]) OR (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] != "hidden"))))
  834. {
  835. echo "\n<form action=\"search.php\" method=\"GET\" name=\"queryResults\">"
  836. . "\n<input type=\"hidden\" name=\"formType\" value=\"queryResults\">"
  837. . "\n<input type=\"hidden\" name=\"submit\" value=\"Cite\">" // provide a default value for the 'submit' form tag (then, if any form element is selected, hitting <enter> will act as if the user clicked the 'Cite' button)
  838. . "\n<input type=\"hidden\" name=\"originalDisplayType\" value=\"$displayType\">" // embed the original value of the '$displayType' variable
  839. . "\n<input type=\"hidden\" name=\"orderBy\" value=\"" . rawurlencode($orderBy) . "\">" // embed the current ORDER BY parameter so that it can be re-applied when displaying details
  840. . "\n<input type=\"hidden\" name=\"showQuery\" value=\"$showQuery\">" // embed the current value of '$showQuery' so that it's available on 'display details' (batch display) & 'cite'
  841. . "\n<input type=\"hidden\" name=\"showLinks\" value=\"$showLinks\">" // embed the current value of '$showLinks' so that it's available on 'display details' (batch display) & 'cite'
  842. . "\n<input type=\"hidden\" name=\"showRows\" value=\"$showRows\">" // embed the current value of '$showRows' so that it's available on 'display details' (batch display) & 'cite'
  843. . "\n<input type=\"hidden\" name=\"rowOffset\" value=\"$rowOffset\">" // embed the current value of '$rowOffset' so that it can be re-applied after the user pressed either of the 'Add' or 'Remove' buttons within the 'queryResults' form
  844. // Note: the inclusion of '$rowOffset' here is only meant to support reloading of the same results page again after a user clicked the 'Add' or 'Remove' buttons
  845. // However, '$rowOffset' MUST NOT be set if the user clicked the 'Display' or 'Cite' button! Therefore we'll trap for this case at the top of the script.
  846. . "\n<input type=\"hidden\" name=\"sqlQuery\" value=\"$queryURL\">"; // embed the current sqlQuery so that it can be re-applied after the user pressed either of the 'Add' or 'Remove' buttons within the 'queryResults' form
  847. }
  848. }
  849. // 5) And start a TABLE, with column headers
  850. echo "\n<table id=\"columns\" class=\"results\" align=\"center\" border=\"0\" cellpadding=\"7\" cellspacing=\"0\" width=\"95%\" summary=\"This table holds the database results for your query\">";
  851. // for the column headers, start a TABLE ROW ...
  852. echo "\n<tr>";
  853. // ... print a marker ('x') column (which will hold the checkboxes within the results part)
  854. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!preg_match("/^cli/i", $client)) AND ($wrapResults != "0")) // Note: we omit the marker column in print/mobile view ('viewType=Print' or 'viewType=Mobile'), for CLI clients, and when outputting only a partial document structure ('wrapResults=0')!
  855. echo "\n\t<th align=\"left\" valign=\"top\">&nbsp;</th>";
  856. // for each of the attributes in the result set...
  857. for ($i=0; $i<$fieldsToDisplay; $i++)
  858. {
  859. // ... and print out each of the attribute names
  860. // in that row as a separate TH (Table Header)...
  861. $HTMLbeforeLink = "\n\t<th align=\"left\" valign=\"top\">"; // start the table header tag
  862. $HTMLafterLink = "</th>"; // close the table header tag
  863. // call the 'buildFieldNameLinks()' function (defined in 'include.inc.php'), which will return a properly formatted table header tag holding the current field's name
  864. // as well as the URL encoded query with the appropriate ORDER clause:
  865. $tableHeaderLink = buildFieldNameLinks("search.php", $query, "", $result, $i, $showQuery, $showLinks, $rowOffset, $showRows, $wrapResults, $citeStyle, $HTMLbeforeLink, $HTMLafterLink, "sqlSearch", $displayType, "", "", $headerMsg, $viewType);
  866. echo $tableHeaderLink; // print the attribute name as link
  867. }
  868. if (($showLinks == "1") AND ($displayType != "Browse"))
  869. {
  870. $newORDER = ("ORDER BY url DESC, doi DESC"); // Build the appropriate ORDER BY clause to facilitate sorting by Links column
  871. $HTMLbeforeLink = "\n\t<th align=\"left\" valign=\"top\">"; // start the table header tag
  872. $HTMLafterLink = "</th>"; // close the table header tag
  873. // call the 'buildFieldNameLinks()' function (defined in 'include.inc.php'), which will return a properly formatted table header tag holding the current field's name
  874. // as well as the URL encoded query with the appropriate ORDER clause:
  875. $tableHeaderLink = buildFieldNameLinks("search.php", $query, $newORDER, $result, $i, $showQuery, $showLinks, $rowOffset, $showRows, $wrapResults, $citeStyle, $HTMLbeforeLink, $HTMLafterLink, "sqlSearch", $displayType, $loc["Links"], "url", $headerMsg, $viewType);
  876. echo $tableHeaderLink; // print the attribute name as link
  877. }
  878. elseif (($showLinks == "1") AND ($displayType == "Browse"))
  879. {
  880. echo "\n\t<th align=\"left\" valign=\"top\">" // start the table header tag
  881. . "Show" // in Browse view we simply provide a static column header
  882. . "</th>"; // close the table header tag
  883. }
  884. // Finish the row
  885. echo "\n</tr>";
  886. // END RESULTS HEADER ----------------------
  887. // BEGIN RESULTS DATA COLUMNS --------------
  888. // Fetch one page of results (or less if on the last page)
  889. // (i.e., upto the limit specified in $showRows) fetch a row into the $row array and ...
  890. for ($rowCounter=0; (($rowCounter < $showRows) && ($row = @ mysqli_fetch_array($result))); $rowCounter++)
  891. {
  892. if (is_integer($rowCounter / 2)) // if we currently are at an even number of rows
  893. $rowClass = "even";
  894. else
  895. $rowClass = "odd";
  896. // ... start a TABLE ROW ...
  897. echo "\n<tr class=\"" . $rowClass . "\">";
  898. // ... print a column with a checkbox
  899. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!preg_match("/^cli/i", $client)) AND ($wrapResults != "0")) // Note: we omit the marker column in print/mobile view ('viewType=Print' or 'viewType=Mobile'), for CLI clients, and when outputting only a partial document structure ('wrapResults=0')!
  900. {
  901. echo "\n\t<td align=\"center\" valign=\"top\" width=\"10\">";
  902. // print a checkbox form element:
  903. if (!isset($displayResultsFooterDefault[$displayType]) OR (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] != "hidden")))
  904. {
  905. echo "\n\t\t<input type=\"checkbox\" onclick=\"updateAllRecs();\" name=\"marked[]\" value=\"";
  906. if ($displayType == "Browse")
  907. echo $row[0];
  908. else
  909. echo $row["serial"];
  910. echo "\" title=\"" . $loc["selectRecord"] . "\">";
  911. }
  912. if (!empty($row["orig_record"]))
  913. {
  914. if (!isset($displayResultsFooterDefault[$displayType]) OR (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] != "hidden")))
  915. echo "\n\t\t<br>";
  916. if ($row["orig_record"] < 0)
  917. echo "\n\t\t<img src=\"img/ok.gif\" alt=\"(" . $loc["original"] . ")\" title=\"" . $loc["originalRecord"] . "\" width=\"14\" height=\"16\" hspace=\"0\" border=\"0\">";
  918. else // $row["orig_record"] > 0
  919. echo "\n\t\t<img src=\"img/caution.gif\" alt=\"(" . $loc["duplicate"] . ")\" title=\"" . $loc["duplicateRecord"] . "\" width=\"5\" height=\"16\" hspace=\"0\" border=\"0\">";
  920. }
  921. if ($displayType != "Browse")
  922. {
  923. // add <abbr> block which works as a microformat that allows applications to identify objects on web pages; see <http://unapi.info/specs/> for more info
  924. echo "\n\t\t<div class=\"unapi\"><abbr class=\"unapi-id\" title=\"" . $databaseBaseURL . "show.php?record=" . $row["serial"] . "\"></abbr></div>";
  925. }
  926. echo "\n\t</td>";
  927. }
  928. // ... and print out each of the attributes
  929. // in that row as a separate TD (Table Data)
  930. for ($i=0; $i<$fieldsToDisplay; $i++)
  931. {
  932. // fetch the current attribute name:
  933. $orig_fieldname = getMySQLFieldInfo($result, $i, "name"); // function 'getMySQLFieldInfo()' is defined in 'include.inc.php'
  934. if (($displayType == "Browse") AND ($i == 0)) // in Browse view we save the first field name to yet another variable (since it'll be needed when generating correct queries in the Links column)
  935. $browseFieldName = $orig_fieldname;
  936. echo "\n\t<td valign=\"top\">";
  937. if (!empty($row[$i]))
  938. {
  939. // make field items into clickable search links:
  940. if (in_array($displayType, $showFieldItemLinks))
  941. // Note: function 'linkifyFieldItems()' will also call function 'encodeField()' to HTML
  942. // encode non-ASCII chars and to apply any field-specific search & replace actions
  943. echo linkifyFieldItems($orig_fieldname, $row[$i], $userID, $fieldSpecificSearchReplaceActionsArray, $encodingExceptionsArray, "/\s*[;]+\s*/", "; ", $showQuery, $showLinks, $showRows, $citeStyle, $citeOrder, $wrapResults, $displayType, $viewType); // function 'linkifyFieldItems()' is defined in 'include.inc.php'
  944. else // don't hotlink field items
  945. echo encodeField($orig_fieldname, $row[$i], $fieldSpecificSearchReplaceActionsArray, $encodingExceptionsArray); // function 'encodeField()' is defined in 'include.inc.php'
  946. }
  947. echo "</td>";
  948. }
  949. // embed appropriate links (if available):
  950. if (($showLinks == "1") AND ($displayType != "Browse")) // we exclude Browse view since it will need a different type of link query (see below)
  951. {
  952. echo "\n\t<td valign=\"top\">";
  953. // print out available links:
  954. // for List view, we'll use the '$showLinkTypesInListView' array that's defined in 'ini.inc.php'
  955. // to specify which links shall be displayed (if available and if 'showLinks == 1')
  956. // (for links of type DOI/URL/ISBN/XREF, only one link will be printed; order of preference: DOI, URL, ISBN, XREF)
  957. echo printLinks($showLinkTypesInListView, $row, $showQuery, $showLinks, $wrapResults, $userID, $viewType, $orderBy);
  958. echo "\n\t</td>";
  959. }
  960. // for Browse view we'll incorporate links that will show all records whose field (given in '$orig_fieldname') matches the current value (given in '$row[0]'):
  961. elseif (($showLinks == "1") AND ($displayType == "Browse"))
  962. {
  963. // ...extract the 'WHERE' clause from the SQL query to include it within the link URL:
  964. $queryWhereClause = extractWHEREclause($query); // function 'extractWHEREclause()' is defined in 'include.inc.php'
  965. $queryWhereClause = preg_replace('/^serial RLIKE "\.\+"/i', '', $queryWhereClause); // strip generic WHERE clause if present
  966. // Construct the SQL query:
  967. // TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
  968. $browseViewShowRecordsQuery = buildSELECTclause("", $showLinks, "", false, false); // function 'buildSELECTclause()' is defined in 'include.inc.php'
  969. $browseViewShowRecordsQuery .= " FROM " . $tableRefs; // add FROM clause
  970. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  971. $browseViewShowRecordsQuery .= " LEFT JOIN " . $tableUserData . " ON serial = record_id AND user_id = " . quote_smart($userID); // add LEFT JOIN part to FROM clause
  972. $browseViewShowRecordsQuery .= " WHERE "; // add WHERE clause
  973. if (!empty($queryWhereClause))
  974. $browseViewShowRecordsQuery .= $queryWhereClause . " AND ";
  975. $browseViewShowRecordsQuery .= $browseFieldName;
  976. if (!empty($row[0]))
  977. $browseViewShowRecordsQuery .= " = \"" . $row[0] . "\"";
  978. else
  979. $browseViewShowRecordsQuery .= " IS NULL";
  980. $browseViewShowRecordsQuery .= " ORDER BY author, year DESC, publication"; // add the default ORDER BY clause
  981. echo "\n\t<td valign=\"top\">";
  982. echo "\n\t\t<a href=\"search.php?sqlQuery=" . rawurlencode($browseViewShowRecordsQuery)
  983. . "&amp;formType=sqlSearch"
  984. . "&amp;showQuery=" . $showQuery
  985. . "&amp;showLinks=" . $showLinks
  986. . "&amp;showRows=" . $showRows
  987. . "&amp;submit="
  988. . "&amp;viewType=" . $viewType
  989. . "\"><img src=\"img/details.gif\" alt=\"records\" title=\"show records\" width=\"9\" height=\"17\" hspace=\"0\" border=\"0\"></a>&nbsp;&nbsp;";
  990. echo "\n\t</td>";
  991. }
  992. // Finish the row
  993. echo "\n</tr>";
  994. }
  995. // Finish the table
  996. echo "\n</table>";
  997. // END RESULTS DATA COLUMNS ----------------
  998. // BEGIN RESULTS FOOTER --------------------
  999. // Note: we omit the results footer, browse links & query form in print/mobile view ('viewType=Print' or 'viewType=Mobile'), for CLI clients, and when outputting only a partial document structure ('wrapResults=0')!
  1000. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!preg_match("/^cli/i", $client)) AND ($wrapResults != "0"))
  1001. {
  1002. // Again, insert the (already constructed) BROWSE LINKS
  1003. // (i.e., a TABLE with links for "previous" & "next" browsing, as well as links to intermediate pages)
  1004. echo $BrowseLinks;
  1005. // Build a results footer with form elements to cite, group or export all/selected records:
  1006. if (!isset($displayResultsFooterDefault[$displayType]) OR (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] != "hidden")))
  1007. {
  1008. if (isset($_SESSION['user_permissions']) AND ((isset($_SESSION['loginEmail']) AND preg_match("/allow_cite|allow_user_groups|allow_export|allow_batch_export/", $_SESSION['user_permissions'])) OR (!isset($_SESSION['loginEmail']) AND preg_match("/allow_cite|allow_export|allow_batch_export/", $_SESSION['user_permissions'])))) // if the 'user_permissions' session variable does contain any of the following: 'allow_cite' -AND- if logged in, aditionally: 'allow_user_groups', 'allow_export', 'allow_batch_export'...
  1009. // ...Insert a divider line (which separates the results data from the forms in the footer):
  1010. echo "\n<hr class=\"resultsfooter\" align=\"center\" width=\"93%\">";
  1011. // Call the 'buildResultsFooter()' function (which does the actual work):
  1012. $ResultsFooter = buildResultsFooter($showRows, $citeStyle, $citeOrder, $displayType, $headerMsg);
  1013. echo $ResultsFooter;
  1014. }
  1015. }
  1016. // END RESULTS FOOTER ----------------------
  1017. // Finally, finish the form
  1018. if ((!preg_match("/^Print$/i", $viewType)) AND (!preg_match("/^cli/i", $client)) AND ($wrapResults != "0") AND (!isset($displayResultsFooterDefault[$displayType]) OR (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] != "hidden"))))
  1019. echo "\n</form>";
  1020. }
  1021. else
  1022. {
  1023. // Report that nothing was found:
  1024. $nothingFoundFeedback = nothingFound(false); // This is a clumsy workaround: by pretending that there were some records marked by the user ($nothingChecked = false) we force the 'nothingFound()' function to output "Sorry, but your query didn't produce any results!" instead of "No records selected..."
  1025. echo $nothingFoundFeedback;
  1026. }// end if $rowsFound body
  1027. }
  1028. else // if the user clicked either the 'Add' or the 'Remove' button on a search results page but did not mark some checkboxes in front of the records, we display a "No records selected..." warning:
  1029. {
  1030. // Report that nothing was selected:
  1031. $nothingFoundFeedback = nothingFound($nothingChecked);
  1032. echo $nothingFoundFeedback;
  1033. }
  1034. }
  1035. // --------------------------------------------------------------------
  1036. // SHOW THE RESULTS IN AN HTML <TABLE> (horizontal layout)
  1037. function displayDetails($result, $rowsFound, $query, $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $previousOffset, $nextOffset, $wrapResults, $nothingChecked, $citeStyle, $citeOrder, $orderBy, $showMaxRow, $headerMsg, $userID, $displayType, $viewType, $addCounterMax, $formType)
  1038. {
  1039. global $filesBaseURL; // these variables are defined in 'ini.inc.php'
  1040. global $searchReplaceActionsArray;
  1041. global $databaseBaseURL;
  1042. global $defaultDropDownFieldsEveryone;
  1043. global $defaultDropDownFieldsLogin;
  1044. global $displayResultsHeaderDefault;
  1045. global $displayResultsFooterDefault;
  1046. global $showFieldItemLinks;
  1047. global $fileVisibility;
  1048. global $fileVisibilityException;
  1049. global $maximumBrowseLinks;
  1050. global $openURLResolver;
  1051. global $isbnURLFormat;
  1052. global $loc; // '$loc' is made globally available in 'core.php'
  1053. global $client;
  1054. if (($formType != "queryResults") OR (($formType == "queryResults") AND !($nothingChecked))) // some checkboxes were marked within the 'queryResults' form (or the request stems from a different script without checkboxes)
  1055. {
  1056. // If the query has results ...
  1057. if ($rowsFound > 0)
  1058. {
  1059. // BEGIN RESULTS HEADER --------------------
  1060. // 1) First, initialize some variables that we'll need later on
  1061. if ($showLinks == "1")
  1062. $CounterMax = 5; // When displaying a 'Links' column truncate the last five columns (i.e., hide the 'file', 'url', 'doi', 'isbn' & 'type columns)
  1063. else
  1064. $CounterMax = 0; // Otherwise don't hide any columns
  1065. if (isset($_SESSION['loginEmail']) AND (preg_match("/SELECT .*?\brelated\b.*? FROM /i", $query))) // if a user is logged in, and the 'related' field is part of the SQL SELECT clause...
  1066. $CounterMax = ($CounterMax + 1); // ...we'll also need to hide the 'related' column (which isn't displayed in Details view but is only used to generate a link to related records)
  1067. // count the number of fields
  1068. $fieldsFound = mysqli_num_fields($result);
  1069. // hide those last columns that were added by the script and not by the user
  1070. $fieldsToDisplay = $fieldsFound-(2+$CounterMax+$addCounterMax); // (2+$CounterMax) -> $CounterMax is increased by 2 in order to hide the 'orig_record' & 'serial' columns (which were added to make checkboxes & dup warning work)
  1071. // $addCounterMax is set to 1 when the field given in '$fileVisibilityException[0]' (defined in 'ini.inc.php') was added to the query, otherwise '$addCounterMax = 0'
  1072. // In summary, when displaying a 'Links' column AND with a user being logged in AND with '$addCounterMax = 1', we hide the following fields: 'related, (the field given in '$fileVisibilityException[0]'), orig_record, serial, file, url, doi, isbn, type' (i.e., truncate the last nine columns)
  1073. // Calculate the number of all visible columns (which is needed as colspan value inside some TD tags)
  1074. if ($showLinks == "1") // in 'display details' layout, we simply set it to a fixed no of columns:
  1075. $NoColumns = 8; // 8 columns: checkbox, 3 x (field name + field contents), links
  1076. else
  1077. $NoColumns = 7; // 7 columns: checkbox, field name, field contents
  1078. // Save the current Details view query to a session variable:
  1079. saveSessionVariable("lastDetailsViewQuery", $query);
  1080. // Defines field-specific search & replace 'actions' that will be applied to all those refbase
  1081. // fields that are listed in the corresponding 'fields' element:
  1082. // (These search and replace actions will be performed *in addition* to those specified globally
  1083. // in '$searchReplaceActionsArray' (defined in 'ini.inc.php'). Same rules apply as for
  1084. // '$searchReplaceActionsArray'.)
  1085. $fieldSpecificSearchReplaceActionsArray = array(
  1086. array(
  1087. 'fields' => array("abstract"),
  1088. 'actions' => array("/[\r\n]+/" => "<br><br>") // for the 'abstract' field, transform runs of newline ('\n') or return ('\r') characters into two <br> tags
  1089. ),
  1090. array(
  1091. 'fields' => array("thesis", "approved", "marked", "copy", "selected"), // see also note for '$encodingExceptionsArray' below
  1092. 'actions' => array("/(.+)/e" => "\$loc['\\1']") // use localized field values (e.g., in case of german we display 'ja' instead of 'yes', etc)
  1093. ),
  1094. array(
  1095. 'fields' => array("type"),
  1096. 'actions' => array("/(.+)/e" => "\$loc['type\\1']") // for the 'type' field, prefix variable with 'type' to match to localized value
  1097. )
  1098. );
  1099. // NOTE: We substitute contents of the given fields with localized field values from variable
  1100. // '$loc' (see '$fieldSpecificSearchReplaceActionsArray'). Since the locales in '$loc'
  1101. // are already HTML encoded, we have to exclude these fields from any further HTML encoding.
  1102. static $encodingExceptionsArray = array("thesis", "approved", "marked", "copy", "selected", "type");
  1103. // Note: we omit the results header, browse links & query form for CLI clients, and when outputting only a partial document structure ('wrapResults=0')
  1104. if (!preg_match("/^cli/i", $client) AND ($wrapResults != "0"))
  1105. {
  1106. // Note: we also omit the results header in print/mobile view! ('viewType=Print' or 'viewType=Mobile')
  1107. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!isset($displayResultsHeaderDefault[$displayType]) OR (isset($displayResultsHeaderDefault[$displayType]) AND ($displayResultsHeaderDefault[$displayType] != "hidden"))))
  1108. {
  1109. // Extract the first field from the 'WHERE' clause:
  1110. if (preg_match("/ WHERE [ ()]*(\w+)/i", $query))
  1111. $selectedField = preg_replace("/.+ WHERE [ ()]*(\w+).*/i", "\\1", $query);
  1112. else
  1113. $selectedField = "author"; // in the 'Search within Results" form, we'll select the 'author' field by default
  1114. // Map MySQL field names to localized column names:
  1115. $fieldNamesArray = mapFieldNames(true); // function 'mapFieldNames()' is defined in 'include.inc.php'
  1116. $localizedDropDownFieldsArray = array();
  1117. if (isset($_SESSION['loginEmail']) AND !empty($defaultDropDownFieldsLogin)) // if a user is logged in -AND- there were any additional fields specified...
  1118. $dropDownFieldsArray = array_merge($defaultDropDownFieldsEveryone, $defaultDropDownFieldsLogin); // ...add these additional fields to the list of fields visible in the dropdown menus of the results header
  1119. else
  1120. $dropDownFieldsArray = $defaultDropDownFieldsEveryone;
  1121. foreach ($dropDownFieldsArray as $field)
  1122. {
  1123. if (isset($fieldNamesArray[$field]))
  1124. $localizedDropDownFieldsArray[$field] = $fieldNamesArray[$field];
  1125. else // no localized field name exists, so we use the original field name
  1126. $localizedDropDownFieldsArray[$field] = $field;
  1127. }
  1128. // Define option values for the display options dropdown menu:
  1129. $displayOptionsDropDownItemsArray = array("all fields" => $loc["DropDownFieldName_AllFields"],
  1130. "keywords, abstract" => $loc["DropDownFieldName_KeywordsAbstract"],
  1131. "additional fields" => $loc["DropDownFieldName_AdditionalFields"]);
  1132. if (isset($_SESSION['loginEmail'])) // if a user is logged in
  1133. $displayOptionsDropDownItemsArray["my fields"] = $loc["DropDownFieldName_MyFields"];
  1134. // 2) Build forms containing options to show the user's groups, refine the search results or change the displayed columns:
  1135. // TODO for 2b+2c: should we allow users to choose via the web interface which columns are included in the popup menus?
  1136. // 2a) Build a FORM with a popup containing the user's groups:
  1137. $formElementsGroup = buildGroupSearchElements("search.php", $queryURL, $query, $showQuery, $showLinks, $showRows, $citeStyle, $citeOrder, $displayType); // function 'buildGroupSearchElements()' is defined in 'include.inc.php'
  1138. // 2b) Build a FORM containing options to refine the search results:
  1139. // Call the 'buildRefineSearchElements()' function (defined in 'include.inc.php') which does the actual work:
  1140. $formElementsRefine = buildRefineSearchElements("search.php", $queryURL, $showQuery, $showLinks, $showRows, $citeStyle, $citeOrder, $localizedDropDownFieldsArray, $selectedField, $displayType);
  1141. // 2c) Build a FORM containing display options (show/hide columns or change the number of records displayed per page):
  1142. // Call the 'buildDisplayOptionsElements()' function (defined in 'include.inc.php') which does the actual work:
  1143. $formElementsDisplayOptions = buildDisplayOptionsElements("search.php", $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $citeStyle, $citeOrder, $displayOptionsDropDownItemsArray, "", $fieldsToDisplay, $displayType, $headerMsg);
  1144. echo displayResultsHeader("search.php", $formElementsGroup, $formElementsRefine, $formElementsDisplayOptions, $displayType); // function 'displayResultsHeader()' is defined in 'results_header.inc.php'
  1145. // and insert a divider line (which separates the results header from the browse links & results data below):
  1146. echo "\n<hr class=\"resultsheader\" align=\"center\" width=\"93%\">";
  1147. }
  1148. // 3) Build a TABLE with links for "previous" & "next" browsing, as well as links to intermediate pages
  1149. // call the 'buildBrowseLinks()' function (defined in 'include.inc.php'):
  1150. $BrowseLinks = buildBrowseLinks("search.php", $query, $NoColumns, $rowsFound, $showQuery, $showLinks, $showRows, $rowOffset, $previousOffset, $nextOffset, $wrapResults, $maximumBrowseLinks, "sqlSearch", "Display", $citeStyle, $citeOrder, $orderBy, $headerMsg, $viewType);
  1151. echo $BrowseLinks;
  1152. // 4) Start a FORM
  1153. if ((!preg_match("/^Print$/i", $viewType)) AND (!isset($displayResultsFooterDefault[$displayType]) OR (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] != "hidden"))))
  1154. {
  1155. echo "\n<form action=\"search.php\" method=\"GET\" name=\"queryResults\">"
  1156. . "\n<input type=\"hidden\" name=\"formType\" value=\"queryResults\">"
  1157. . "\n<input type=\"hidden\" name=\"submit\" value=\"Cite\">" // provide a default value for the 'submit' form tag (then, if any form element is selected, hitting <enter> will act as if the user clicked the 'Cite' button)
  1158. . "\n<input type=\"hidden\" name=\"originalDisplayType\" value=\"$displayType\">" // embed the original value of the '$displayType' variable
  1159. . "\n<input type=\"hidden\" name=\"orderBy\" value=\"" . rawurlencode($orderBy) . "\">" // embed the current ORDER BY parameter so that it can be re-applied when displaying details
  1160. . "\n<input type=\"hidden\" name=\"showQuery\" value=\"$showQuery\">" // embed the current value of '$showQuery' so that it's available on 'display details' (batch display) & 'cite'
  1161. . "\n<input type=\"hidden\" name=\"showLinks\" value=\"$showLinks\">" // embed the current value of '$showLinks' so that it's available on 'display details' (batch display) & 'cite'
  1162. . "\n<input type=\"hidden\" name=\"showRows\" value=\"$showRows\">" // embed the current value of '$showRows' so that it's available on 'display details' (batch display) & 'cite'
  1163. . "\n<input type=\"hidden\" name=\"rowOffset\" value=\"$rowOffset\">" // embed the current value of '$rowOffset' so that it can be re-applied after the user pressed either of the 'Add' or 'Remove' buttons within the 'queryResults' form
  1164. // Note: the inclusion of '$rowOffset' here is only meant to support reloading of the same results page again after a user clicked the 'Add' or 'Remove' buttons
  1165. // However, '$rowOffset' MUST NOT be set if the user clicked the 'Display' or 'Cite' button! Therefore we'll trap for this case at the top of the script.
  1166. . "\n<input type=\"hidden\" name=\"sqlQuery\" value=\"$queryURL\">"; // embed the current sqlQuery so that it can be re-applied after the user pressed either of the 'Add' or 'Remove' buttons within the 'queryResults' form
  1167. }
  1168. }
  1169. // 5) And start a TABLE, with column headers
  1170. echo "\n<table id=\"details\" class=\"results\" align=\"center\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"95%\" summary=\"This table holds the database results for your query\">";
  1171. // for the column headers, start a TABLE ROW ...
  1172. echo "\n<tr>";
  1173. // ... print a marker ('x') column (which will hold the checkboxes within the results part)
  1174. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!preg_match("/^cli/i", $client)) AND ($wrapResults != "0")) // Note: we omit the marker column in print/mobile view ('viewType=Print' or 'viewType=Mobile'), for CLI clients, and when outputting only a partial document structure ('wrapResults=0')!
  1175. echo "\n\t<th align=\"left\" valign=\"top\">&nbsp;</th>";
  1176. // ... print a record header
  1177. if (($showMaxRow-$rowOffset) == "1") // '$showMaxRow-$rowOffset' gives the number of displayed records for a particular page) // '($rowsFound == "1" || $showRows == "1")' wouldn't trap the case of a single record on the last of multiple results pages!
  1178. $recordHeader = $loc["Record"]; // use singular form if there's only one record to display
  1179. else
  1180. $recordHeader = $loc["Records"]; // use plural form if there are multiple records to display
  1181. echo "\n\t<th align=\"left\" valign=\"top\" colspan=\"6\">$recordHeader</th>";
  1182. if ($showLinks == "1")
  1183. {
  1184. $newORDER = ("ORDER BY url DESC, doi DESC"); // Build the appropriate ORDER BY clause to facilitate sorting by Links column
  1185. $HTMLbeforeLink = "\n\t<th align=\"left\" valign=\"top\">"; // start the table header tag
  1186. $HTMLafterLink = "</th>"; // close the table header tag
  1187. // call the 'buildFieldNameLinks()' function (defined in 'include.inc.php'), which will return a properly formatted table header tag holding the current field's name
  1188. // as well as the URL encoded query with the appropriate ORDER clause:
  1189. $tableHeaderLink = buildFieldNameLinks("search.php", $query, $newORDER, $result, "", $showQuery, $showLinks, $rowOffset, $showRows, $wrapResults, $citeStyle, $HTMLbeforeLink, $HTMLafterLink, "sqlSearch", "Display", $loc["Links"], "url", $headerMsg, $viewType);
  1190. echo $tableHeaderLink; // print the attribute name as link
  1191. }
  1192. // Finish the row
  1193. echo "\n</tr>";
  1194. // END RESULTS HEADER ----------------------
  1195. // BEGIN RESULTS DATA COLUMNS --------------
  1196. // Fetch one page of results (or less if on the last page)
  1197. // (i.e., upto the limit specified in $showRows) fetch a row into the $row array and ...
  1198. for ($rowCounter=0; (($rowCounter < $showRows) && ($row = @ mysqli_fetch_array($result))); $rowCounter++)
  1199. {
  1200. // ... print out each of the attributes
  1201. // in that row as a separate TR (Table Row)
  1202. $recordData = ""; // make sure that buffer variable is empty
  1203. for ($i=0; $i<$fieldsToDisplay; $i++)
  1204. {
  1205. // fetch the current attribute name:
  1206. $orig_fieldname = getMySQLFieldInfo($result, $i, "name"); // function 'getMySQLFieldInfo()' is defined in 'include.inc.php'
  1207. // for all the fields specified (-> all fields to the left):
  1208. if (preg_match("/^(author|title|year|volume|corporate_author|address|keywords|abstract|publisher|language|series_editor|series_volume|issn|area|notes|location|call_number|marked|user_keys|user_notes|user_groups|created_date|modified_date)$/", $orig_fieldname))
  1209. {
  1210. $recordData .= "\n<tr>"; // ...start a new TABLE row
  1211. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!preg_match("/^cli/i", $client)) AND ($wrapResults != "0")) // Note: we omit the marker column in print/mobile view ('viewType=Print' or 'viewType=Mobile'), for CLI clients, and when outputting only a partial document structure ('wrapResults=0')!
  1212. {
  1213. if ($i == 0) // ... print a column with a checkbox if it's the first row of attribute data:
  1214. $recordData .= "\n\t<td align=\"left\" valign=\"top\" width=\"10\"><input type=\"checkbox\" onclick=\"updateAllRecs();\" name=\"marked[]\" value=\"" . $row["serial"] . "\" title=\"" . $loc["selectRecord"] . "\"></td>";
  1215. else // ... otherwise simply print an empty TD tag:
  1216. $recordData .= "\n\t<td valign=\"top\" width=\"10\">&nbsp;</td>";
  1217. }
  1218. }
  1219. // ... and print out each of the ATTRIBUTE NAMES:
  1220. // in that row as a bold link...
  1221. if (preg_match("/^(author|title|type|year|publication|abbrev_journal|volume|issue|pages|call_number|serial)$/", $orig_fieldname)) // print a colored background (grey, by default)
  1222. {
  1223. $HTMLbeforeLink = "\n\t<td valign=\"top\" width=\"75\" class=\"mainfieldsbg\"><b>"; // start the (bold) TD tag
  1224. $HTMLafterLink = "</b></td>"; // close the (bold) TD tag
  1225. }
  1226. elseif (preg_match("/^(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key)$/", $orig_fieldname)) // print a colored background (light orange, by default) for all the user specific fields
  1227. {
  1228. $HTMLbeforeLink = "\n\t<td valign=\"top\" width=\"75\" class=\"userfieldsbg\"><b>"; // start the (bold) TD tag
  1229. $HTMLafterLink = "</b></td>"; // close the (bold) TD tag
  1230. }
  1231. else // no colored background (by default)
  1232. {
  1233. $HTMLbeforeLink = "\n\t<td valign=\"top\" width=\"75\" class=\"otherfieldsbg\"><b>"; // start the (bold) TD tag
  1234. $HTMLafterLink = "</b></td>"; // close the (bold) TD tag
  1235. }
  1236. // call the 'buildFieldNameLinks()' function (defined in 'include.inc.php'), which will return a properly formatted table data tag holding the current field's name
  1237. // as well as the URL encoded query with the appropriate ORDER clause:
  1238. $recordData .= buildFieldNameLinks("search.php", $query, "", $result, $i, $showQuery, $showLinks, $rowOffset, $showRows, $wrapResults, $citeStyle, $HTMLbeforeLink, $HTMLafterLink, "sqlSearch", "Display", "", "", $headerMsg, $viewType);
  1239. // print the ATTRIBUTE DATA:
  1240. // first, calculate the correct colspan value for all the fields specified:
  1241. if (preg_match("/^(author|address|keywords|abstract|location|user_keys)$/", $orig_fieldname))
  1242. $ColspanFields = 5; // supply an appropriate colspan value
  1243. elseif (preg_match("/^(title|corporate_author|notes|call_number|user_notes|user_groups)$/", $orig_fieldname))
  1244. $ColspanFields = 3; // supply an appropriate colspan value
  1245. // then, start the TD tag, for all the fields specified:
  1246. if (preg_match("/^(author|title|corporate_author|address|keywords|abstract|notes|location|call_number|user_keys|user_notes|user_groups)$/", $orig_fieldname)) // WITH colspan attribute:
  1247. {
  1248. if (preg_match("/^(author|title|call_number)$/", $orig_fieldname)) // print a colored background (grey, by default)
  1249. $recordData .= "\n\t<td valign=\"top\" colspan=\"$ColspanFields\" class=\"mainfieldsbg\">"; // ...with colspan attribute & appropriate value
  1250. elseif (preg_match("/^(user_keys|user_notes|user_file|user_groups)$/", $orig_fieldname)) // print a colored background (light orange, by default) for all the user specific fields
  1251. $recordData .= "\n\t<td valign=\"top\" colspan=\"$ColspanFields\" class=\"userfieldsbg\">"; // ...with colspan attribute & appropriate value
  1252. else // no colored background (by default)
  1253. $recordData .= "\n\t<td valign=\"top\" colspan=\"$ColspanFields\" class=\"otherfieldsbg\">"; // ...with colspan attribute & appropriate value
  1254. }
  1255. else // for all other fields WITHOUT colspan attribute:
  1256. {
  1257. if (preg_match("/^(type|year|publication|abbrev_journal|volume|issue|pages|serial)$/", $orig_fieldname)) // print a colored background (grey, by default)
  1258. $recordData .= "\n\t<td valign=\"top\" class=\"mainfieldsbg\">"; // ...without colspan attribute
  1259. elseif (preg_match("/^(marked|copy|selected|user_file|cite_key)$/", $orig_fieldname)) // print a colored background (light orange, by default) for all the user specific fields
  1260. $recordData .= "\n\t<td valign=\"top\" class=\"userfieldsbg\">"; // ...without colspan attribute
  1261. else // no colored background (by default)
  1262. $recordData .= "\n\t<td valign=\"top\" class=\"otherfieldsbg\">"; // ...without colspan attribute
  1263. }
  1264. // print the attribute data:
  1265. if (!empty($row[$i]))
  1266. {
  1267. if (preg_match("/^(author|title|year)$/", $orig_fieldname)) // print author, title & year fields in bold
  1268. $recordData .= "<b>";
  1269. // make field items into clickable search links:
  1270. if (in_array($displayType, $showFieldItemLinks))
  1271. // Note: function 'linkifyFieldItems()' will also call function 'encodeField()' to HTML
  1272. // encode non-ASCII chars and to apply any field-specific search & replace actions
  1273. $recordData .= linkifyFieldItems($orig_fieldname, $row[$i], $userID, $fieldSpecificSearchReplaceActionsArray, $encodingExceptionsArray, "/\s*[;]+\s*/", "; ", $showQuery, $showLinks, $showRows, $citeStyle, $citeOrder, $wrapResults, $displayType, $viewType); // function 'linkifyFieldItems()' is defined in 'include.inc.php'
  1274. else // don't hotlink field items
  1275. $recordData .= encodeField($orig_fieldname, $row[$i], $fieldSpecificSearchReplaceActionsArray, $encodingExceptionsArray); // function 'encodeField()' is defined in 'include.inc.php'
  1276. if (preg_match("/^(author|title|year)$/", $orig_fieldname))
  1277. $recordData .= "</b>";
  1278. }
  1279. $recordData .= "</td>"; // finish the TD tag
  1280. // for all the fields specified (-> all fields to the right):
  1281. if (preg_match("/^(author|type|abbrev_journal|pages|thesis|address|keywords|abstract|editor|orig_title|abbrev_series_title|edition|medium|conference|approved|location|serial|selected|user_keys|user_file|cite_key|created_by|modified_by)$/", $orig_fieldname))
  1282. {
  1283. if ($showLinks == "1")
  1284. {
  1285. // ...embed appropriate links (if available):
  1286. if ($i == 0) // ... print a column with links if it's the first row of attribute data:
  1287. {
  1288. if (preg_match("/^(cli|inc)/i", $client) OR ($wrapResults == "0")) // we use absolute links for CLI clients, for include mechanisms, or when returning only a partial document structure
  1289. $baseURL = $databaseBaseURL;
  1290. else
  1291. $baseURL = "";
  1292. $recordData .= "\n\t<td valign=\"top\" width=\"50\" rowspan=\"2\">"; // note that this table cell spans the next row!
  1293. $linkArray = array(); // initialize array variable that will hold all available links
  1294. if (isset($_SESSION['user_permissions']) AND preg_match("/allow_edit/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_edit'...
  1295. // ... display a link that opens the edit form for this record:
  1296. $linkArray[] = "\n\t\t<a href=\"" . $baseURL . "record.php"
  1297. . "?serialNo=" . $row["serial"]
  1298. . "&amp;recordAction=edit"
  1299. . "\"><img src=\"" . $baseURL . "img/edit.gif\" alt=\"" . $loc["edit"] . "\" title=\"" . $loc["LinkTitle_EditRecord"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
  1300. // show a link to any corresponding FILE if one of the following conditions is met:
  1301. // - the variable '$fileVisibility' (defined in 'ini.inc.php') is set to 'everyone'
  1302. // - the variable '$fileVisibility' is set to 'login' AND the user is logged in
  1303. // - the variable '$fileVisibility' is set to 'user-specific' AND the 'user_permissions' session variable contains 'allow_download'
  1304. // - the array variable '$fileVisibilityException' (defined in 'ini.inc.php') contains a pattern (in array element 1) that matches the contents of the field given (in array element 0)
  1305. if ($fileVisibility == "everyone" OR ($fileVisibility == "login" AND isset($_SESSION['loginEmail'])) OR ($fileVisibility == "user-specific" AND (isset($_SESSION['user_permissions']) AND preg_match("/allow_download/", $_SESSION['user_permissions']))) OR (!empty($fileVisibilityException) AND preg_match($fileVisibilityException[1], $row[$fileVisibilityException[0]])))
  1306. {
  1307. if (!empty($row["file"]))// if the 'file' field is NOT empty
  1308. {
  1309. if (isset($_SESSION['user_permissions']) AND preg_match("/allow_edit/", $_SESSION['user_permissions']))
  1310. $prefix = "&nbsp;";
  1311. else
  1312. $prefix = "";
  1313. if (preg_match("#^(https?|ftp|file)://#i", $row["file"])) // if the 'file' field contains a full URL (starting with "http://", "https://", "ftp://" or "file://")
  1314. $URLprefix = ""; // we don't alter the URL given in the 'file' field
  1315. else // if the 'file' field contains only a partial path (like 'polarbiol/10240001.pdf') or just a file name (like '10240001.pdf')
  1316. $URLprefix = $filesBaseURL; // use the base URL of the standard files directory as prefix ('$filesBaseURL' is defined in 'ini.inc.php')
  1317. if (preg_match("/\.pdf$/i", $row["file"])) // if the 'file' field contains a link to a PDF file
  1318. $linkArray[] = $prefix . "\n\t\t<a href=\"" . $URLprefix . encodeHTML($row["file"]) . "\"><img src=\"" . $baseURL . "img/file_PDF.gif\" alt=\"" . $loc["pdf"] . "\" title=\"" . $loc["LinkTitle_DownloadPDFFile"] . "\" width=\"17\" height=\"17\" hspace=\"0\" border=\"0\"></a>"; // display a PDF file icon as download link
  1319. else
  1320. $linkArray[] = $prefix . "\n\t\t<a href=\"" . $URLprefix . encodeHTML($row["file"]) . "\"><img src=\"" . $baseURL . "img/file.gif\" alt=\"" . $loc["file"] . "\" title=\"" . $loc["LinkTitle_DownloadFile"] . "\" width=\"11\" height=\"15\" hspace=\"0\" border=\"0\"></a>"; // display a generic file icon as download link
  1321. }
  1322. }
  1323. // generate a link from the URL field:
  1324. if (!empty($row["url"])) // 'htmlentities()' is used to convert any '&' into '&amp;'
  1325. $linkArray[] = "\n\t\t<a href=\"" . encodeHTML($row["url"]) . "\"><img src=\"" . $baseURL . "img/www.gif\" alt=\"" . $loc["url"] . "\" title=\"" . $loc["LinkTitle_GotoWebPage"] . "\" width=\"17\" height=\"20\" hspace=\"0\" border=\"0\"></a>";
  1326. // generate a link from the DOI field:
  1327. if (!empty($row["doi"]))
  1328. $linkArray[] = "\n\t\t<a href=\"http://dx.doi.org/" . rawurlencode($row["doi"]) . "\"><img src=\"" . $baseURL . "img/doi.gif\" alt=\"" . $loc["doi"] . "\" title=\"" . $loc["LinkTitle_GotoWebPageViaDOI"] . "\" width=\"17\" height=\"20\" hspace=\"0\" border=\"0\"></a>";
  1329. // generate a link from the RELATED field:
  1330. if (isset($_SESSION['loginEmail'])) // if a user is logged in, show a link to any related records (if available):
  1331. {
  1332. if (!empty($row["related"]))
  1333. {
  1334. $relatedRecordsLink = buildRelatedRecordsLink($row["related"], $userID); // function 'buildRelatedRecordsLink()' is defined in 'include.inc.php'
  1335. $linkArray[] = "\n\t\t<a href=\"" . $baseURL . $relatedRecordsLink . "\"><img src=\"" . $baseURL . "img/related.gif\" alt=\"" . $loc["related"] . "\" title=\"" . $loc["LinkTitle_DisplayRelatedRecords"] . "\" width=\"19\" height=\"16\" hspace=\"0\" border=\"0\"></a>";
  1336. }
  1337. }
  1338. // if an ISBN number exists for the current record, provide a link to an ISBN resolver:
  1339. if (!empty($isbnURLFormat) AND !empty($row["isbn"]))
  1340. {
  1341. // this is a stupid hack that maps the names of the '$row' array keys to those used
  1342. // by the '$formVars' array (which is required by function 'parsePlaceholderString()')
  1343. // (eventually, the '$formVars' array should use the MySQL field names as names for its array keys)
  1344. $formVars = buildFormVarsArray($row); // function 'buildFormVarsArray()' is defined in 'include.inc.php'
  1345. // auto-generate an ISBN link according to the naming scheme given in '$isbnURLFormat' (in 'ini.inc.php'):
  1346. $isbnURL = parsePlaceholderString($formVars, $isbnURLFormat, ""); // function 'parsePlaceholderString()' is defined in 'include.inc.php'
  1347. $encodedURL = encodeHTML($isbnURL); // 'htmlentities()' is used to convert higher ASCII chars into its entities and any '&' into '&amp;'
  1348. $encodedURL = str_replace(" ", "%20", $encodedURL); // ensure that any spaces are also properly urlencoded
  1349. if (!empty($isbnURL))
  1350. $linkArray[] = "\n\t\t<a href=\"" . $encodedURL . "\"><img src=\"" . $baseURL . "img/isbn.gif\" alt=\"" . $loc["isbn"] . "\" title=\"" . $loc["LinkTitle_FindBookDetailsViaISBN"] . "\" width=\"17\" height=\"20\" hspace=\"0\" border=\"0\"></a>";
  1351. }
  1352. // provide a link to an OpenURL resolver:
  1353. if (!empty($openURLResolver))
  1354. {
  1355. $openURL = openURL($row); // function 'openURL()' is defined in 'openurl.inc.php'
  1356. $linkArray[] = "\n\t\t<a href=\"" . $openURL . "\"><img src=\"" . $baseURL . "img/xref.gif\" alt=\"" . $loc["openurl"] . "\" title=\"" . $loc["LinkTitle_FindRecordDetailsViaOpenURL"] . "\" width=\"18\" height=\"20\" hspace=\"0\" border=\"0\"></a>";
  1357. }
  1358. // insert COinS (ContextObjects in Spans):
  1359. $linkArray[] = "\n\t\t" . coins($row); // function 'coins()' is defined in 'openurl.inc.php'
  1360. // merge links with delimiters appropriate for display in the Links column:
  1361. $recordData .= mergeLinks($linkArray);
  1362. $recordData .= "\n\t</td>";
  1363. }
  1364. // ... for the second row (which consists of the second and third field), we don't print any table column tag at all since the links (printed in the first row) span this second row!
  1365. elseif ($i > 3) // ... for the third row up to the last row, simply print an empty TD tag:
  1366. $recordData .= "\n\t<td valign=\"top\" width=\"50\">&nbsp;</td>";
  1367. }
  1368. $recordData .= "\n</tr>"; // ...and finish the row
  1369. }
  1370. }
  1371. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!preg_match("/^cli/i", $client)) AND ($wrapResults != "0")) // supply an appropriate colspan value
  1372. $ColspanFields = $NoColumns;
  1373. else // print view, CLI client, or partial document structure (i.e., no marker column)
  1374. $ColspanFields = ($NoColumns - 1);
  1375. // Print out an URL that links directly to this record:
  1376. $recordData .= "\n<tr>" // start a new TR (Table Row)
  1377. . "\n\t<td colspan=\"$ColspanFields\" align=\"center\" class=\"smaller\"><a href=\"" . $databaseBaseURL . "show.php?record=" . $row["serial"] . "\" title=\"" . $loc["LinkTitle_Permalink"] . "\">" . $loc["PermalinkLong"] . "</a>"
  1378. . "<div class=\"unapi\"><abbr class=\"unapi-id\" title=\"" . $databaseBaseURL . "show.php?record=" . $row["serial"] . "\"></abbr></div></td>" // re <abbr> tag see <http://unapi.info/specs/>
  1379. . "\n</tr>";
  1380. // Append a divider line if it's not the last (or only) record on the page:
  1381. if ((($rowCounter+1) < $showRows) && (($rowCounter+1) < $rowsFound))
  1382. if (!(($showMaxRow == $rowsFound) && (($rowCounter+1) == ($showMaxRow-$rowOffset)))) // if we're NOT on the *last* page processing the *last* record... ('$showMaxRow-$rowOffset' gives the number of displayed records for a particular page)
  1383. $recordData .= "\n<tr>"
  1384. . "\n\t<td colspan=\"$ColspanFields\">&nbsp;</td>"
  1385. . "\n</tr>"
  1386. . "\n<tr>"
  1387. . "\n\t<td colspan=\"$ColspanFields\"><hr class=\"results\" align=\"left\" width=\"100%\"></td>"
  1388. . "\n</tr>"
  1389. . "\n<tr>"
  1390. . "\n\t<td colspan=\"$ColspanFields\">&nbsp;</td>"
  1391. . "\n</tr>";
  1392. echo $recordData;
  1393. }
  1394. // Finish the table
  1395. echo "\n</table>";
  1396. // END RESULTS DATA COLUMNS ----------------
  1397. // BEGIN RESULTS FOOTER --------------------
  1398. // Note: we omit the results footer, browse links & query form in print/mobile view ('viewType=Print' or 'viewType=Mobile'), for CLI clients, and when outputting only a partial document structure ('wrapResults=0')!
  1399. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!preg_match("/^cli/i", $client)) AND ($wrapResults != "0"))
  1400. {
  1401. // Again, insert the (already constructed) BROWSE LINKS
  1402. // (i.e., a TABLE with links for "previous" & "next" browsing, as well as links to intermediate pages)
  1403. echo $BrowseLinks;
  1404. // Build a results footer with form elements to cite, group or export all/selected records:
  1405. if (!isset($displayResultsFooterDefault[$displayType]) OR (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] != "hidden")))
  1406. {
  1407. if (isset($_SESSION['user_permissions']) AND ((isset($_SESSION['loginEmail']) AND preg_match("/allow_cite|allow_user_groups|allow_export|allow_batch_export/", $_SESSION['user_permissions'])) OR (!isset($_SESSION['loginEmail']) AND preg_match("/allow_cite|allow_export|allow_batch_export/", $_SESSION['user_permissions'])))) // if the 'user_permissions' session variable does contain any of the following: 'allow_cite' -AND- if logged in, aditionally: 'allow_user_groups', 'allow_export', 'allow_batch_export'...
  1408. // ...Insert a divider line (which separates the results data from the forms in the footer):
  1409. echo "\n<hr class=\"resultsfooter\" align=\"center\" width=\"93%\">";
  1410. // Call the 'buildResultsFooter()' function (which does the actual work):
  1411. $ResultsFooter = buildResultsFooter($showRows, $citeStyle, $citeOrder, $displayType, $headerMsg);
  1412. echo $ResultsFooter;
  1413. }
  1414. }
  1415. // END RESULTS FOOTER ----------------------
  1416. // Finally, finish the form
  1417. if ((!preg_match("/^Print$/i", $viewType)) AND (!preg_match("/^cli/i", $client)) AND ($wrapResults != "0") AND (!isset($displayResultsFooterDefault[$displayType]) OR (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] != "hidden"))))
  1418. echo "\n</form>";
  1419. }
  1420. else
  1421. {
  1422. // Report that nothing was found:
  1423. $nothingFoundFeedback = nothingFound(false); // This is a clumsy workaround: by pretending that there were some records marked by the user ($nothingChecked = false) we force the 'nothingFound()' function to output "Sorry, but your query didn't produce any results!" instead of "No records selected..."
  1424. echo $nothingFoundFeedback;
  1425. }// end if $rowsFound body
  1426. }
  1427. else // if the user clicked one of the buttons in the 'queryResults' form on a search results page but did not mark some checkboxes in front of the records, we display a "No records selected..." warning:
  1428. {
  1429. // Report that nothing was selected:
  1430. $nothingFoundFeedback = nothingFound($nothingChecked);
  1431. echo $nothingFoundFeedback;
  1432. }
  1433. }
  1434. // --------------------------------------------------------------------
  1435. // EXPORT RECORDS using the specified export format
  1436. function generateExport($result, $rowOffset, $showRows, $exportFormat, $exportType, $exportStylesheet, $displayType, $viewType, $userID)
  1437. {
  1438. global $officialDatabaseName; // these variables are defined in 'ini.inc.php'
  1439. global $contentTypeCharset;
  1440. global $convertExportDataToUTF8;
  1441. global $defaultExportFormat;
  1442. global $userOptionsArray;
  1443. global $loc; // '$loc' is made globally available in 'core.php'
  1444. // get all user options for the current user:
  1445. // (note that '$userOptionsArray' is made globally available)
  1446. $userOptionsArray = getUserOptions($userID); // function 'getUserOptions()' is defined in 'include.inc.php'
  1447. // fetch the path/name of the export format file that's associated with the export format given in '$exportFormat':
  1448. $exportFormatFile = getFormatFile($exportFormat, "export"); // function 'getFormatFile()' is defined in 'include.inc.php()'
  1449. if (empty($exportFormatFile))
  1450. {
  1451. $exportFormat = $defaultExportFormat; // if the given export format could not be found, we'll use the default export format which is defined by the '$defaultExportFormat' variable in 'ini.inc.php'
  1452. $exportFormatFile = getFormatFile($exportFormat, "export");
  1453. }
  1454. // include the found export format file *once*:
  1455. include_once "export/" . $exportFormatFile; // instead of 'include_once' we could also use: 'if ($rowCounter == 0) { include "export/" . $exportFormatFile; }'
  1456. // export found records using the specified export format:
  1457. $exportText = exportRecords($result, $rowOffset, $showRows, $exportStylesheet, $displayType); // function 'exportRecords()' is defined in the export format file given in '$exportFormatFile' (which, in turn, must reside in the 'export' directory of the refbase root directory)
  1458. // adjust the mime type and return exported data based on the key given in '$exportType':
  1459. if (preg_match("/text/i", $exportType))
  1460. $exportContentType = "text/plain";
  1461. elseif (preg_match("/^(html|email)$/i", $exportType))
  1462. $exportContentType = "text/html";
  1463. elseif (preg_match("/xml/i", $exportType))
  1464. {
  1465. // NOTE: Firefox >=2.x, Safari >=2.x and IE >=7.x break client-side XSL for RSS and Atom feeds!
  1466. // See e.g.: <http://decafbad.com/blog/2006/11/02/firefox-20-breaks-client-side-xsl-for-rss-and-atom-feeds>
  1467. // TODO: Re-evaluate: As a consequence, we apply a VERY dirty hack in 'atomxml.inc.php' that prevents the feed sniffing
  1468. // and subsequent browser applied default XSLT stylesheet that has been implemented by FireFox 2, Safari 2
  1469. // and Internet Explorer 7. To prevent the feed sniffing we insert a comment before the feed
  1470. // element that is larger than 512 bytes. See: <http://feedme.mind-it.info/pivot/entry.php?id=9>
  1471. //
  1472. // For some browsers (such as the Camino browser <http://caminobrowser.org/>) it's possible to set the content type
  1473. // to 'application/xml' which (while incorrect for Atom/RSS) will cause the browser to trigger their XML+XSLT renderer
  1474. // if the Atom/RSS feed was requested together with a stylesheet.
  1475. //
  1476. // If the content type is set to 'application/atom+xml', Firefox 2 and Safari 2 will always apply their own default
  1477. // XSLT stylesheet and ignore any client-side XSL transformation!
  1478. if (preg_match("/Atom/i", $exportFormat) AND empty($exportStylesheet))
  1479. $exportContentType = "application/atom+xml"; // NOTE: using Safari 3 on OS X 10.4, this seems to cause misbehavior; Firefox seems to work fine, though
  1480. else
  1481. $exportContentType = "application/xml";
  1482. }
  1483. elseif (preg_match("/rss/i", $exportType))
  1484. $exportContentType = "application/rss+xml";
  1485. elseif (preg_match("/file/i", $exportType)) // attempt to set mime type & download file name according to the chosen export format:
  1486. {
  1487. $exportContentType = "text/plain"; // set the default mime type
  1488. // Note that we do some "quick'n dirty" guessing for some export formats here (e.g., we assume/require that an XML export format name
  1489. // contains 'XML' within its name!). This is in NO way fool proof and should be handled in a better way!
  1490. if (preg_match("/XML/i", $exportFormat)) // if the export format name contains 'XML'
  1491. {
  1492. if (preg_match("/Atom/i", $exportFormat)) // if the export format name contains 'Atom'
  1493. $exportContentType = "application/atom+xml"; // see note above
  1494. else
  1495. $exportContentType = "application/xml";
  1496. if (preg_match("/Atom/i", $exportFormat)) // if the export format name contains 'Atom'
  1497. $exportFileName = "atom_export.xml";
  1498. elseif (preg_match("/SRW_DC/i", $exportFormat)) // if the export format name contains 'SRW_DC'
  1499. $exportFileName = "srw_dc_export.xml";
  1500. elseif (preg_match("/SRW_MODS/i", $exportFormat)) // if the export format name contains 'SRW_MODS'
  1501. $exportFileName = "srw_mods_export.xml";
  1502. elseif (preg_match("/SRW/i", $exportFormat)) // if the export format name contains 'SRW' (fallback)
  1503. $exportFileName = "srw_export.xml";
  1504. elseif (preg_match("/^MODS/i", $exportFormat)) // if the export format name starts with 'MODS' (NOTE: the regex pattern must not match "SRW_MODS XML")
  1505. $exportFileName = "mods_export.xml";
  1506. elseif (preg_match("/^(OAI_)?DC/i", $exportFormat)) // if the export format starts contains 'OAI_DC' or 'DC' (NOTE: the regex pattern must not match "SRW_DC XML")
  1507. $exportFileName = "oaidc_export.xml";
  1508. elseif (preg_match("/ODF|OpenDocument/i", $exportFormat)) // if the export format name contains 'ODF' or 'OpenDocument'
  1509. {
  1510. if (preg_match("/file/i", $exportType)) {
  1511. $exportContentType="application/vnd.oasis.opendocument.spreadsheet";
  1512. $exportFileName="odf_export.ods";
  1513. }
  1514. else {
  1515. $exportFileName = "content.xml";
  1516. }
  1517. }
  1518. elseif (preg_match("/Word/i", $exportFormat)) // if the export format name contains 'Word'
  1519. $exportFileName = "msword_export.xml";
  1520. else
  1521. $exportFileName = "export.xml";
  1522. }
  1523. elseif (preg_match("/ADS|BibTeX|Endnote|ISI|RIS/i", $exportFormat)) // if the export format name contains either 'ADS', 'BibTeX', 'Endnote', 'ISI' or 'RIS'
  1524. {
  1525. if (preg_match("/ADS/i", $exportFormat))
  1526. $exportFileName = "ads_export.txt";
  1527. elseif (preg_match("/BibTeX/i", $exportFormat))
  1528. $exportFileName = "bibtex_export.bib";
  1529. elseif (preg_match("/Endnote/i", $exportFormat))
  1530. $exportFileName = "endnote_export.enw";
  1531. elseif (preg_match("/ISI/i", $exportFormat))
  1532. $exportFileName = "isi_export.txt";
  1533. elseif (preg_match("/RIS/i", $exportFormat))
  1534. $exportFileName = "ris_export.ris";
  1535. }
  1536. else
  1537. $exportFileName = "exported_records.txt"; // set the default download file name
  1538. }
  1539. // if variable '$convertExportDataToUTF8' is set to "yes" in 'ini.inc.php', we'll convert latin1 data to UTF-8
  1540. // when exporting to XML; therefore, we'll need to temporarily set the value of the global '$contentTypeCharset'
  1541. // variable to UTF-8 which will ensure proper HTML output
  1542. if (($convertExportDataToUTF8 == "yes") AND ($contentTypeCharset != "UTF-8"))
  1543. {
  1544. $oldContentTypeCharset = $contentTypeCharset; // remember the actual database charset
  1545. $oldOfficialDatabaseName = $officialDatabaseName; // remember the database name as originally encoded
  1546. // if the database charset is not "UTF-8" then we'll also need to temporarily convert any higher ASCII chars in variables which get included within the HTML output
  1547. $officialDatabaseName = convertToCharacterEncoding("UTF-8", "IGNORE", $officialDatabaseName); // function 'convertToCharacterEncoding()' is defined in 'include.inc.php'
  1548. $contentTypeCharset = "UTF-8"; // for XML output we'll temporarily set the value of '$contentTypeCharset' to "UTF-8"
  1549. }
  1550. // set the appropriate mimetype & set the character encoding to the one given in '$contentTypeCharset':
  1551. setHeaderContentType($exportContentType, $contentTypeCharset); // function 'setHeaderContentType()' is defined in 'include.inc.php'
  1552. if (preg_match("/file/i", $exportType)) // instruct the browser to download the resulting XML file:
  1553. header('Content-Disposition: attachment; filename="' . $exportFileName . '"'); // Note that this doesn't seem to work with all browsers (notably not with Safari & OmniWeb on MacOSX Panther, but it does work with Mozilla & Camino as well as Safari on Tiger)
  1554. elseif (preg_match("/^(html|email)$/i", $exportType)) // output data as HTML, wrapped into <pre>...</pre> tags:
  1555. {
  1556. if (preg_match("/email/i", $exportType)) // send exported data to the user's login email address:
  1557. {
  1558. $emailRecipient = $_SESSION['loginEmail'];
  1559. $emailSubject = "Your records from the " . $officialDatabaseName . " (exported to " . $exportFormat . " format)";
  1560. $emailBody = $exportText;
  1561. sendEmail($emailRecipient, $emailSubject, $emailBody); // function 'sendEmail()' is defined in 'include.inc.php'
  1562. }
  1563. // call the 'displayHTMLhead()' function (defined in 'header.inc.php'):
  1564. displayHTMLhead(encodeHTML($officialDatabaseName) . " -- Exported Data", "index,follow", "Data exported from the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array());
  1565. $exportText = "\n\t<pre>\n" . encodeHTML($exportText) . "\n\t</pre>\n</body>\n</html>\n";
  1566. if ($exportType == "email")
  1567. $exportText = "\n\t<p>"
  1568. . "\n\t\t<a href=\"javascript:history.back()\" title=\"" . $loc["LinkTitle_GoBackToResults"] . "\">" . $loc["Go Back"] . "</a>"
  1569. . "\n\t</p>"
  1570. . "\n\t<p>"
  1571. . "\n\t\t<b>The data below have been sent to <a href=\"mailto:" . $_SESSION['loginEmail'] . "\">" . $_SESSION['loginEmail'] . "</a>:</b>"
  1572. . "\n\t</p>"
  1573. . $exportText;
  1574. }
  1575. if (($convertExportDataToUTF8 == "yes") AND ($contentTypeCharset != "UTF-8"))
  1576. {
  1577. $contentTypeCharset = $oldContentTypeCharset; // restore the actual database charset
  1578. $officialDatabaseName = $oldOfficialDatabaseName; // restore the database name as originally encoded
  1579. }
  1580. if ( (preg_match("/ODF|OpenDocument/i", $exportFormat)) && (preg_match("/file/i", $exportType)) ) {
  1581. // This is a dirty hack to zip and return an ODF file.
  1582. // It may be desired to retun other non-textual formats in the future & to return these as attachments by email in the future.
  1583. // If this becomes needed, we should refactor the output.
  1584. $zipfile = zipODF($exportText); // function 'zipODF()' is defined in 'odfxml.inc.php'
  1585. echo $zipfile -> file();
  1586. }
  1587. else {
  1588. // we'll present the output within the _same_ browser window:
  1589. // (note that we don't use a popup window here, since this may be blocked by particular browsers)
  1590. echo $exportText;
  1591. }
  1592. }
  1593. // --------------------------------------------------------------------
  1594. // CITE RECORDS using the specified citation style and format
  1595. function generateCitations($result, $rowsFound, $query, $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $previousOffset, $nextOffset, $wrapResults, $nothingChecked, $citeStyle, $citeOrder, $citeType, $orderBy, $headerMsg, $userID, $viewType)
  1596. {
  1597. global $contentTypeCharset; // these variables are defined in 'ini.inc.php'
  1598. global $defaultCiteStyle;
  1599. global $client;
  1600. global $userOptionsArray;
  1601. // get all user options for the current user:
  1602. // (note that '$userOptionsArray' is made globally available)
  1603. $userOptionsArray = getUserOptions($userID); // function 'getUserOptions()' is defined in 'include.inc.php'
  1604. // if the query has results ...
  1605. if ($rowsFound > 0)
  1606. {
  1607. // Save the current Citation view query to a session variable:
  1608. // saveSessionVariable("lastCitationViewQuery", $query);
  1609. // fetch the name of the citation style file that's associated with the style given in '$citeStyle':
  1610. $citeStyleFile = getStyleFile($citeStyle); // function 'getStyleFile()' is defined in 'include.inc.php'
  1611. if (empty($citeStyleFile))
  1612. {
  1613. $citeStyle = $defaultCiteStyle; // if the given cite style could not be found, we'll use the default cite style which is defined by the '$defaultCiteStyle' variable in 'ini.inc.php'
  1614. $citeStyleFile = getStyleFile($citeStyle);
  1615. }
  1616. // include the found citation style file *once*:
  1617. include_once "cite/" . $citeStyleFile;
  1618. // fetch the name of the citation format file that's associated with the format given in '$citeType':
  1619. $citeFormatFile = getFormatFile($citeType, "cite"); // function 'getFormatFile()' is defined in 'include.inc.php()'
  1620. if (empty($citeFormatFile))
  1621. {
  1622. if (preg_match("/^cli/i", $client)) // if the query originated from a command line client such as the refbase CLI clients ("cli-refbase-1.1", "cli-refbase_import-1.0")
  1623. $citeType = "ASCII";
  1624. else
  1625. $citeType = "html";
  1626. $citeFormatFile = getFormatFile($citeType, "cite");
  1627. }
  1628. // include the found citation format file *once*:
  1629. include_once "cite/" . $citeFormatFile;
  1630. $citationData = citeRecords($result, $rowsFound, $query, $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $previousOffset, $nextOffset, $wrapResults, $citeStyle, $citeOrder, $citeType, $orderBy, $headerMsg, $userID, $viewType);
  1631. if (preg_match("/^RTF$/i", $citeType)) // output references as RTF file
  1632. {
  1633. $citeContentType = "application/rtf";
  1634. $citeFileName = "citations.rtf";
  1635. }
  1636. elseif (preg_match("/^PDF$/i", $citeType)) // output references as PDF file
  1637. {
  1638. $citeContentType = "application/pdf";
  1639. $citeFileName = "citations.pdf";
  1640. }
  1641. elseif (preg_match("/^LaTeX$/i", $citeType)) // output references as LaTeX file
  1642. {
  1643. $citeContentType = "application/x-latex";
  1644. $citeFileName = "citations.tex";
  1645. }
  1646. elseif (preg_match("/^LaTeX \.bbl$/i", $citeType)) // output references as LaTeX .bbl file (for use with LaTeX/BibTeX)
  1647. {
  1648. $citeContentType = "application/x-latex";
  1649. $citeFileName = "citations.bbl";
  1650. }
  1651. elseif (preg_match("/^Markdown$/i", $citeType)) // output references as Markdown TEXT (a plain text formatting syntax)
  1652. {
  1653. $citeContentType = "text/plain";
  1654. $citeFileName = "citations.txt";
  1655. }
  1656. elseif (preg_match("/^ASCII$/i", $citeType)) // output references as plain TEXT
  1657. {
  1658. $citeContentType = "text/plain";
  1659. $citeFileName = "citations.txt";
  1660. }
  1661. else // by default, we'll output references in HTML format
  1662. {
  1663. $citeContentType = "text/html";
  1664. $citeFileName = "citations.html";
  1665. }
  1666. if (!preg_match("/^html$/i", $citeType))
  1667. // set the appropriate mimetype & set the character encoding to the one given in '$contentTypeCharset' (which is defined in 'ini.inc.php'):
  1668. setHeaderContentType($citeContentType, $contentTypeCharset); // function 'setHeaderContentType()' is defined in 'include.inc.php'
  1669. if (preg_match("/^application/i", $citeContentType))
  1670. // instruct the browser to download the resulting output as file:
  1671. header('Content-Disposition: attachment; filename="' . $citeFileName . '"'); // Note that this doesn't seem to work with all browsers (notably not with Safari & OmniWeb on MacOSX Panther, but it does work with Mozilla & Camino as well as Safari on Tiger)
  1672. echo $citationData;
  1673. }
  1674. else
  1675. {
  1676. $nothingFoundFeedback = nothingFound($nothingChecked);
  1677. echo $nothingFoundFeedback;
  1678. }
  1679. }
  1680. // --------------------------------------------------------------------
  1681. // BUILD RESULTS FOOTER
  1682. function buildResultsFooter($showRows, $citeStyle, $citeOrder, $displayType, $headerMsg)
  1683. {
  1684. global $useVisualEffects; // these variables are defined in 'ini.inc.php'
  1685. global $allowAnonymousGUIExport;
  1686. global $displayResultsFooterDefault;
  1687. global $loc; // defined in 'locales/core.php'
  1688. if (isset($_SESSION['user_permissions']) AND ((isset($_SESSION['loginEmail']) AND preg_match("/allow_cite|allow_user_groups|allow_export|allow_batch_export/", $_SESSION['user_permissions'])) OR (!isset($_SESSION['loginEmail']) AND preg_match("/allow_cite|allow_export|allow_batch_export/", $_SESSION['user_permissions'])))) // only the results footer if the 'user_permissions' session variable does contain any of the following: 'allow_cite' -AND- if logged in, aditionally: 'allow_user_groups', 'allow_export', 'allow_batch_export'...
  1689. {
  1690. $resultsFooterToggleText = "";
  1691. if (preg_match("/allow_cite/", $_SESSION['user_permissions']))
  1692. $resultsFooterToggleText .= "Cite";
  1693. if (preg_match("/allow_user_groups/", $_SESSION['user_permissions']))
  1694. {
  1695. if (preg_match("/allow_cite/", $_SESSION['user_permissions']))
  1696. {
  1697. if (preg_match("/allow_export|allow_batch_export/", $_SESSION['user_permissions']))
  1698. $resultsFooterToggleText .= ", ";
  1699. else
  1700. $resultsFooterToggleText .= " & ";
  1701. }
  1702. $resultsFooterToggleText .= "Group";
  1703. }
  1704. if (!isset($_SESSION['loginEmail']) AND ($allowAnonymousGUIExport == "yes") OR (isset($_SESSION['loginEmail']) AND preg_match("/allow_export|allow_batch_export/", $_SESSION['user_permissions'])))
  1705. {
  1706. if (preg_match("/allow_cite|allow_user_groups/", $_SESSION['user_permissions']))
  1707. $resultsFooterToggleText .= " & ";
  1708. $resultsFooterToggleText .= "Export";
  1709. }
  1710. $resultsFooterToggleText .= " Options";
  1711. if (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] == "open"))
  1712. {
  1713. $resultsFooterDisplayStyle = "block";
  1714. $resultsFooterToggleImage = "img/open.gif";
  1715. $resultsFooterInitialToggleText = "";
  1716. }
  1717. else
  1718. {
  1719. $resultsFooterDisplayStyle = "none";
  1720. $resultsFooterToggleImage = "img/closed.gif";
  1721. $resultsFooterInitialToggleText = encodeHTML($resultsFooterToggleText);
  1722. }
  1723. if ($useVisualEffects == "yes")
  1724. $toggleVisibilityFunction = "toggleVisibilitySlide";
  1725. else
  1726. $toggleVisibilityFunction = "toggleVisibility";
  1727. $ResultsFooterRow = "\n<div class=\"resultsfooter\">";
  1728. $ResultsFooterRow .= "\n<div class=\"showhide\">"
  1729. . "\n\t<a href=\"javascript:" . $toggleVisibilityFunction . "('resultactions','resultsFooterToggleimg','resultsFooterToggletxt','" . rawurlencode($resultsFooterToggleText) . "')\"" . addAccessKey("attribute", "footer") . " title=\"" . $loc["LinkTitle_ToggleVisibility"] . addAccessKey("title", "footer") . "\">"
  1730. . "\n\t\t<img id=\"resultsFooterToggleimg\" class=\"toggleimg\" src=\"" . $resultsFooterToggleImage . "\" alt=\"" . $loc["LinkTitle_ToggleVisibility"] . "\" width=\"9\" height=\"9\" hspace=\"0\" border=\"0\">"
  1731. . "\n\t\t<span id=\"resultsFooterToggletxt\" class=\"toggletxt\">" . $resultsFooterInitialToggleText . "</span>"
  1732. . "\n\t</a>"
  1733. . "\n</div>";
  1734. $ResultsFooterRow .= "\n<div id=\"resultactions\" style=\"display: " . $resultsFooterDisplayStyle . ";\">";
  1735. $ResultsFooterRow .= "\n\t<div id=\"selectresults\">"
  1736. . "\n\t\t<input type=\"radio\" id=\"allRecs\" name=\"recordsSelectionRadio\" value=\"1\" onfocus=\"checkall(false,'marked%5B%5D')\" title=\"cite/group/export all records of the current result set\" checked>"
  1737. . "\n\t\t<label for=\"allRecs\">All Found Records</label>"
  1738. . "\n\t\t<input type=\"radio\" id=\"selRecs\" name=\"recordsSelectionRadio\" value=\"0\" onfocus=\"checkall(true,'marked%5B%5D')\" title=\"cite/group/export only those records which you've selected on this page\">"
  1739. . "\n\t\t<label for=\"selRecs\">Selected Records:</label>"
  1740. . "\n\t</div>";
  1741. // Cite functionality:
  1742. if (isset($_SESSION['user_permissions']) AND preg_match("/allow_cite/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_cite', show form elements to build a reference list for the chosen records:
  1743. {
  1744. if (!isset($_SESSION['user_styles']))
  1745. $citeStyleDisabled = " disabled"; // disable the style popup (and other form elements) if the session variable holding the user's styles isn't available
  1746. else
  1747. $citeStyleDisabled = "";
  1748. if (!isset($_SESSION['user_cite_formats']))
  1749. $citeFormatDisabled = " disabled"; // disable the cite format popup if the session variable holding the user's cite formats isn't available
  1750. else
  1751. $citeFormatDisabled = "";
  1752. $ResultsFooterRow .= "\n\t<fieldset id=\"citerefs\">"
  1753. . "\n\t\t<legend>Save Citations:</legend>"
  1754. . "\n\t\t<input type=\"hidden\" name=\"citeStyle\" value=\"" . rawurlencode($citeStyle) . "\">"
  1755. . "\n\t\t<input type=\"hidden\" name=\"citeOrder\" value=\"$citeOrder\">"
  1756. . "\n\t\t<input type=\"hidden\" name=\"headerMsg\" value=\"" . rawurlencode($headerMsg) . "\">"
  1757. . "\n\t\t<label for=\"citeType\">Format:</label>"
  1758. . "\n\t\t<select id=\"citeType\" name=\"citeType\" title=\"choose how your reference list shall be returned\"$citeStyleDisabled$citeFormatDisabled>";
  1759. if (isset($_SESSION['user_cite_formats']))
  1760. {
  1761. $optionTags = buildSelectMenuOptions($_SESSION['user_cite_formats'], "/ *; */", "\t\t\t", false); // build properly formatted <option> tag elements from the items listed in the 'user_cite_formats' session variable
  1762. $ResultsFooterRow .= $optionTags;
  1763. }
  1764. else
  1765. $ResultsFooterRow .= "\n\t\t\t<option>(no formats available)</option>";
  1766. $ResultsFooterRow .= "\n\t\t</select>"
  1767. . "\n\t\t<input type=\"submit\" name=\"submit\" value=\"Cite\"" . addAccessKey("attribute", "biblio") . " title=\"build a list of references for all chosen records" . addAccessKey("title", "biblio") . "\"$citeStyleDisabled>"
  1768. . "\n\t</fieldset>";
  1769. // Assign the 'selected' param to one of the main non-HTML citation output options (RTF, PDF, LaTeX):
  1770. if (preg_match("#<option>RTF</option>#i", $ResultsFooterRow))
  1771. $ResultsFooterRow = preg_replace("#<option>RTF</option>#i", "<option selected>RTF</option>", $ResultsFooterRow);
  1772. elseif (preg_match("#<option>PDF</option>#i", $ResultsFooterRow))
  1773. $ResultsFooterRow = preg_replace("#<option>PDF</option>#i", "<option selected>PDF</option>", $ResultsFooterRow);
  1774. elseif (preg_match("#<option>LaTeX</option>#i", $ResultsFooterRow))
  1775. $ResultsFooterRow = preg_replace("#<option>LaTeX</option>#i", "<option selected>LaTeX</option>", $ResultsFooterRow);
  1776. }
  1777. // User groups functionality:
  1778. if (isset($_SESSION['loginEmail']) AND isset($_SESSION['user_permissions']) AND preg_match("/allow_user_groups/", $_SESSION['user_permissions'])) // if a user is logged in AND the 'user_permissions' session variable contains 'allow_user_groups', show form elements to add/remove the chosen records to/from a user's group:
  1779. {
  1780. if (!isset($_SESSION['userGroups']))
  1781. {
  1782. $groupSearchDisabled = " disabled"; // disable the (part of the) 'Add to/Remove from group' form elements if the session variable holding the user's groups isnt't available
  1783. $groupSearchPopupMenuChecked = "";
  1784. $groupSearchTextInputChecked = " checked";
  1785. $groupSearchSelectorTitle = "(to setup a new group with all chosen records, enter a group name &amp; click the 'Add' button)";
  1786. $groupSearchTextInputTitle = "specify a new group name here, then click the 'Add' button";
  1787. }
  1788. else
  1789. {
  1790. $groupSearchDisabled = "";
  1791. $groupSearchPopupMenuChecked = " checked";
  1792. $groupSearchTextInputChecked = "";
  1793. $groupSearchSelectorTitle = "choose the group to (from) which the chosen records shall be added (removed)";
  1794. $groupSearchTextInputTitle = "specify a new group name here, then click the 'Add' button";
  1795. }
  1796. $ResultsFooterRow .= "\n\t<fieldset id=\"grouprefs\">"
  1797. . "\n\t\t<legend>Add to (Remove from) Group:</legend>"
  1798. . "\n\t\t<div id=\"myGroup\">"
  1799. . "\n\t\t\t<input type=\"radio\" id=\"myGroupRadio\" name=\"userGroupActionRadio\" value=\"1\" title=\"add (remove) the chosen records to (from) an existing group\"$groupSearchDisabled$groupSearchPopupMenuChecked>"
  1800. . "\n\t\t\t<label for=\"userGroupSelector\">My:</label>"
  1801. . "\n\t\t\t<select id=\"userGroupSelector\" name=\"userGroupSelector\" onfocus=\"toggleRadio('myGroupRadio', 'newGroupRadio', false)\" title=\"$groupSearchSelectorTitle\"$groupSearchDisabled>";
  1802. if (isset($_SESSION['userGroups']))
  1803. {
  1804. $optionTags = buildSelectMenuOptions($_SESSION['userGroups'], "/ *; */", "\t\t\t\t", false); // build properly formatted <option> tag elements from the items listed in the 'userGroups' session variable
  1805. $ResultsFooterRow .= $optionTags;
  1806. }
  1807. else
  1808. {
  1809. $ResultsFooterRow .= "\n\t\t\t\t<option>(no groups available)</option>";
  1810. }
  1811. $ResultsFooterRow .= "\n\t\t\t</select>"
  1812. . "\n\t\t</div>"
  1813. . "\n\t\t<div id=\"newGroup\">"
  1814. . "\n\t\t\t<input type=\"radio\" id=\"newGroupRadio\" name=\"userGroupActionRadio\" value=\"0\" title=\"setup a new group with the chosen records\"$groupSearchTextInputChecked>"
  1815. . "\n\t\t\t<label for=\"userGroupName\">New:</label>"
  1816. . "\n\t\t\t<input type=\"text\" id=\"userGroupName\" name=\"userGroupName\" value=\"\" size=\"12\" onfocus=\"toggleRadio('myGroupRadio', 'newGroupRadio', true)\" title=\"$groupSearchTextInputTitle\">"
  1817. . "\n\t\t</div>"
  1818. . "\n\t\t<div id=\"addRemoveGroup\">"
  1819. . "\n\t\t\t<input type=\"submit\" name=\"submit\" value=\"Add\" title=\"add the chosen records to the specified group\">"
  1820. . "\n\t\t\t<input type=\"submit\" name=\"submit\" value=\"Remove\" title=\"remove the chosen records from the specified group\"$groupSearchDisabled>"
  1821. . "\n\t\t</div>"
  1822. . "\n\t</fieldset>";
  1823. }
  1824. // Export functionality:
  1825. if ((!isset($_SESSION['loginEmail']) AND ($allowAnonymousGUIExport == "yes")) OR (isset($_SESSION['loginEmail']) AND isset($_SESSION['user_permissions']) AND preg_match("/allow_export|allow_batch_export/", $_SESSION['user_permissions']))) // if a user is logged in AND the 'user_permissions' session variable contains either 'allow_export' or 'allow_batch_export', show form elements to export the chosen records:
  1826. {
  1827. if (!isset($_SESSION['user_export_formats']))
  1828. $exportFormatDisabled = " disabled"; // disable the format popup if the session variable holding the user's export formats isn't available
  1829. else
  1830. $exportFormatDisabled = "";
  1831. $ResultsFooterRow .= "\n\t<fieldset id=\"exportrefs\">"
  1832. . "\n\t\t<legend>Export Records:</legend>"
  1833. . "\n\t\t<input type=\"hidden\" name=\"exportType\" value=\"file\">"
  1834. . "\n\t\t<label for=\"exportFormat\">Format:</label>"
  1835. . "\n\t\t<select id=\"exportFormat\" name=\"exportFormat\" title=\"choose the export format for your references\"$exportFormatDisabled>";
  1836. if (isset($_SESSION['user_export_formats']))
  1837. {
  1838. $optionTags = buildSelectMenuOptions($_SESSION['user_export_formats'], "/ *; */", "\t\t\t", false); // build properly formatted <option> tag elements from the items listed in the 'user_export_formats' session variable
  1839. $ResultsFooterRow .= $optionTags;
  1840. }
  1841. else
  1842. $ResultsFooterRow .= "\n\t\t\t<option>(no formats available)</option>";
  1843. $ResultsFooterRow .= "\n\t\t</select>"
  1844. . "\n\t\t<input type=\"submit\" name=\"submit\" value=\"Export\"" . addAccessKey("attribute", "export") . " title=\"export all chosen records" . addAccessKey("title", "export") . "\"$exportFormatDisabled>"
  1845. . "\n\t</fieldset>";
  1846. }
  1847. $ResultsFooterRow .= "\n</div>"
  1848. . "\n</div>";
  1849. }
  1850. else
  1851. $ResultsFooterRow = ""; // return an empty string if the 'user_permissions' session variable does NOT contain any of the following: 'allow_cite', 'allow_user_groups', 'allow_export', 'allow_batch_export'
  1852. return $ResultsFooterRow;
  1853. }
  1854. // --------------------------------------------------------------------
  1855. // EXTRACT FORM VARIABLES SENT THROUGH GET OR POST
  1856. // (!! NOTE !!: for details see <http://www.php.net/release_4_2_1.php> & <http://www.php.net/manual/en/language.variables.predefined.php>)
  1857. // Find duplicate records within results of the given SQL query (using settings extracted from the 'duplicateSearch' form
  1858. // in 'duplicate_search.php') and return a modified database query that only matches these duplicate entries:
  1859. function findDuplicates($sqlQuery, $originalDisplayType)
  1860. {
  1861. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  1862. global $alnum, $alpha, $cntrl, $dash, $digit, $graph, $lower, $print, $punct, $space, $upper, $word, $patternModifiers; // defined in 'transtab_unicode_charset.inc.php' and 'transtab_latin1_charset.inc.php'
  1863. // re-assign the correct display type (i.e. the view that was active when the user clicked the 'dups' link in the header):
  1864. if (!empty($originalDisplayType))
  1865. $displayType = $originalDisplayType;
  1866. // Extract form variables provided by the 'duplicateSearch' form in 'duplicate_search.php':
  1867. if (isset($_REQUEST['matchFieldsSelector']))
  1868. {
  1869. if (is_string($_REQUEST['matchFieldsSelector'])) // we accept a string containing a (e.g. comma delimited) list of field names
  1870. $selectedFieldsArray = preg_split("/[^a-z_]+/", $_REQUEST['matchFieldsSelector'], -1, PREG_SPLIT_NO_EMPTY); // (the 'PREG_SPLIT_NO_EMPTY' flag causes only non-empty pieces to be returned)
  1871. else // the field list is already provided as array:
  1872. $selectedFieldsArray = $_REQUEST['matchFieldsSelector'];
  1873. }
  1874. else
  1875. $selectedFieldsArray = array();
  1876. if (isset($_REQUEST['ignoreWhitespace']) AND ($_REQUEST['ignoreWhitespace'] == "1"))
  1877. $ignoreWhitespace = "1";
  1878. else
  1879. $ignoreWhitespace = "0";
  1880. if (isset($_REQUEST['ignorePunctuation']) AND ($_REQUEST['ignorePunctuation'] == "1"))
  1881. $ignorePunctuation = "1";
  1882. else
  1883. $ignorePunctuation = "0";
  1884. if (isset($_REQUEST['ignoreCharacterCase']) AND ($_REQUEST['ignoreCharacterCase'] == "1"))
  1885. $ignoreCharacterCase = "1";
  1886. else
  1887. $ignoreCharacterCase = "0";
  1888. if (isset($_REQUEST['ignoreAuthorInitials']) AND ($_REQUEST['ignoreAuthorInitials'] == "1"))
  1889. $ignoreAuthorInitials = "1";
  1890. else
  1891. $ignoreAuthorInitials = "0";
  1892. if (isset($_REQUEST['nonASCIIChars']))
  1893. $nonASCIIChars = $_REQUEST['nonASCIIChars'];
  1894. else
  1895. $nonASCIIChars = "keep";
  1896. // VALIDATE FORM DATA:
  1897. $errors = array();
  1898. // Validate the field selector:
  1899. if (empty($selectedFieldsArray))
  1900. $errors["matchFieldsSelector"] = "You must select at least one field:";
  1901. // Validate the 'SQL Query' field:
  1902. if (empty($sqlQuery))
  1903. $errors["sqlQuery"] = "You must specify a query string:"; // 'sqlQuery' must not be empty
  1904. elseif (!preg_match("/^SELECT/i", $sqlQuery))
  1905. $errors["sqlQuery"] = "You can only execute SELECT queries:";
  1906. // Check if there were any errors:
  1907. if (count($errors) > 0)
  1908. {
  1909. // In case of an error, we write all form variables back to the '$formVars' array
  1910. // (which 'duplicate_search.php' requires to reload form values):
  1911. foreach($_REQUEST as $varname => $value)
  1912. $formVars[$varname] = $value;
  1913. // Since checkbox form fields do only get included in the '$_REQUEST' array if they were marked,
  1914. // we have to add appropriate array elements for all checkboxes that weren't set:
  1915. if (!isset($formVars["ignoreWhitespace"]))
  1916. $formVars["ignoreWhitespace"] = "0";
  1917. if (!isset($formVars["ignorePunctuation"]))
  1918. $formVars["ignorePunctuation"] = "0";
  1919. if (!isset($formVars["ignoreCharacterCase"]))
  1920. $formVars["ignoreCharacterCase"] = "0";
  1921. if (!isset($formVars["ignoreAuthorInitials"]))
  1922. $formVars["ignoreAuthorInitials"] = "0";
  1923. if (!isset($formVars["showLinks"]))
  1924. $formVars["showLinks"] = "0";
  1925. // Write back session variables:
  1926. saveSessionVariable("errors", $errors); // function 'saveSessionVariable()' is defined in 'include.inc.php'
  1927. saveSessionVariable("formVars", $formVars);
  1928. // There are errors. Relocate back to 'duplicate_search.php':
  1929. header("Location: duplicate_search.php");
  1930. exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  1931. }
  1932. // CONSTRUCT SQL QUERY (1. DUPLICATE SEARCH):
  1933. // To identify any duplicates within the results of the original query, we build a new query based on the original SQL query:
  1934. $query = $sqlQuery;
  1935. // Replace SELECT list of columns with those from '$selectedFieldsArray' (plus the 'serial' column):
  1936. $selectedFieldsString = implode(", ", $selectedFieldsArray);
  1937. $query = newSELECTclause("SELECT " . $selectedFieldsString . ", serial", $query, false); // function 'newSELECTclause()' is defined in 'include.inc.php'
  1938. // Replace any existing ORDER BY clause with the list of columns given in '$selectedFieldsArray':
  1939. $query = newORDERclause("ORDER BY " . $selectedFieldsString, $query, false); // function 'newORDERclause()' is defined in 'include.inc.php'
  1940. // Fix escape sequences within the SQL query:
  1941. $query = stripSlashesIfMagicQuotes($query);
  1942. // RUN the query on the database through the connection:
  1943. $result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php'
  1944. // PROCESS RESULTS:
  1945. $recordSerialsArray = array();
  1946. $duplicateRecordSerialsArray = array();
  1947. $rowsFound = @ mysqli_num_rows($result);
  1948. // Identify any records with matching field data:
  1949. if ($rowsFound > 0) // if there were rows found ...
  1950. {
  1951. // Count the number of fields:
  1952. $fieldsFound = mysqli_num_fields($result);
  1953. // Loop over each row in the result set:
  1954. for ($rowCounter=0; $row = @ mysqli_fetch_array($result); $rowCounter++)
  1955. {
  1956. $recordIdentifier = ""; // make sure our buffer variable is empty
  1957. // For each row, loop over each field (except for the last one which is the 'serial' field):
  1958. for ($i=0; $i < ($fieldsFound - 1); $i++)
  1959. {
  1960. // fetch the current attribute name:
  1961. $fieldName = getMySQLFieldInfo($result, $i, "name"); // function 'getMySQLFieldInfo()' is defined in 'include.inc.php'
  1962. // normalize author names:
  1963. if (($fieldName == "author") AND ($ignoreAuthorInitials == "1"))
  1964. {
  1965. // this is a stupid hack that maps the names of the '$row' array keys to those used
  1966. // by the '$formVars' array (which is required by function 'parsePlaceholderString()')
  1967. // (eventually, the '$formVars' array should use the MySQL field names as names for its array keys)
  1968. $formVars = buildFormVarsArray($row); // function 'buildFormVarsArray()' is defined in 'include.inc.php'
  1969. // ignore initials in author names:
  1970. $row[$i] = parsePlaceholderString($formVars, "<:authors[0||]:>", ""); // function 'parsePlaceholderString()' is defined in 'include.inc.php'
  1971. }
  1972. $recordIdentifier .= $row[$i]; // merge all field values to form a unique record identifier string
  1973. }
  1974. // Normalize record identifier string:
  1975. if ($ignoreWhitespace == "1") // ignore whitespace
  1976. $recordIdentifier = preg_replace("/\s+/", "", $recordIdentifier);
  1977. if ($ignorePunctuation == "1") // ignore punctuation
  1978. $recordIdentifier = preg_replace("/[$punct]+/$patternModifiers", "", $recordIdentifier);
  1979. if ($ignoreCharacterCase == "1") // ignore character case
  1980. $recordIdentifier = strtolower($recordIdentifier);
  1981. if ($nonASCIIChars == "strip") // strip non-ASCII characters
  1982. $recordIdentifier = handleNonASCIIAndUnwantedCharacters($recordIdentifier, "\S\s", "strip"); // function 'parsePlaceholderString()' is defined in 'include.inc.php'
  1983. elseif ($nonASCIIChars == "transliterate") // transliterate non-ASCII characters
  1984. $recordIdentifier = handleNonASCIIAndUnwantedCharacters($recordIdentifier, "\S\s", "transliterate");
  1985. // Check whether the record identifier string has occurred already:
  1986. if (isset($recordSerialsArray[$recordIdentifier])) // this record identifier string has already been seen
  1987. $recordSerialsArray[$recordIdentifier][] = $row["serial"]; // add this record's serial number to the array of record serials which share the same record identifier string
  1988. else // new record identifier string
  1989. $recordSerialsArray[$recordIdentifier] = array($row["serial"]); // add a new array element for this record's identifier string (and store its serial number as value within a sub-array)
  1990. }
  1991. // Collect all array elements from '$recordSerialsArray' where their sub-array contains more than one serial number:
  1992. foreach($recordSerialsArray as $recordSerials)
  1993. {
  1994. if (count($recordSerials) > 1)
  1995. foreach($recordSerials as $recordSerial)
  1996. $duplicateRecordSerialsArray[] = $recordSerial; // add this record's serial number to the array of duplicate record serials
  1997. }
  1998. }
  1999. else // nothing found!
  2000. {
  2001. // TODO!
  2002. }
  2003. if (empty($duplicateRecordSerialsArray))
  2004. $duplicateRecordSerialsArray[] = "0"; // if no duplicate records were found, the non-existing serial number '0' will result in a "nothing found" feedback
  2005. // CONSTRUCT SQL QUERY (2. DUPLICATES DISPLAY):
  2006. // To display any duplicates that were found within the results of the original query, we build again a new query based on the original SQL query:
  2007. $query = $sqlQuery;
  2008. // Replace WHERE clause:
  2009. // TODO: maybe make this into a generic function? (compare with function 'extractWHEREclause()' in 'include.inc.php')
  2010. $duplicateRecordSerialsString = implode("|", $duplicateRecordSerialsArray);
  2011. $query = preg_replace("/(?<=WHERE )(.+?)(?= ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|[ ;]+(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|FILE)\b|$)/i", "serial RLIKE \"^(" . $duplicateRecordSerialsString . ")$\"", $query);
  2012. // Replace any existing ORDER BY clause with the list of columns given in '$selectedFieldsArray':
  2013. $query = newORDERclause("ORDER BY " . $selectedFieldsString, $query, false);
  2014. return array($query, $displayType);
  2015. }
  2016. // --------------------------------------------------------------------
  2017. // Build the database query from user input provided by the 'simple_search.php' form:
  2018. // TODO: build the complete SQL query using functions 'buildFROMclause()', 'buildWHEREclause()' and 'buildORDERclause()'
  2019. function extractFormElementsSimple($showLinks, $userID)
  2020. {
  2021. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  2022. // Build SELECT clause:
  2023. if ($_SESSION['userDefaultView'] == "List") // honour the user's selection of fields to be displayed in List View
  2024. {
  2025. // Defines a list of all checkbox names that are available in "Simple Search"
  2026. // and their corresponding column names from MySQL table 'refs':
  2027. $columnsArray = array("showAuthor" => "author",
  2028. "showTitle" => "title",
  2029. "showYear" => "year",
  2030. "showPublication" => "publication",
  2031. "showVolume" => "volume",
  2032. "showPages" => "pages"
  2033. );
  2034. // Add columns given in '$columnsArray' to the list of fields available in the
  2035. // List View SELECT clause if they were marked in the search form interface:
  2036. $selectClauseColumnsArray = addToSelectClause($columnsArray);
  2037. $query = buildSELECTclause($_SESSION['userDefaultView'], $showLinks, "", false, true, implode(", ", $selectClauseColumnsArray));
  2038. }
  2039. else
  2040. $query = buildSELECTclause($_SESSION['userDefaultView'], $showLinks);
  2041. // Build FROM clause:
  2042. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  2043. $query .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . $userID;
  2044. else // NO user logged in
  2045. $query .= " FROM $tableRefs";
  2046. // Build WHERE clause:
  2047. $query .= " WHERE serial RLIKE \".+\""; // add initial WHERE clause
  2048. // ... if the user has specified an author, add the value of '$authorName' as an AND clause:
  2049. $authorName = $_REQUEST['authorName'];
  2050. if ($authorName != "")
  2051. {
  2052. $authorSelector = $_REQUEST['authorSelector'];
  2053. if ($authorSelector == "contains")
  2054. $query .= " AND author RLIKE " . quote_smart($authorName);
  2055. elseif ($authorSelector == "does not contain")
  2056. $query .= " AND author NOT RLIKE " . quote_smart($authorName);
  2057. elseif ($authorSelector == "is equal to")
  2058. $query .= " AND author = " . quote_smart($authorName);
  2059. elseif ($authorSelector == "is not equal to")
  2060. $query .= " AND author != " . quote_smart($authorName);
  2061. elseif ($authorSelector == "starts with")
  2062. $query .= " AND author RLIKE " . quote_smart("^" . $authorName);
  2063. elseif ($authorSelector == "ends with")
  2064. $query .= " AND author RLIKE " . quote_smart($authorName . "$");
  2065. }
  2066. // ... if the user has specified a title, add the value of '$titleName' as an AND clause:
  2067. $titleName = $_REQUEST['titleName'];
  2068. if ($titleName != "")
  2069. {
  2070. $titleSelector = $_REQUEST['titleSelector'];
  2071. if ($titleSelector == "contains")
  2072. $query .= " AND title RLIKE " . quote_smart($titleName);
  2073. elseif ($titleSelector == "does not contain")
  2074. $query .= " AND title NOT RLIKE " . quote_smart($titleName);
  2075. elseif ($titleSelector == "is equal to")
  2076. $query .= " AND title = " . quote_smart($titleName);
  2077. elseif ($titleSelector == "is not equal to")
  2078. $query .= " AND title != " . quote_smart($titleName);
  2079. elseif ($titleSelector == "starts with")
  2080. $query .= " AND title RLIKE " . quote_smart("^" . $titleName);
  2081. elseif ($titleSelector == "ends with")
  2082. $query .= " AND title RLIKE " . quote_smart($titleName . "$");
  2083. }
  2084. // ... if the user has specified a year, add the value of '$yearNo' as an AND clause:
  2085. $yearNo = $_REQUEST['yearNo'];
  2086. if ($yearNo != "")
  2087. {
  2088. $yearSelector = $_REQUEST['yearSelector'];
  2089. if ($yearSelector == "contains")
  2090. $query .= " AND year RLIKE " . quote_smart($yearNo);
  2091. elseif ($yearSelector == "does not contain")
  2092. $query .= " AND year NOT RLIKE " . quote_smart($yearNo);
  2093. elseif ($yearSelector == "is equal to")
  2094. $query .= " AND year = " . quote_smart($yearNo);
  2095. elseif ($yearSelector == "is not equal to")
  2096. $query .= " AND year != " . quote_smart($yearNo);
  2097. elseif ($yearSelector == "starts with")
  2098. $query .= " AND year RLIKE " . quote_smart("^" . $yearNo);
  2099. elseif ($yearSelector == "ends with")
  2100. $query .= " AND year RLIKE " . quote_smart($yearNo . "$");
  2101. elseif ($yearSelector == "is greater than")
  2102. $query .= " AND year > " . quote_smart($yearNo);
  2103. elseif ($yearSelector == "is less than")
  2104. $query .= " AND year < " . quote_smart($yearNo);
  2105. elseif ($yearSelector == "is within range")
  2106. {
  2107. if (preg_match("/\d+/", $yearNo)) // if '$yearNo' does contain at least one number
  2108. {
  2109. // extract first number:
  2110. $yearNoStart = preg_replace("/^\D*(\d+).*/", "\\1", $yearNo);
  2111. $query .= " AND year >= " . quote_smart($yearNoStart);
  2112. if (preg_match("/^\D*\d+\D+\d+/", $yearNo)) // if '$yearNo' does contain at least two numbers (which are separated by one or more non-digit characters)
  2113. {
  2114. // extract the second number:
  2115. $yearNoEnd = preg_replace("/^\D*\d+\D+(\d+).*/", "\\1", $yearNo);
  2116. $query .= " AND year <= " . quote_smart($yearNoEnd);
  2117. }
  2118. }
  2119. else // fallback if no number is given:
  2120. $query .= " AND year RLIKE " . quote_smart($yearNo);
  2121. }
  2122. elseif ($yearSelector == "is within list")
  2123. {
  2124. // replace any non-digit chars with "|":
  2125. $yearNo = preg_replace("/\D+/", "|", $yearNo);
  2126. // strip "|" from beginning/end of string (if any):
  2127. $yearNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $yearNo);
  2128. $query .= " AND year RLIKE " . quote_smart("^(" . $yearNo . ")$");
  2129. }
  2130. }
  2131. // ... if the user has specified a publication, add the value of '$publicationName' as an AND clause:
  2132. $publicationRadio = $_REQUEST['publicationRadio'];
  2133. if ($publicationRadio == "1")
  2134. {
  2135. $publicationName = $_REQUEST['publicationName'];
  2136. if ($publicationName != "All" && $publicationName != "")
  2137. {
  2138. $publicationSelector = $_REQUEST['publicationSelector'];
  2139. if ($publicationSelector == "contains")
  2140. $query .= " AND publication RLIKE " . quote_smart($publicationName);
  2141. elseif ($publicationSelector == "does not contain")
  2142. $query .= " AND publication NOT RLIKE " . quote_smart($publicationName);
  2143. elseif ($publicationSelector == "is equal to")
  2144. $query .= " AND publication = " . quote_smart($publicationName);
  2145. elseif ($publicationSelector == "is not equal to")
  2146. $query .= " AND publication != " . quote_smart($publicationName);
  2147. elseif ($publicationSelector == "starts with")
  2148. $query .= " AND publication RLIKE " . quote_smart("^" . $publicationName);
  2149. elseif ($publicationSelector == "ends with")
  2150. $query .= " AND publication RLIKE " . quote_smart($publicationName . "$");
  2151. }
  2152. }
  2153. elseif ($publicationRadio == "0")
  2154. {
  2155. $publicationName2 = $_REQUEST['publicationName2'];
  2156. if ($publicationName2 != "")
  2157. {
  2158. $publicationSelector2 = $_REQUEST['publicationSelector2'];
  2159. if ($publicationSelector2 == "contains")
  2160. $query .= " AND publication RLIKE " . quote_smart($publicationName2);
  2161. elseif ($publicationSelector2 == "does not contain")
  2162. $query .= " AND publication NOT RLIKE " . quote_smart($publicationName2);
  2163. elseif ($publicationSelector2 == "is equal to")
  2164. $query .= " AND publication = " . quote_smart($publicationName2);
  2165. elseif ($publicationSelector2 == "is not equal to")
  2166. $query .= " AND publication != " . quote_smart($publicationName2);
  2167. elseif ($publicationSelector2 == "starts with")
  2168. $query .= " AND publication RLIKE " . quote_smart("^" . $publicationName2);
  2169. elseif ($publicationSelector2 == "ends with")
  2170. $query .= " AND publication RLIKE " . quote_smart($publicationName2 . "$");
  2171. }
  2172. }
  2173. // ... if the user has specified a volume, add the value of '$volumeNo' as an AND clause:
  2174. $volumeNo = $_REQUEST['volumeNo'];
  2175. if ($volumeNo != "")
  2176. {
  2177. $volumeSelector = $_REQUEST['volumeSelector'];
  2178. if ($volumeSelector == "contains")
  2179. $query .= " AND volume RLIKE " . quote_smart($volumeNo);
  2180. elseif ($volumeSelector == "does not contain")
  2181. $query .= " AND volume NOT RLIKE " . quote_smart($volumeNo);
  2182. elseif ($volumeSelector == "is equal to")
  2183. $query .= " AND volume = " . quote_smart($volumeNo);
  2184. elseif ($volumeSelector == "is not equal to")
  2185. $query .= " AND volume != " . quote_smart($volumeNo);
  2186. elseif ($volumeSelector == "starts with")
  2187. $query .= " AND volume RLIKE " . quote_smart("^" . $volumeNo);
  2188. elseif ($volumeSelector == "ends with")
  2189. $query .= " AND volume RLIKE " . quote_smart($volumeNo . "$");
  2190. elseif ($volumeSelector == "is greater than")
  2191. $query .= " AND volume_numeric > " . quote_smart($volumeNo);
  2192. elseif ($volumeSelector == "is less than")
  2193. $query .= " AND volume_numeric < " . quote_smart($volumeNo);
  2194. elseif ($volumeSelector == "is within range")
  2195. {
  2196. if (preg_match("/\d+/", $volumeNo)) // if '$volumeNo' does contain at least one number
  2197. {
  2198. // extract first number:
  2199. $volumeNoStart = preg_replace("/^\D*(\d+).*/", "\\1", $volumeNo);
  2200. $query .= " AND volume_numeric >= " . quote_smart($volumeNoStart);
  2201. if (preg_match("/^\D*\d+\D+\d+/", $volumeNo)) // if '$volumeNo' does contain at least two numbers (which are separated by one or more non-digit characters)
  2202. {
  2203. // extract the second number:
  2204. $volumeNoEnd = preg_replace("/^\D*\d+\D+(\d+).*/", "\\1", $volumeNo);
  2205. $query .= " AND volume_numeric <= " . quote_smart($volumeNoEnd);
  2206. }
  2207. }
  2208. else // fallback if no number is given:
  2209. $query .= " AND volume RLIKE " . quote_smart($volumeNo);
  2210. }
  2211. elseif ($volumeSelector == "is within list")
  2212. {
  2213. // replace any non-digit chars with "|":
  2214. $volumeNo = preg_replace("/\D+/", "|", $volumeNo);
  2215. // strip "|" from beginning/end of string (if any):
  2216. $volumeNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $volumeNo);
  2217. $query .= " AND volume RLIKE " . quote_smart("^(" . $volumeNo . ")$");
  2218. }
  2219. }
  2220. // ... if the user has specified some pages, add the value of '$pagesNo' as an AND clause:
  2221. $pagesNo = $_REQUEST['pagesNo'];
  2222. if ($pagesNo != "")
  2223. {
  2224. $pagesSelector = $_REQUEST['pagesSelector'];
  2225. if ($pagesSelector == "contains")
  2226. $query .= " AND pages RLIKE " . quote_smart($pagesNo);
  2227. elseif ($pagesSelector == "does not contain")
  2228. $query .= " AND pages NOT RLIKE " . quote_smart($pagesNo);
  2229. elseif ($pagesSelector == "is equal to")
  2230. $query .= " AND pages = " . quote_smart($pagesNo);
  2231. elseif ($pagesSelector == "is not equal to")
  2232. $query .= " AND pages != " . quote_smart($pagesNo);
  2233. elseif ($pagesSelector == "starts with")
  2234. $query .= " AND pages RLIKE " . quote_smart("^" . $pagesNo);
  2235. elseif ($pagesSelector == "ends with")
  2236. $query .= " AND pages RLIKE " . quote_smart($pagesNo . "$");
  2237. }
  2238. // Construct the ORDER BY clause:
  2239. // TODO?: quote_smart (haven't yey tested)
  2240. // A) extract first level sort option:
  2241. $sortSelector1 = $_REQUEST['sortSelector1'];
  2242. // when field name = 'pages' then sort by 'first_page' instead:
  2243. $sortSelector1 = str_replace("pages", "first_page", $sortSelector1);
  2244. $sortRadio1 = $_REQUEST['sortRadio1'];
  2245. if ($sortRadio1 == "0") // sort ascending
  2246. $query .= " ORDER BY $sortSelector1";
  2247. else // sort descending
  2248. $query .= " ORDER BY $sortSelector1 DESC";
  2249. // B) extract second level sort option:
  2250. $sortSelector2 = $_REQUEST['sortSelector2'];
  2251. // when field name = 'pages' then sort by 'first_page' instead:
  2252. $sortSelector2 = str_replace("pages", "first_page", $sortSelector2);
  2253. $sortRadio2 = $_REQUEST['sortRadio2'];
  2254. if ($sortRadio2 == "0") // sort ascending
  2255. $query .= ", $sortSelector2";
  2256. else // sort descending
  2257. $query .= ", $sortSelector2 DESC";
  2258. // C) extract third level sort option:
  2259. $sortSelector3 = $_REQUEST['sortSelector3'];
  2260. // when field name = 'pages' then sort by 'first_page' instead:
  2261. $sortSelector3 = str_replace("pages", "first_page", $sortSelector3);
  2262. $sortRadio3 = $_REQUEST['sortRadio3'];
  2263. if ($sortRadio3 == "0") // sort ascending
  2264. $query .= ", $sortSelector3";
  2265. else // sort descending
  2266. $query .= ", $sortSelector3 DESC";
  2267. return $query;
  2268. }
  2269. // --------------------------------------------------------------------
  2270. // Build the database query from user input provided by the 'library_search.php' form:
  2271. // TODO: build the complete SQL query using functions 'buildFROMclause()', 'buildWHEREclause()' and 'buildORDERclause()'
  2272. function extractFormElementsLibrary($showLinks, $userID)
  2273. {
  2274. global $librarySearchPattern; // defined in 'ini.inc.php'
  2275. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  2276. // Build SELECT clause:
  2277. if ($_SESSION['userDefaultView'] == "List") // honour the user's selection of fields to be displayed in List View
  2278. {
  2279. // Defines a list of all checkbox names that are available in "Library Search"
  2280. // and their corresponding column names from MySQL table 'refs':
  2281. $columnsArray = array("showAuthor" => "author",
  2282. "showTitle" => "title",
  2283. "showYear" => "year",
  2284. "showEditor" => "editor",
  2285. "showSeriesTitle" => "series_title",
  2286. "showVolume" => "series_volume",
  2287. "showPages" => "pages",
  2288. "showPublisher" => "publisher",
  2289. "showPlace" => "place",
  2290. "showCallNumber" => "call_number",
  2291. "showKeywords" => "keywords",
  2292. "showNotes" => "notes"
  2293. );
  2294. // Add columns given in '$columnsArray' to the list of fields available in the
  2295. // List View SELECT clause if they were marked in the search form interface:
  2296. $selectClauseColumnsArray = addToSelectClause($columnsArray);
  2297. $query = buildSELECTclause($_SESSION['userDefaultView'], $showLinks, "", false, true, implode(", ", $selectClauseColumnsArray));
  2298. }
  2299. else
  2300. $query = buildSELECTclause($_SESSION['userDefaultView'], $showLinks);
  2301. // Build FROM clause:
  2302. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  2303. $query .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . $userID;
  2304. else // NO user logged in
  2305. $query .= " FROM $tableRefs";
  2306. // Build WHERE clause:
  2307. // Note: we'll restrict the query to records where the pattern given in array element '$librarySearchPattern[1]' (defined in 'ini.inc.php')
  2308. // matches the contents of the field given in array element '$librarySearchPattern[0]'
  2309. $query .= " WHERE serial RLIKE \".+\" AND " . $librarySearchPattern[0] . " RLIKE " . quote_smart($librarySearchPattern[1]); // add initial WHERE clause
  2310. // ... if the user has specified an author, add the value of '$authorName' as an AND clause:
  2311. $authorName = $_REQUEST['authorName'];
  2312. if ($authorName != "")
  2313. {
  2314. $authorSelector = $_REQUEST['authorSelector'];
  2315. if ($authorSelector == "contains")
  2316. $query .= " AND author RLIKE " . quote_smart($authorName);
  2317. elseif ($authorSelector == "does not contain")
  2318. $query .= " AND author NOT RLIKE " . quote_smart($authorName);
  2319. elseif ($authorSelector == "is equal to")
  2320. $query .= " AND author = " . quote_smart($authorName);
  2321. elseif ($authorSelector == "is not equal to")
  2322. $query .= " AND author != " . quote_smart($authorName);
  2323. elseif ($authorSelector == "starts with")
  2324. $query .= " AND author RLIKE " . quote_smart("^" . $authorName);
  2325. elseif ($authorSelector == "ends with")
  2326. $query .= " AND author RLIKE " . quote_smart($authorName . "$");
  2327. }
  2328. // ... if the user has specified a title, add the value of '$titleName' as an AND clause:
  2329. $titleName = $_REQUEST['titleName'];
  2330. if ($titleName != "")
  2331. {
  2332. $titleSelector = $_REQUEST['titleSelector'];
  2333. if ($titleSelector == "contains")
  2334. $query .= " AND title RLIKE " . quote_smart($titleName);
  2335. elseif ($titleSelector == "does not contain")
  2336. $query .= " AND title NOT RLIKE " . quote_smart($titleName);
  2337. elseif ($titleSelector == "is equal to")
  2338. $query .= " AND title = " . quote_smart($titleName);
  2339. elseif ($titleSelector == "is not equal to")
  2340. $query .= " AND title != " . quote_smart($titleName);
  2341. elseif ($titleSelector == "starts with")
  2342. $query .= " AND title RLIKE " . quote_smart("^" . $titleName);
  2343. elseif ($titleSelector == "ends with")
  2344. $query .= " AND title RLIKE " . quote_smart($titleName . "$");
  2345. }
  2346. // ... if the user has specified a year, add the value of '$yearNo' as an AND clause:
  2347. $yearNo = $_REQUEST['yearNo'];
  2348. if ($yearNo != "")
  2349. {
  2350. $yearSelector = $_REQUEST['yearSelector'];
  2351. if ($yearSelector == "contains")
  2352. $query .= " AND year RLIKE " . quote_smart($yearNo);
  2353. elseif ($yearSelector == "does not contain")
  2354. $query .= " AND year NOT RLIKE " . quote_smart($yearNo);
  2355. elseif ($yearSelector == "is equal to")
  2356. $query .= " AND year = " . quote_smart($yearNo);
  2357. elseif ($yearSelector == "is not equal to")
  2358. $query .= " AND year != " . quote_smart($yearNo);
  2359. elseif ($yearSelector == "starts with")
  2360. $query .= " AND year RLIKE " .quote_smart("^" . $yearNo);
  2361. elseif ($yearSelector == "ends with")
  2362. $query .= " AND year RLIKE " . quote_smart($yearNo . "$");
  2363. elseif ($yearSelector == "is greater than")
  2364. $query .= " AND year > " . quote_smart($yearNo);
  2365. elseif ($yearSelector == "is less than")
  2366. $query .= " AND year < " . quote_smart($yearNo);
  2367. elseif ($yearSelector == "is within range")
  2368. {
  2369. if (preg_match("/\d+/", $yearNo)) // if '$yearNo' does contain at least one number
  2370. {
  2371. // extract first number:
  2372. $yearNoStart = preg_replace("/^\D*(\d+).*/", "\\1", $yearNo);
  2373. $query .= " AND year >= " . quote_smart($yearNoStart);
  2374. if (preg_match("/^\D*\d+\D+\d+/", $yearNo)) // if '$yearNo' does contain at least two numbers (which are separated by one or more non-digit characters)
  2375. {
  2376. // extract the second number:
  2377. $yearNoEnd = preg_replace("/^\D*\d+\D+(\d+).*/", "\\1", $yearNo);
  2378. $query .= " AND year <= " . quote_smart($yearNoEnd);
  2379. }
  2380. }
  2381. else // fallback if no number is given:
  2382. $query .= " AND year RLIKE " . quote_smart($yearNo);
  2383. }
  2384. elseif ($yearSelector == "is within list")
  2385. {
  2386. // replace any non-digit chars with "|":
  2387. $yearNo = preg_replace("/\D+/", "|", $yearNo);
  2388. // strip "|" from beginning/end of string (if any):
  2389. $yearNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $yearNo);
  2390. $query .= " AND year RLIKE " . quote_smart("^(" . $yearNo . ")$");
  2391. }
  2392. }
  2393. // ... if the user has specified an editor, add the value of '$editorName' as an AND clause:
  2394. $editorName = $_REQUEST['editorName'];
  2395. if ($editorName != "")
  2396. {
  2397. $editorSelector = $_REQUEST['editorSelector'];
  2398. if ($editorSelector == "contains")
  2399. $query .= " AND editor RLIKE " . quote_smart($editorName);
  2400. elseif ($editorSelector == "does not contain")
  2401. $query .= " AND editor NOT RLIKE " . quote_smart($editorName);
  2402. elseif ($editorSelector == "is equal to")
  2403. $query .= " AND editor = " . quote_smart($editorName);
  2404. elseif ($editorSelector == "is not equal to")
  2405. $query .= " AND editor != " . quote_smart($editorName);
  2406. elseif ($editorSelector == "starts with")
  2407. $query .= " AND editor RLIKE " . quote_smart("^" . $editorName);
  2408. elseif ($editorSelector == "ends with")
  2409. $query .= " AND editor RLIKE " . quote_smart($editorName . "$");
  2410. }
  2411. // ... if the user has specified a series title, add the value of '$seriesTitleName' as an AND clause:
  2412. $seriesTitleRadio = $_REQUEST['seriesTitleRadio'];
  2413. if ($seriesTitleRadio == "1")
  2414. {
  2415. $seriesTitleName = $_REQUEST['seriesTitleName'];
  2416. if ($seriesTitleName != "All" && $seriesTitleName != "")
  2417. {
  2418. $seriesTitleSelector = $_REQUEST['seriesTitleSelector'];
  2419. if ($seriesTitleSelector == "contains")
  2420. $query .= " AND series_title RLIKE " . quote_smart($seriesTitleName);
  2421. elseif ($seriesTitleSelector == "does not contain")
  2422. $query .= " AND series_title NOT RLIKE " . quote_smart($seriesTitleName);
  2423. elseif ($seriesTitleSelector == "is equal to")
  2424. $query .= " AND series_title = " . quote_smart($seriesTitleName);
  2425. elseif ($seriesTitleSelector == "is not equal to")
  2426. $query .= " AND series_title != " . quote_smart($seriesTitleName);
  2427. elseif ($seriesTitleSelector == "starts with")
  2428. $query .= " AND series_title RLIKE " . quote_smart("^" . $seriesTitleName);
  2429. elseif ($seriesTitleSelector == "ends with")
  2430. $query .= " AND series_title RLIKE " . quote_smart($seriesTitleName . "$");
  2431. }
  2432. }
  2433. elseif ($seriesTitleRadio == "0")
  2434. {
  2435. $seriesTitleName2 = $_REQUEST['seriesTitleName2'];
  2436. if ($seriesTitleName2 != "")
  2437. {
  2438. $seriesTitleSelector2 = $_REQUEST['seriesTitleSelector2'];
  2439. if ($seriesTitleSelector2 == "contains")
  2440. $query .= " AND series_title RLIKE " . quote_smart($seriesTitleName2);
  2441. elseif ($seriesTitleSelector2 == "does not contain")
  2442. $query .= " AND series_title NOT RLIKE " . quote_smart($seriesTitleName2);
  2443. elseif ($seriesTitleSelector2 == "is equal to")
  2444. $query .= " AND series_title = " . quote_smart($seriesTitleName2);
  2445. elseif ($seriesTitleSelector2 == "is not equal to")
  2446. $query .= " AND series_title != " . quote_smart($seriesTitleName2);
  2447. elseif ($seriesTitleSelector2 == "starts with")
  2448. $query .= " AND series_title RLIKE " . quote_smart("^" .$seriesTitleName2);
  2449. elseif ($seriesTitleSelector2 == "ends with")
  2450. $query .= " AND series_title RLIKE " . quote_smart($seriesTitleName2 . "$");
  2451. }
  2452. }
  2453. // ... if the user has specified a series volume, add the value of '$volumeNo' as an AND clause:
  2454. $volumeNo = $_REQUEST['volumeNo'];
  2455. if ($volumeNo != "")
  2456. {
  2457. $volumeSelector = $_REQUEST['volumeSelector'];
  2458. if ($volumeSelector == "contains")
  2459. $query .= " AND series_volume RLIKE " . quote_smart($volumeNo);
  2460. elseif ($volumeSelector == "does not contain")
  2461. $query .= " AND series_volume NOT RLIKE " . quote_smart($volumeNo);
  2462. elseif ($volumeSelector == "is equal to")
  2463. $query .= " AND series_volume = " . quote_smart($volumeNo);
  2464. elseif ($volumeSelector == "is not equal to")
  2465. $query .= " AND series_volume != " . quote_smart($volumeNo);
  2466. elseif ($volumeSelector == "starts with")
  2467. $query .= " AND series_volume RLIKE " . quote_smart("^" . $volumeNo);
  2468. elseif ($volumeSelector == "ends with")
  2469. $query .= " AND series_volume RLIKE " . quote_smart($volumeNo . "$");
  2470. elseif ($volumeSelector == "is greater than")
  2471. $query .= " AND series_volume_numeric > " . quote_smart($volumeNo);
  2472. elseif ($volumeSelector == "is less than")
  2473. $query .= " AND series_volume_numeric < " . quote_smart($volumeNo);
  2474. elseif ($volumeSelector == "is within range")
  2475. {
  2476. if (preg_match("/\d+/", $volumeNo)) // if '$volumeNo' does contain at least one number
  2477. {
  2478. // extract first number:
  2479. $volumeNoStart = preg_replace("/^\D*(\d+).*/", "\\1", $volumeNo);
  2480. $query .= " AND series_volume_numeric >= " . quote_smart($volumeNoStart);
  2481. if (preg_match("/^\D*\d+\D+\d+/", $volumeNo)) // if '$volumeNo' does contain at least two numbers (which are separated by one or more non-digit characters)
  2482. {
  2483. // extract the second number:
  2484. $volumeNoEnd = preg_replace("/^\D*\d+\D+(\d+).*/", "\\1", $volumeNo);
  2485. $query .= " AND series_volume_numeric <= " . quote_smart($volumeNoEnd);
  2486. }
  2487. }
  2488. else // fallback if no number is given:
  2489. $query .= " AND series_volume RLIKE " . quote_smart($volumeNo);
  2490. }
  2491. elseif ($volumeSelector == "is within list")
  2492. {
  2493. // replace any non-digit chars with "|":
  2494. $volumeNo = preg_replace("/\D+/", "|", $volumeNo);
  2495. // strip "|" from beginning/end of string (if any):
  2496. $volumeNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $volumeNo);
  2497. $query .= " AND series_volume RLIKE " . quote_smart("^(" . $volumeNo . ")$");
  2498. }
  2499. }
  2500. // ... if the user has specified some pages, add the value of '$pagesNo' as an AND clause:
  2501. $pagesNo = $_REQUEST['pagesNo'];
  2502. if ($pagesNo != "")
  2503. {
  2504. $pagesSelector = $_REQUEST['pagesSelector'];
  2505. if ($pagesSelector == "contains")
  2506. $query .= " AND pages RLIKE " . quote_smart($pagesNo);
  2507. elseif ($pagesSelector == "does not contain")
  2508. $query .= " AND pages NOT RLIKE " . quote_smart($pagesNo);
  2509. elseif ($pagesSelector == "is equal to")
  2510. $query .= " AND pages = " . quote_smart($pagesNo);
  2511. elseif ($pagesSelector == "is not equal to")
  2512. $query .= " AND pages != " . quote_smart($pagesNo);
  2513. elseif ($pagesSelector == "starts with")
  2514. $query .= " AND pages RLIKE " . quote_smart("^" . $pagesNo);
  2515. elseif ($pagesSelector == "ends with")
  2516. $query .= " AND pages RLIKE " . quote_smart($pagesNo . "$");
  2517. }
  2518. // ... if the user has specified a publisher, add the value of '$publisherName' as an AND clause:
  2519. $publisherName = $_REQUEST['publisherName'];
  2520. if ($publisherName != "")
  2521. {
  2522. $publisherSelector = $_REQUEST['publisherSelector'];
  2523. if ($publisherSelector == "contains")
  2524. $query .= " AND publisher RLIKE " . quote_smart($publisherName);
  2525. elseif ($publisherSelector == "does not contain")
  2526. $query .= " AND publisher NOT RLIKE " . quote_smart($publisherName);
  2527. elseif ($publisherSelector == "is equal to")
  2528. $query .= " AND publisher = " . quote_smart($publisherName);
  2529. elseif ($publisherSelector == "is not equal to")
  2530. $query .= " AND publisher != " . quote_smart($publisherName);
  2531. elseif ($publisherSelector == "starts with")
  2532. $query .= " AND publisher RLIKE " . quote_smart("^" . $publisherName);
  2533. elseif ($publisherSelector == "ends with")
  2534. $query .= " AND publisher RLIKE " . quote_smart($publisherName . "$");
  2535. }
  2536. // ... if the user has specified a place, add the value of '$placeName' as an AND clause:
  2537. $placeName = $_REQUEST['placeName'];
  2538. if ($placeName != "")
  2539. {
  2540. $placeSelector = $_REQUEST['placeSelector'];
  2541. if ($placeSelector == "contains")
  2542. $query .= " AND place RLIKE " . quote_smart($placeName);
  2543. elseif ($placeSelector == "does not contain")
  2544. $query .= " AND place NOT RLIKE " . quote_smart($placeName);
  2545. elseif ($placeSelector == "is equal to")
  2546. $query .= " AND place = " . quote_smart($placeName);
  2547. elseif ($placeSelector == "is not equal to")
  2548. $query .= " AND place != " . quote_smart($placeName);
  2549. elseif ($placeSelector == "starts with")
  2550. $query .= " AND place RLIKE " . quote_smart("^" . $placeName);
  2551. elseif ($placeSelector == "ends with")
  2552. $query .= " AND place RLIKE " . quote_smart($placeName . "$");
  2553. }
  2554. // ... if the user has specified a call number, add the value of '$callNumberName' as an AND clause:
  2555. $callNumberName = $_REQUEST['callNumberName'];
  2556. if ($callNumberName != "")
  2557. {
  2558. $callNumberSelector = $_REQUEST['callNumberSelector'];
  2559. if ($callNumberSelector == "contains")
  2560. $query .= " AND call_number RLIKE " . quote_smart($callNumberName);
  2561. elseif ($callNumberSelector == "does not contain")
  2562. $query .= " AND call_number NOT RLIKE " . quote_smart($callNumberName);
  2563. elseif ($callNumberSelector == "is equal to")
  2564. $query .= " AND call_number = " . quote_smart($callNumberName);
  2565. elseif ($callNumberSelector == "is not equal to")
  2566. $query .= " AND call_number != " . quote_smart($callNumberName);
  2567. elseif ($callNumberSelector == "starts with")
  2568. $query .= " AND call_number RLIKE " . quote_smart("^" . $callNumberName);
  2569. elseif ($callNumberSelector == "ends with")
  2570. $query .= " AND call_number RLIKE " . quote_smart($callNumberName . "$");
  2571. }
  2572. // ... if the user has specified some keywords, add the value of '$keywordsName' as an AND clause:
  2573. $keywordsName = $_REQUEST['keywordsName'];
  2574. if ($keywordsName != "")
  2575. {
  2576. $keywordsSelector = $_REQUEST['keywordsSelector'];
  2577. if ($keywordsSelector == "contains")
  2578. $query .= " AND keywords RLIKE " . quote_smart($keywordsName);
  2579. elseif ($keywordsSelector == "does not contain")
  2580. $query .= " AND keywords NOT RLIKE " . quote_smart($keywordsName);
  2581. elseif ($keywordsSelector == "is equal to")
  2582. $query .= " AND keywords = " . quote_smart($keywordsName);
  2583. elseif ($keywordsSelector == "is not equal to")
  2584. $query .= " AND keywords != " . quote_smart($keywordsName);
  2585. elseif ($keywordsSelector == "starts with")
  2586. $query .= " AND keywords RLIKE " . quote_smart("^" . $keywordsName);
  2587. elseif ($keywordsSelector == "ends with")
  2588. $query .= " AND keywords RLIKE " . quote_smart($keywordsName . "$");
  2589. }
  2590. // ... if the user has specified some notes, add the value of '$notesName' as an AND clause:
  2591. $notesName = $_REQUEST['notesName'];
  2592. if ($notesName != "")
  2593. {
  2594. $notesSelector = $_REQUEST['notesSelector'];
  2595. if ($notesSelector == "contains")
  2596. $query .= " AND notes RLIKE " . quote_smart($notesName);
  2597. elseif ($notesSelector == "does not contain")
  2598. $query .= " AND notes NOT RLIKE " . quote_smart($notesName);
  2599. elseif ($notesSelector == "is equal to")
  2600. $query .= " AND notes = " . quote_smart($notesName);
  2601. elseif ($notesSelector == "is not equal to")
  2602. $query .= " AND notes != " . quote_smart($notesName);
  2603. elseif ($notesSelector == "starts with")
  2604. $query .= " AND notes RLIKE " . quote_smart("^" . $notesName);
  2605. elseif ($notesSelector == "ends with")
  2606. $query .= " AND notes RLIKE " . quote_smart($notesName . "$");
  2607. }
  2608. // Construct the ORDER BY clause:
  2609. // A) extract first level sort option:
  2610. $sortSelector1 = $_REQUEST['sortSelector1'];
  2611. // when field name = 'pages' then sort by 'first_page' instead:
  2612. $sortSelector1 = str_replace("pages", "first_page", $sortSelector1);
  2613. $sortRadio1 = $_REQUEST['sortRadio1'];
  2614. if ($sortRadio1 == "0") // sort ascending
  2615. $query .= " ORDER BY $sortSelector1";
  2616. else // sort descending
  2617. $query .= " ORDER BY $sortSelector1 DESC";
  2618. // B) extract second level sort option:
  2619. $sortSelector2 = $_REQUEST['sortSelector2'];
  2620. // when field name = 'pages' then sort by 'first_page' instead:
  2621. $sortSelector2 = str_replace("pages", "first_page", $sortSelector2);
  2622. $sortRadio2 = $_REQUEST['sortRadio2'];
  2623. if ($sortRadio2 == "0") // sort ascending
  2624. $query .= ", $sortSelector2";
  2625. else // sort descending
  2626. $query .= ", $sortSelector2 DESC";
  2627. // C) extract third level sort option:
  2628. $sortSelector3 = $_REQUEST['sortSelector3'];
  2629. // when field name = 'pages' then sort by 'first_page' instead:
  2630. $sortSelector3 = str_replace("pages", "first_page", $sortSelector3);
  2631. $sortRadio3 = $_REQUEST['sortRadio3'];
  2632. if ($sortRadio3 == "0") // sort ascending
  2633. $query .= ", $sortSelector3";
  2634. else // sort descending
  2635. $query .= ", $sortSelector3 DESC";
  2636. return $query;
  2637. }
  2638. // --------------------------------------------------------------------
  2639. // Build the database query from user input provided by the 'advanced_search.php' form:
  2640. // TODO: build the complete SQL query using functions 'buildFROMclause()', 'buildWHEREclause()' and 'buildORDERclause()'
  2641. function extractFormElementsAdvanced($showLinks, $loginEmail, $userID)
  2642. {
  2643. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  2644. // Build SELECT clause:
  2645. if ($_SESSION['userDefaultView'] == "List") // honour the user's selection of fields to be displayed in List View
  2646. {
  2647. // Defines a list of all checkbox names that are available in "Advanced Search"
  2648. // and their corresponding column names from MySQL tables 'refs' & 'user_data':
  2649. $columnsArray = array("showAuthor" => "author",
  2650. "showAddress" => "address",
  2651. "showCorporateAuthor" => "corporate_author",
  2652. "showThesis" => "thesis",
  2653. "showTitle" => "title",
  2654. "showOrigTitle" => "orig_title",
  2655. "showYear" => "year",
  2656. "showPublication" => "publication",
  2657. "showAbbrevJournal" => "abbrev_journal",
  2658. "showEditor" => "editor",
  2659. "showVolume" => "volume",
  2660. "showIssue" => "issue",
  2661. "showPages" => "pages",
  2662. "showSeriesTitle" => "series_title",
  2663. "showAbbrevSeriesTitle" => "abbrev_series_title",
  2664. "showSeriesEditor" => "series_editor",
  2665. "showSeriesVolume" => "series_volume",
  2666. "showSeriesIssue" => "series_issue",
  2667. "showPublisher" => "publisher",
  2668. "showPlace" => "place",
  2669. "showEdition" => "edition",
  2670. "showMedium" => "medium",
  2671. "showISSN" => "issn",
  2672. "showISBN" => "isbn",
  2673. "showLanguage" => "language",
  2674. "showSummaryLanguage" => "summary_language",
  2675. "showKeywords" => "keywords",
  2676. "showAbstract" => "abstract",
  2677. "showArea" => "area",
  2678. "showExpedition" => "expedition",
  2679. "showConference" => "conference",
  2680. "showDOI" => "doi",
  2681. "showURL" => "url",
  2682. "showLocation" => "location",
  2683. "showCallNumber" => "call_number",
  2684. "showFile" => "file",
  2685. "showCopy" => "copy",
  2686. "showNotes" => "notes",
  2687. "showUserKeys" => "user_keys",
  2688. "showUserNotes" => "user_notes",
  2689. "showUserFile" => "user_file",
  2690. "showUserGroups" => "user_groups",
  2691. "showCiteKey" => "cite_key",
  2692. "showSerial" => "serial",
  2693. "showType" => "type",
  2694. "showMarked" => "marked",
  2695. "showSelected" => "selected",
  2696. "showApproved" => "approved",
  2697. "showCreatedDate" => "created_date",
  2698. "showCreatedTime" => "created_time",
  2699. "showCreatedBy" => "created_by",
  2700. "showModifiedDate" => "modified_date",
  2701. "showModifiedTime" => "modified_time",
  2702. "showModifiedBy" => "modified_by"
  2703. );
  2704. // Add columns given in '$columnsArray' to the list of fields available in the
  2705. // List View SELECT clause if they were marked in the search form interface:
  2706. $selectClauseColumnsArray = addToSelectClause($columnsArray);
  2707. $query = buildSELECTclause($_SESSION['userDefaultView'], $showLinks, "", false, true, implode(", ", $selectClauseColumnsArray));
  2708. }
  2709. else
  2710. $query = buildSELECTclause($_SESSION['userDefaultView'], $showLinks);
  2711. // Build FROM clause:
  2712. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  2713. $query .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . $userID;
  2714. else // NO user logged in
  2715. $query .= " FROM $tableRefs";
  2716. // Build WHERE clause:
  2717. $query .= " WHERE serial RLIKE \".+\""; // add initial WHERE clause
  2718. // ... if the user has specified an author, add the value of '$authorName' as an AND clause:
  2719. $authorName = $_REQUEST['authorName'];
  2720. if ($authorName != "")
  2721. {
  2722. $authorSelector = $_REQUEST['authorSelector'];
  2723. if ($authorSelector == "contains")
  2724. $query .= " AND author RLIKE " . quote_smart($authorName);
  2725. elseif ($authorSelector == "does not contain")
  2726. $query .= " AND author NOT RLIKE " . quote_smart($authorName);
  2727. elseif ($authorSelector == "is equal to")
  2728. $query .= " AND author = " . quote_smart($authorName);
  2729. elseif ($authorSelector == "is not equal to")
  2730. $query .= " AND author != " . quote_smart($authorName);
  2731. elseif ($authorSelector == "starts with")
  2732. $query .= " AND author RLIKE " . quote_smart("^" . $authorName);
  2733. elseif ($authorSelector == "ends with")
  2734. $query .= " AND author RLIKE " . quote_smart($authorName . "$");
  2735. }
  2736. // ... if the user has specified an address, add the value of '$addressName' as an AND clause:
  2737. $addressName = $_REQUEST['addressName'];
  2738. if ($addressName != "")
  2739. {
  2740. $addressSelector = $_REQUEST['addressSelector'];
  2741. if ($addressSelector == "contains")
  2742. $query .= " AND address RLIKE " . quote_smart($addressName);
  2743. elseif ($addressSelector == "does not contain")
  2744. $query .= " AND address NOT RLIKE " . quote_smart($addressName);
  2745. elseif ($addressSelector == "is equal to")
  2746. $query .= " AND address = " . quote_smart($addressName);
  2747. elseif ($addressSelector == "is not equal to")
  2748. $query .= " AND address != " . quote_smart($addressName);
  2749. elseif ($addressSelector == "starts with")
  2750. $query .= " AND address RLIKE " . quote_smart("^" . $addressName);
  2751. elseif ($addressSelector == "ends with")
  2752. $query .= " AND address RLIKE " . quote_smart($addressName . "$");
  2753. }
  2754. // ... if the user has specified a corporate author, add the value of '$corporateAuthorName' as an AND clause:
  2755. $corporateAuthorName = $_REQUEST['corporateAuthorName'];
  2756. if ($corporateAuthorName != "")
  2757. {
  2758. $corporateAuthorSelector = $_REQUEST['corporateAuthorSelector'];
  2759. if ($corporateAuthorSelector == "contains")
  2760. $query .= " AND corporate_author RLIKE " . quote_smart($corporateAuthorName);
  2761. elseif ($corporateAuthorSelector == "does not contain")
  2762. $query .= " AND corporate_author NOT RLIKE " . quote_smart($corporateAuthorName);
  2763. elseif ($corporateAuthorSelector == "is equal to")
  2764. $query .= " AND corporate_author = " . quote_smart($corporateAuthorName);
  2765. elseif ($corporateAuthorSelector == "is not equal to")
  2766. $query .= " AND corporate_author != " . quote_smart($corporateAuthorName);
  2767. elseif ($corporateAuthorSelector == "starts with")
  2768. $query .= " AND corporate_author RLIKE " . quote_smart("^" . $corporateAuthorName);
  2769. elseif ($corporateAuthorSelector == "ends with")
  2770. $query .= " AND corporate_author RLIKE " . quote_smart($corporateAuthorName . "$");
  2771. }
  2772. // ... if the user has specified a thesis, add the value of '$thesisName' as an AND clause:
  2773. $thesisRadio = $_REQUEST['thesisRadio'];
  2774. if ($thesisRadio == "1")
  2775. {
  2776. $thesisName = $_REQUEST['thesisName'];
  2777. if ($thesisName != "All" && $thesisName != "")
  2778. {
  2779. $thesisSelector = $_REQUEST['thesisSelector'];
  2780. if ($thesisSelector == "contains")
  2781. $query .= " AND thesis RLIKE " . quote_smart($thesisName);
  2782. elseif ($thesisSelector == "does not contain")
  2783. $query .= " AND thesis NOT RLIKE " . quote_smart($thesisName);
  2784. elseif ($thesisSelector == "is equal to")
  2785. $query .= " AND thesis = " . quote_smart($thesisName);
  2786. elseif ($thesisSelector == "is not equal to")
  2787. $query .= " AND thesis != " . quote_smart($thesisName);
  2788. elseif ($thesisSelector == "starts with")
  2789. $query .= " AND thesis RLIKE " . quote_smart("^" . $thesisName);
  2790. elseif ($thesisSelector == "ends with")
  2791. $query .= " AND thesis RLIKE " . quote_smart($thesisName . "$");
  2792. }
  2793. }
  2794. elseif ($thesisRadio == "0")
  2795. {
  2796. $thesisName2 = $_REQUEST['thesisName2'];
  2797. if ($thesisName2 != "")
  2798. {
  2799. $thesisSelector2 = $_REQUEST['thesisSelector2'];
  2800. if ($thesisSelector2 == "contains")
  2801. $query .= " AND thesis RLIKE " . quote_smart($thesisName2);
  2802. elseif ($thesisSelector2 == "does not contain")
  2803. $query .= " AND thesis NOT RLIKE " . quote_smart($thesisName2);
  2804. elseif ($thesisSelector2 == "is equal to")
  2805. $query .= " AND thesis = " . quote_smart($thesisName2);
  2806. elseif ($thesisSelector2 == "is not equal to")
  2807. $query .= " AND thesis != " . quote_smart($thesisName2);
  2808. elseif ($thesisSelector2 == "starts with")
  2809. $query .= " AND thesis RLIKE " . quote_smart("^" . $thesisName2);
  2810. elseif ($thesisSelector2 == "ends with")
  2811. $query .= " AND thesis RLIKE " . quote_smart($thesisName2 . "$");
  2812. }
  2813. }
  2814. // ... if the user has specified a title, add the value of '$titleName' as an AND clause:
  2815. $titleName = $_REQUEST['titleName'];
  2816. if ($titleName != "")
  2817. {
  2818. $titleSelector = $_REQUEST['titleSelector'];
  2819. if ($titleSelector == "contains")
  2820. $query .= " AND title RLIKE " . quote_smart($titleName);
  2821. elseif ($titleSelector == "does not contain")
  2822. $query .= " AND title NOT RLIKE " . quote_smart($titleName);
  2823. elseif ($titleSelector == "is equal to")
  2824. $query .= " AND title = " . quote_smart($titleName);
  2825. elseif ($titleSelector == "is not equal to")
  2826. $query .= " AND title != " . quote_smart($titleName);
  2827. elseif ($titleSelector == "starts with")
  2828. $query .= " AND title RLIKE " . quote_smart("^" . $titleName);
  2829. elseif ($titleSelector == "ends with")
  2830. $query .= " AND title RLIKE " . quote_smart($titleName . "$");
  2831. }
  2832. // ... if the user has specified an original title, add the value of '$origTitleName' as an AND clause:
  2833. $origTitleName = $_REQUEST['origTitleName'];
  2834. if ($origTitleName != "")
  2835. {
  2836. $origTitleSelector = $_REQUEST['origTitleSelector'];
  2837. if ($origTitleSelector == "contains")
  2838. $query .= " AND orig_title RLIKE " . quote_smart($origTitleName);
  2839. elseif ($origTitleSelector == "does not contain")
  2840. $query .= " AND orig_title NOT RLIKE " . quote_smart($origTitleName);
  2841. elseif ($origTitleSelector == "is equal to")
  2842. $query .= " AND orig_title = " . quote_smart($origTitleName);
  2843. elseif ($origTitleSelector == "is not equal to")
  2844. $query .= " AND orig_title != " . quote_smart($origTitleName);
  2845. elseif ($origTitleSelector == "starts with")
  2846. $query .= " AND orig_title RLIKE " . quote_smart("^" . $origTitleName);
  2847. elseif ($origTitleSelector == "ends with")
  2848. $query .= " AND orig_title RLIKE " . quote_smart($origTitleName . "$");
  2849. }
  2850. // ... if the user has specified a year, add the value of '$yearNo' as an AND clause:
  2851. $yearNo = $_REQUEST['yearNo'];
  2852. if ($yearNo != "")
  2853. {
  2854. $yearSelector = $_REQUEST['yearSelector'];
  2855. if ($yearSelector == "contains")
  2856. $query .= " AND year RLIKE " . quote_smart($yearNo);
  2857. elseif ($yearSelector == "does not contain")
  2858. $query .= " AND year NOT RLIKE " . quote_smart($yearNo);
  2859. elseif ($yearSelector == "is equal to")
  2860. $query .= " AND year = " . quote_smart($yearNo);
  2861. elseif ($yearSelector == "is not equal to")
  2862. $query .= " AND year != " . quote_smart($yearNo);
  2863. elseif ($yearSelector == "starts with")
  2864. $query .= " AND year RLIKE " . quote_smart("^" . $yearNo);
  2865. elseif ($yearSelector == "ends with")
  2866. $query .= " AND year RLIKE " . quote_smart($yearNo . "$");
  2867. elseif ($yearSelector == "is greater than")
  2868. $query .= " AND year > " . quote_smart($yearNo);
  2869. elseif ($yearSelector == "is less than")
  2870. $query .= " AND year < " . quote_smart($yearNo);
  2871. elseif ($yearSelector == "is within range")
  2872. {
  2873. if (preg_match("/\d+/", $yearNo)) // if '$yearNo' does contain at least one number
  2874. {
  2875. // extract first number:
  2876. $yearNoStart = preg_replace("/^\D*(\d+).*/", "\\1", $yearNo);
  2877. $query .= " AND year >= " . quote_smart($yearNoStart);
  2878. if (preg_match("/^\D*\d+\D+\d+/", $yearNo)) // if '$yearNo' does contain at least two numbers (which are separated by one or more non-digit characters)
  2879. {
  2880. // extract the second number:
  2881. $yearNoEnd = preg_replace("/^\D*\d+\D+(\d+).*/", "\\1", $yearNo);
  2882. $query .= " AND year <= " . quote_smart($yearNoEnd);
  2883. }
  2884. }
  2885. else // fallback if no number is given:
  2886. $query .= " AND year RLIKE " . quote_smart($yearNo);
  2887. }
  2888. elseif ($yearSelector == "is within list")
  2889. {
  2890. // replace any non-digit chars with "|":
  2891. $yearNo = preg_replace("/\D+/", "|", $yearNo);
  2892. // strip "|" from beginning/end of string (if any):
  2893. $yearNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $yearNo);
  2894. $query .= " AND year RLIKE " . quote_smart("^(" . $yearNo . ")$");
  2895. }
  2896. }
  2897. // ... if the user has specified a publication, add the value of '$publicationName' as an AND clause:
  2898. $publicationRadio = $_REQUEST['publicationRadio'];
  2899. if ($publicationRadio == "1")
  2900. {
  2901. $publicationName = $_REQUEST['publicationName'];
  2902. if ($publicationName != "All" && $publicationName != "")
  2903. {
  2904. $publicationSelector = $_REQUEST['publicationSelector'];
  2905. if ($publicationSelector == "contains")
  2906. $query .= " AND publication RLIKE " . quote_smart($publicationName);
  2907. elseif ($publicationSelector == "does not contain")
  2908. $query .= " AND publication NOT RLIKE " . quote_smart($publicationName);
  2909. elseif ($publicationSelector == "is equal to")
  2910. $query .= " AND publication = " . quote_smart($publicationName);
  2911. elseif ($publicationSelector == "is not equal to")
  2912. $query .= " AND publication != " . quote_smart($publicationName);
  2913. elseif ($publicationSelector == "starts with")
  2914. $query .= " AND publication RLIKE " . quote_smart("^" . $publicationName);
  2915. elseif ($publicationSelector == "ends with")
  2916. $query .= " AND publication RLIKE " . quote_smart($publicationName . "$");
  2917. }
  2918. }
  2919. elseif ($publicationRadio == "0")
  2920. {
  2921. $publicationName2 = $_REQUEST['publicationName2'];
  2922. if ($publicationName2 != "")
  2923. {
  2924. $publicationSelector2 = $_REQUEST['publicationSelector2'];
  2925. if ($publicationSelector2 == "contains")
  2926. $query .= " AND publication RLIKE " . quote_smart($publicationName2);
  2927. elseif ($publicationSelector2 == "does not contain")
  2928. $query .= " AND publication NOT RLIKE " . quote_smart($publicationName2);
  2929. elseif ($publicationSelector2 == "is equal to")
  2930. $query .= " AND publication = " . quote_smart($publicationName2);
  2931. elseif ($publicationSelector2 == "is not equal to")
  2932. $query .= " AND publication != " . quote_smart($publicationName2);
  2933. elseif ($publicationSelector2 == "starts with")
  2934. $query .= " AND publication RLIKE " . quote_smart("^" . $publicationName2);
  2935. elseif ($publicationSelector2 == "ends with")
  2936. $query .= " AND publication RLIKE " . quote_smart($publicationName2 . "$");
  2937. }
  2938. }
  2939. // ... if the user has specified an abbreviated journal, add the value of '$abbrevJournalName' as an AND clause:
  2940. $abbrevJournalRadio = $_REQUEST['abbrevJournalRadio'];
  2941. if ($abbrevJournalRadio == "1")
  2942. {
  2943. $abbrevJournalName = $_REQUEST['abbrevJournalName'];
  2944. if ($abbrevJournalName != "All" && $abbrevJournalName != "")
  2945. {
  2946. $abbrevJournalSelector = $_REQUEST['abbrevJournalSelector'];
  2947. if ($abbrevJournalSelector == "contains")
  2948. $query .= " AND abbrev_journal RLIKE " . quote_smart($abbrevJournalName);
  2949. elseif ($abbrevJournalSelector == "does not contain")
  2950. $query .= " AND abbrev_journal NOT RLIKE " . quote_smart($abbrevJournalName);
  2951. elseif ($abbrevJournalSelector == "is equal to")
  2952. $query .= " AND abbrev_journal = " . quote_smart($abbrevJournalName);
  2953. elseif ($abbrevJournalSelector == "is not equal to")
  2954. $query .= " AND abbrev_journal != " . quote_smart($abbrevJournalName);
  2955. elseif ($abbrevJournalSelector == "starts with")
  2956. $query .= " AND abbrev_journal RLIKE " . quote_smart("^" . $abbrevJournalName);
  2957. elseif ($abbrevJournalSelector == "ends with")
  2958. $query .= " AND abbrev_journal RLIKE " . quote_smart($abbrevJournalName . "$");
  2959. }
  2960. }
  2961. elseif ($abbrevJournalRadio == "0")
  2962. {
  2963. $abbrevJournalName2 = $_REQUEST['abbrevJournalName2'];
  2964. if ($abbrevJournalName2 != "")
  2965. {
  2966. $abbrevJournalSelector2 = $_REQUEST['abbrevJournalSelector2'];
  2967. if ($abbrevJournalSelector2 == "contains")
  2968. $query .= " AND abbrev_journal RLIKE " . quote_smart($abbrevJournalName2);
  2969. elseif ($abbrevJournalSelector2 == "does not contain")
  2970. $query .= " AND abbrev_journal NOT RLIKE " . quote_smart($abbrevJournalName2);
  2971. elseif ($abbrevJournalSelector2 == "is equal to")
  2972. $query .= " AND abbrev_journal = " . quote_smart($abbrevJournalName2);
  2973. elseif ($abbrevJournalSelector2 == "is not equal to")
  2974. $query .= " AND abbrev_journal != " . quote_smart($abbrevJournalName2);
  2975. elseif ($abbrevJournalSelector2 == "starts with")
  2976. $query .= " AND abbrev_journal RLIKE " . quote_smart("^" . $abbrevJournalName2);
  2977. elseif ($abbrevJournalSelector2 == "ends with")
  2978. $query .= " AND abbrev_journal RLIKE " . quote_smart($abbrevJournalName2 . "$");
  2979. }
  2980. }
  2981. // ... if the user has specified an editor, add the value of '$editorName' as an AND clause:
  2982. $editorName = $_REQUEST['editorName'];
  2983. if ($editorName != "")
  2984. {
  2985. $editorSelector = $_REQUEST['editorSelector'];
  2986. if ($editorSelector == "contains")
  2987. $query .= " AND editor RLIKE " . quote_smart($editorName);
  2988. elseif ($editorSelector == "does not contain")
  2989. $query .= " AND editor NOT RLIKE " . quote_smart($editorName);
  2990. elseif ($editorSelector == "is equal to")
  2991. $query .= " AND editor = " . quote_smart($editorName);
  2992. elseif ($editorSelector == "is not equal to")
  2993. $query .= " AND editor != " . quote_smart($editorName);
  2994. elseif ($editorSelector == "starts with")
  2995. $query .= " AND editor RLIKE " . quote_smart("^" . $editorName);
  2996. elseif ($editorSelector == "ends with")
  2997. $query .= " AND editor RLIKE " . quote_smart($editorName . "$");
  2998. }
  2999. // ... if the user has specified a volume, add the value of '$volumeNo' as an AND clause:
  3000. $volumeNo = $_REQUEST['volumeNo'];
  3001. if ($volumeNo != "")
  3002. {
  3003. $volumeSelector = $_REQUEST['volumeSelector'];
  3004. if ($volumeSelector == "contains")
  3005. $query .= " AND volume RLIKE " . quote_smart($volumeNo);
  3006. elseif ($volumeSelector == "does not contain")
  3007. $query .= " AND volume NOT RLIKE " . quote_smart($volumeNo);
  3008. elseif ($volumeSelector == "is equal to")
  3009. $query .= " AND volume = " . quote_smart($volumeNo);
  3010. elseif ($volumeSelector == "is not equal to")
  3011. $query .= " AND volume != " . quote_smart($volumeNo);
  3012. elseif ($volumeSelector == "starts with")
  3013. $query .= " AND volume RLIKE " . quote_smart("^" . $volumeNo);
  3014. elseif ($volumeSelector == "ends with")
  3015. $query .= " AND volume RLIKE " . quote_smart($volumeNo . "$");
  3016. elseif ($volumeSelector == "is greater than")
  3017. $query .= " AND volume_numeric > " . quote_smart($volumeNo);
  3018. elseif ($volumeSelector == "is less than")
  3019. $query .= " AND volume_numeric < " . quote_smart($volumeNo);
  3020. elseif ($volumeSelector == "is within range")
  3021. {
  3022. if (preg_match("/\d+/", $volumeNo)) // if '$volumeNo' does contain at least one number
  3023. {
  3024. // extract first number:
  3025. $volumeNoStart = preg_replace("/^\D*(\d+).*/", "\\1", $volumeNo);
  3026. $query .= " AND volume_numeric >= " . quote_smart($volumeNoStart);
  3027. if (preg_match("/^\D*\d+\D+\d+/", $volumeNo)) // if '$volumeNo' does contain at least two numbers (which are separated by one or more non-digit characters)
  3028. {
  3029. // extract the second number:
  3030. $volumeNoEnd = preg_replace("/^\D*\d+\D+(\d+).*/", "\\1", $volumeNo);
  3031. $query .= " AND volume_numeric <= " . quote_smart($volumeNoEnd);
  3032. }
  3033. }
  3034. else // fallback if no number is given:
  3035. $query .= " AND volume RLIKE " . quote_smart($volumeNo);
  3036. }
  3037. elseif ($volumeSelector == "is within list")
  3038. {
  3039. // replace any non-digit chars with "|":
  3040. $volumeNo = preg_replace("/\D+/", "|", $volumeNo);
  3041. // strip "|" from beginning/end of string (if any):
  3042. $volumeNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $volumeNo);
  3043. $query .= " AND volume RLIKE " . quote_smart("^(" . $volumeNo . ")$");
  3044. }
  3045. }
  3046. // ... if the user has specified an issue, add the value of '$issueNo' as an AND clause:
  3047. $issueNo = $_REQUEST['issueNo'];
  3048. if ($issueNo != "")
  3049. {
  3050. $issueSelector = $_REQUEST['issueSelector'];
  3051. if ($issueSelector == "contains")
  3052. $query .= " AND issue RLIKE " . quote_smart($issueNo);
  3053. elseif ($issueSelector == "does not contain")
  3054. $query .= " AND issue NOT RLIKE " . quote_smart($issueNo);
  3055. elseif ($issueSelector == "is equal to")
  3056. $query .= " AND issue = " . quote_smart($issueNo);
  3057. elseif ($issueSelector == "is not equal to")
  3058. $query .= " AND issue != " . quote_smart($issueNo);
  3059. elseif ($issueSelector == "starts with")
  3060. $query .= " AND issue RLIKE " . quote_smart("^" . $issueNo);
  3061. elseif ($issueSelector == "ends with")
  3062. $query .= " AND issue RLIKE " . quote_smart($issueNo . "$");
  3063. }
  3064. // ... if the user has specified some pages, add the value of '$pagesNo' as an AND clause:
  3065. $pagesNo = $_REQUEST['pagesNo'];
  3066. if ($pagesNo != "")
  3067. {
  3068. $pagesSelector = $_REQUEST['pagesSelector'];
  3069. if ($pagesSelector == "contains")
  3070. $query .= " AND pages RLIKE " . quote_smart($pagesNo);
  3071. elseif ($pagesSelector == "does not contain")
  3072. $query .= " AND pages NOT RLIKE " . quote_smart($pagesNo);
  3073. elseif ($pagesSelector == "is equal to")
  3074. $query .= " AND pages = " . quote_smart($pagesNo);
  3075. elseif ($pagesSelector == "is not equal to")
  3076. $query .= " AND pages != " . quote_smart($pagesNo);
  3077. elseif ($pagesSelector == "starts with")
  3078. $query .= " AND pages RLIKE " . quote_smart("^" . $pagesNo);
  3079. elseif ($pagesSelector == "ends with")
  3080. $query .= " AND pages RLIKE " . quote_smart($pagesNo . "$");
  3081. }
  3082. // ... if the user has specified a series title, add the value of '$seriesTitleName' as an AND clause:
  3083. $seriesTitleRadio = $_REQUEST['seriesTitleRadio'];
  3084. if ($seriesTitleRadio == "1")
  3085. {
  3086. $seriesTitleName = $_REQUEST['seriesTitleName'];
  3087. if ($seriesTitleName != "All" && $seriesTitleName != "")
  3088. {
  3089. $seriesTitleSelector = $_REQUEST['seriesTitleSelector'];
  3090. if ($seriesTitleSelector == "contains")
  3091. $query .= " AND series_title RLIKE " . quote_smart($seriesTitleName);
  3092. elseif ($seriesTitleSelector == "does not contain")
  3093. $query .= " AND series_title NOT RLIKE " . quote_smart($seriesTitleName);
  3094. elseif ($seriesTitleSelector == "is equal to")
  3095. $query .= " AND series_title = " . quote_smart($seriesTitleName);
  3096. elseif ($seriesTitleSelector == "is not equal to")
  3097. $query .= " AND series_title != " . quote_smart($seriesTitleName);
  3098. elseif ($seriesTitleSelector == "starts with")
  3099. $query .= " AND series_title RLIKE " . quote_smart("^" . $seriesTitleName);
  3100. elseif ($seriesTitleSelector == "ends with")
  3101. $query .= " AND series_title RLIKE " . quote_smart($seriesTitleName . "$");
  3102. }
  3103. }
  3104. elseif ($seriesTitleRadio == "0")
  3105. {
  3106. $seriesTitleName2 = $_REQUEST['seriesTitleName2'];
  3107. if ($seriesTitleName2 != "")
  3108. {
  3109. $seriesTitleSelector2 = $_REQUEST['seriesTitleSelector2'];
  3110. if ($seriesTitleSelector2 == "contains")
  3111. $query .= " AND series_title RLIKE " . quote_smart($seriesTitleName2);
  3112. elseif ($seriesTitleSelector2 == "does not contain")
  3113. $query .= " AND series_title NOT RLIKE " . quote_smart($seriesTitleName2);
  3114. elseif ($seriesTitleSelector2 == "is equal to")
  3115. $query .= " AND series_title = " . quote_smart($seriesTitleName2);
  3116. elseif ($seriesTitleSelector2 == "is not equal to")
  3117. $query .= " AND series_title != " . quote_smart($seriesTitleName2);
  3118. elseif ($seriesTitleSelector2 == "starts with")
  3119. $query .= " AND series_title RLIKE " . quote_smart("^" . $seriesTitleName2);
  3120. elseif ($seriesTitleSelector2 == "ends with")
  3121. $query .= " AND series_title RLIKE " . quote_smart($seriesTitleName2 . "$");
  3122. }
  3123. }
  3124. // ... if the user has specified an abbreviated series title, add the value of '$abbrevSeriesTitleName' as an AND clause:
  3125. $abbrevSeriesTitleRadio = $_REQUEST['abbrevSeriesTitleRadio'];
  3126. if ($abbrevSeriesTitleRadio == "1")
  3127. {
  3128. $abbrevSeriesTitleName = $_REQUEST['abbrevSeriesTitleName'];
  3129. if ($abbrevSeriesTitleName != "All" && $abbrevSeriesTitleName != "")
  3130. {
  3131. $abbrevSeriesTitleSelector = $_REQUEST['abbrevSeriesTitleSelector'];
  3132. if ($abbrevSeriesTitleSelector == "contains")
  3133. $query .= " AND abbrev_series_title RLIKE " . quote_smart($abbrevSeriesTitleName);
  3134. elseif ($abbrevSeriesTitleSelector == "does not contain")
  3135. $query .= " AND abbrev_series_title NOT RLIKE " . quote_smart($abbrevSeriesTitleName);
  3136. elseif ($abbrevSeriesTitleSelector == "is equal to")
  3137. $query .= " AND abbrev_series_title = " . quote_smart($abbrevSeriesTitleName);
  3138. elseif ($abbrevSeriesTitleSelector == "is not equal to")
  3139. $query .= " AND abbrev_series_title != " . quote_smart($abbrevSeriesTitleName);
  3140. elseif ($abbrevSeriesTitleSelector == "starts with")
  3141. $query .= " AND abbrev_series_title RLIKE " . quote_smart("^" . $abbrevSeriesTitleName);
  3142. elseif ($abbrevSeriesTitleSelector == "ends with")
  3143. $query .= " AND abbrev_series_title RLIKE " . quote_smart($abbrevSeriesTitleName . "$");
  3144. }
  3145. }
  3146. elseif ($abbrevSeriesTitleRadio == "0")
  3147. {
  3148. $abbrevSeriesTitleName2 = $_REQUEST['abbrevSeriesTitleName2'];
  3149. if ($abbrevSeriesTitleName2 != "")
  3150. {
  3151. $abbrevSeriesTitleSelector2 = $_REQUEST['abbrevSeriesTitleSelector2'];
  3152. if ($abbrevSeriesTitleSelector2 == "contains")
  3153. $query .= " AND abbrev_series_title RLIKE " . quote_smart($abbrevSeriesTitleName2);
  3154. elseif ($abbrevSeriesTitleSelector2 == "does not contain")
  3155. $query .= " AND abbrev_series_title NOT RLIKE " . quote_smart($abbrevSeriesTitleName2);
  3156. elseif ($abbrevSeriesTitleSelector2 == "is equal to")
  3157. $query .= " AND abbrev_series_title = " . quote_smart($abbrevSeriesTitleName2);
  3158. elseif ($abbrevSeriesTitleSelector2 == "is not equal to")
  3159. $query .= " AND abbrev_series_title != " . quote_smart($abbrevSeriesTitleName2);
  3160. elseif ($abbrevSeriesTitleSelector2 == "starts with")
  3161. $query .= " AND abbrev_series_title RLIKE " . quote_smart("^" . $abbrevSeriesTitleName2);
  3162. elseif ($abbrevSeriesTitleSelector2 == "ends with")
  3163. $query .= " AND abbrev_series_title RLIKE " . quote_smart($abbrevSeriesTitleName2 . "$");
  3164. }
  3165. }
  3166. // ... if the user has specified a series editor, add the value of '$seriesEditorName' as an AND clause:
  3167. $seriesEditorName = $_REQUEST['seriesEditorName'];
  3168. if ($seriesEditorName != "")
  3169. {
  3170. $seriesEditorSelector = $_REQUEST['seriesEditorSelector'];
  3171. if ($seriesEditorSelector == "contains")
  3172. $query .= " AND series_editor RLIKE " . quote_smart($seriesEditorName);
  3173. elseif ($seriesEditorSelector == "does not contain")
  3174. $query .= " AND series_editor NOT RLIKE " . quote_smart($seriesEditorName);
  3175. elseif ($seriesEditorSelector == "is equal to")
  3176. $query .= " AND series_editor = " . quote_smart($seriesEditorName);
  3177. elseif ($seriesEditorSelector == "is not equal to")
  3178. $query .= " AND series_editor != " . quote_smart($seriesEditorName);
  3179. elseif ($seriesEditorSelector == "starts with")
  3180. $query .= " AND series_editor RLIKE " . quote_smart("^" . $seriesEditorName);
  3181. elseif ($seriesEditorSelector == "ends with")
  3182. $query .= " AND series_editor RLIKE " . quote_smart($seriesEditorName . "$");
  3183. }
  3184. // ... if the user has specified a series volume, add the value of '$seriesVolumeNo' as an AND clause:
  3185. $seriesVolumeNo = $_REQUEST['seriesVolumeNo'];
  3186. if ($seriesVolumeNo != "")
  3187. {
  3188. $seriesVolumeSelector = $_REQUEST['seriesVolumeSelector'];
  3189. if ($seriesVolumeSelector == "contains")
  3190. $query .= " AND series_volume RLIKE " . quote_smart($seriesVolumeNo);
  3191. elseif ($seriesVolumeSelector == "does not contain")
  3192. $query .= " AND series_volume NOT RLIKE " . quote_smart($seriesVolumeNo);
  3193. elseif ($seriesVolumeSelector == "is equal to")
  3194. $query .= " AND series_volume = " . quote_smart($seriesVolumeNo);
  3195. elseif ($seriesVolumeSelector == "is not equal to")
  3196. $query .= " AND series_volume != " . quote_smart($seriesVolumeNo);
  3197. elseif ($seriesVolumeSelector == "starts with")
  3198. $query .= " AND series_volume RLIKE " . quote_smart("^" . $seriesVolumeNo);
  3199. elseif ($seriesVolumeSelector == "ends with")
  3200. $query .= " AND series_volume RLIKE " . quote_smart($seriesVolumeNo . "$");
  3201. elseif ($seriesVolumeSelector == "is greater than")
  3202. $query .= " AND series_volume_numeric > " . quote_smart($seriesVolumeNo);
  3203. elseif ($seriesVolumeSelector == "is less than")
  3204. $query .= " AND series_volume_numeric < " . quote_smart($seriesVolumeNo);
  3205. elseif ($seriesVolumeSelector == "is within range")
  3206. {
  3207. if (preg_match("/\d+/", $seriesVolumeNo)) // if '$seriesVolumeNo' does contain at least one number
  3208. {
  3209. // extract first number:
  3210. $seriesVolumeNoStart = preg_replace("/^\D*(\d+).*/", "\\1", $seriesVolumeNo);
  3211. $query .= " AND series_volume_numeric >= " . quote_smart($seriesVolumeNoStart);
  3212. if (preg_match("/^\D*\d+\D+\d+/", $seriesVolumeNo)) // if '$seriesVolumeNo' does contain at least two numbers (which are separated by one or more non-digit characters)
  3213. {
  3214. // extract the second number:
  3215. $seriesVolumeNoEnd = preg_replace("/^\D*\d+\D+(\d+).*/", "\\1", $seriesVolumeNo);
  3216. $query .= " AND series_volume_numeric <= " . quote_smart($seriesVolumeNoEnd);
  3217. }
  3218. }
  3219. else // fallback if no number is given:
  3220. $query .= " AND series_volume RLIKE " . quote_smart($seriesVolumeNo);
  3221. }
  3222. elseif ($seriesVolumeSelector == "is within list")
  3223. {
  3224. // replace any non-digit chars with "|":
  3225. $seriesVolumeNo = preg_replace("/\D+/", "|", $seriesVolumeNo);
  3226. // strip "|" from beginning/end of string (if any):
  3227. $seriesVolumeNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $seriesVolumeNo);
  3228. $query .= " AND series_volume RLIKE " . quote_smart("^(" . $seriesVolumeNo . ")$");
  3229. }
  3230. }
  3231. // ... if the user has specified a series issue, add the value of '$seriesIssueNo' as an AND clause:
  3232. $seriesIssueNo = $_REQUEST['seriesIssueNo'];
  3233. if ($seriesIssueNo != "")
  3234. {
  3235. $seriesIssueSelector = $_REQUEST['seriesIssueSelector'];
  3236. if ($seriesIssueSelector == "contains")
  3237. $query .= " AND series_issue RLIKE " . quote_smart($seriesIssueNo);
  3238. elseif ($seriesIssueSelector == "does not contain")
  3239. $query .= " AND series_issue NOT RLIKE " . quote_smart($seriesIssueNo);
  3240. elseif ($seriesIssueSelector == "is equal to")
  3241. $query .= " AND series_issue = " . quote_smart($seriesIssueNo);
  3242. elseif ($seriesIssueSelector == "is not equal to")
  3243. $query .= " AND series_issue != " . quote_smart($seriesIssueNo);
  3244. elseif ($seriesIssueSelector == "starts with")
  3245. $query .= " AND series_issue RLIKE " . quote_smart("^" . $seriesIssueNo);
  3246. elseif ($seriesIssueSelector == "ends with")
  3247. $query .= " AND series_issue RLIKE " . quote_smart($seriesIssueNo . "$");
  3248. }
  3249. // ... if the user has specified a publisher, add the value of '$publisherName' as an AND clause:
  3250. $publisherRadio = $_REQUEST['publisherRadio'];
  3251. if ($publisherRadio == "1")
  3252. {
  3253. $publisherName = $_REQUEST['publisherName'];
  3254. if ($publisherName != "All" && $publisherName != "")
  3255. {
  3256. $publisherSelector = $_REQUEST['publisherSelector'];
  3257. if ($publisherSelector == "contains")
  3258. $query .= " AND publisher RLIKE " . quote_smart($publisherName);
  3259. elseif ($publisherSelector == "does not contain")
  3260. $query .= " AND publisher NOT RLIKE " . quote_smart($publisherName);
  3261. elseif ($publisherSelector == "is equal to")
  3262. $query .= " AND publisher = " . quote_smart($publisherName);
  3263. elseif ($publisherSelector == "is not equal to")
  3264. $query .= " AND publisher != " . quote_smart($publisherName);
  3265. elseif ($publisherSelector == "starts with")
  3266. $query .= " AND publisher RLIKE " . quote_smart("^" . $publisherName);
  3267. elseif ($publisherSelector == "ends with")
  3268. $query .= " AND publisher RLIKE " . quote_smart($publisherName . "$");
  3269. }
  3270. }
  3271. elseif ($publisherRadio == "0")
  3272. {
  3273. $publisherName2 = $_REQUEST['publisherName2'];
  3274. if ($publisherName2 != "")
  3275. {
  3276. $publisherSelector2 = $_REQUEST['publisherSelector2'];
  3277. if ($publisherSelector2 == "contains")
  3278. $query .= " AND publisher RLIKE " . quote_smart($publisherName2);
  3279. elseif ($publisherSelector2 == "does not contain")
  3280. $query .= " AND publisher NOT RLIKE " . quote_smart($publisherName2);
  3281. elseif ($publisherSelector2 == "is equal to")
  3282. $query .= " AND publisher = " . quote_smart($publisherName2);
  3283. elseif ($publisherSelector2 == "is not equal to")
  3284. $query .= " AND publisher != " . quote_smart($publisherName2);
  3285. elseif ($publisherSelector2 == "starts with")
  3286. $query .= " AND publisher RLIKE " . quote_smart("^" . $publisherName2);
  3287. elseif ($publisherSelector2 == "ends with")
  3288. $query .= " AND publisher RLIKE " . quote_smart($publisherName2 . "$");
  3289. }
  3290. }
  3291. // ... if the user has specified a place, add the value of '$placeName' as an AND clause:
  3292. $placeRadio = $_REQUEST['placeRadio'];
  3293. if ($placeRadio == "1")
  3294. {
  3295. $placeName = $_REQUEST['placeName'];
  3296. if ($placeName != "All" && $placeName != "")
  3297. {
  3298. $placeSelector = $_REQUEST['placeSelector'];
  3299. if ($placeSelector == "contains")
  3300. $query .= " AND place RLIKE " . quote_smart($placeName);
  3301. elseif ($placeSelector == "does not contain")
  3302. $query .= " AND place NOT RLIKE " . quote_smart($placeName);
  3303. elseif ($placeSelector == "is equal to")
  3304. $query .= " AND place = " . quote_smart($placeName);
  3305. elseif ($placeSelector == "is not equal to")
  3306. $query .= " AND place != " . quote_smart($placeName);
  3307. elseif ($placeSelector == "starts with")
  3308. $query .= " AND place RLIKE " . quote_smart("^" . $placeName);
  3309. elseif ($placeSelector == "ends with")
  3310. $query .= " AND place RLIKE " . quote_smart($placeName . "$");
  3311. }
  3312. }
  3313. elseif ($placeRadio == "0")
  3314. {
  3315. $placeName2 = $_REQUEST['placeName2'];
  3316. if ($placeName2 != "")
  3317. {
  3318. $placeSelector2 = $_REQUEST['placeSelector2'];
  3319. if ($placeSelector2 == "contains")
  3320. $query .= " AND place RLIKE " . quote_smart($placeName2);
  3321. elseif ($placeSelector2 == "does not contain")
  3322. $query .= " AND place NOT RLIKE " . quote_smart($placeName2);
  3323. elseif ($placeSelector2 == "is equal to")
  3324. $query .= " AND place = " . quote_smart($placeName2);
  3325. elseif ($placeSelector2 == "is not equal to")
  3326. $query .= " AND place != " . quote_smart($placeName2);
  3327. elseif ($placeSelector2 == "starts with")
  3328. $query .= " AND place RLIKE " . quote_smart("^" . $placeName2);
  3329. elseif ($placeSelector2 == "ends with")
  3330. $query .= " AND place RLIKE " . quote_smart($placeName2 . "$");
  3331. }
  3332. }
  3333. // ... if the user has specified an edition, add the value of '$editionNo' as an AND clause:
  3334. $editionNo = $_REQUEST['editionNo'];
  3335. if ($editionNo != "")
  3336. {
  3337. $editionSelector = $_REQUEST['editionSelector'];
  3338. if ($editionSelector == "contains")
  3339. $query .= " AND edition RLIKE " . quote_smart($editionNo);
  3340. elseif ($editionSelector == "does not contain")
  3341. $query .= " AND edition NOT RLIKE " . quote_smart($editionNo);
  3342. elseif ($editionSelector == "is equal to")
  3343. $query .= " AND edition = " . quote_smart($editionNo);
  3344. elseif ($editionSelector == "is not equal to")
  3345. $query .= " AND edition != " . quote_smart($editionNo);
  3346. elseif ($editionSelector == "starts with")
  3347. $query .= " AND edition RLIKE " . quote_smart("^" . $editionNo);
  3348. elseif ($editionSelector == "ends with")
  3349. $query .= " AND edition RLIKE " . quote_smart($editionNo . "$");
  3350. elseif ($editionSelector == "is greater than")
  3351. $query .= " AND edition > " . quote_smart($editionNo);
  3352. elseif ($editionSelector == "is less than")
  3353. $query .= " AND edition < " . quote_smart($editionNo);
  3354. elseif ($editionSelector == "is within range")
  3355. {
  3356. if (preg_match("/\d+/", $editionNo)) // if '$editionNo' does contain at least one number
  3357. {
  3358. // extract first number:
  3359. $editionNoStart = preg_replace("/^\D*(\d+).*/", "\\1", $editionNo);
  3360. $query .= " AND edition >= " . quote_smart($editionNoStart);
  3361. if (preg_match("/^\D*\d+\D+\d+/", $editionNo)) // if '$editionNo' does contain at least two numbers (which are separated by one or more non-digit characters)
  3362. {
  3363. // extract the second number:
  3364. $editionNoEnd = preg_replace("/^\D*\d+\D+(\d+).*/", "\\1", $editionNo);
  3365. $query .= " AND edition <= " . quote_smart($editionNoEnd);
  3366. }
  3367. }
  3368. else // fallback if no number is given:
  3369. $query .= " AND edition RLIKE " . quote_smart($editionNo);
  3370. }
  3371. elseif ($editionSelector == "is within list")
  3372. {
  3373. // replace any non-digit chars with "|":
  3374. $editionNo = preg_replace("/\D+/", "|", $editionNo);
  3375. // strip "|" from beginning/end of string (if any):
  3376. $editionNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $editionNo);
  3377. $query .= " AND edition RLIKE " . quote_smart("^(" . $editionNo . ")$");
  3378. }
  3379. }
  3380. // ... if the user has specified a medium, add the value of '$mediumName' as an AND clause:
  3381. $mediumName = $_REQUEST['mediumName'];
  3382. if ($mediumName != "")
  3383. {
  3384. $mediumSelector = $_REQUEST['mediumSelector'];
  3385. if ($mediumSelector == "contains")
  3386. $query .= " AND medium RLIKE " . quote_smart($mediumName);
  3387. elseif ($mediumSelector == "does not contain")
  3388. $query .= " AND medium NOT RLIKE " . quote_smart($mediumName);
  3389. elseif ($mediumSelector == "is equal to")
  3390. $query .= " AND medium = " . quote_smart($mediumName);
  3391. elseif ($mediumSelector == "is not equal to")
  3392. $query .= " AND medium != " . quote_smart($mediumName);
  3393. elseif ($mediumSelector == "starts with")
  3394. $query .= " AND medium RLIKE " . quote_smart("^" . $mediumName);
  3395. elseif ($mediumSelector == "ends with")
  3396. $query .= " AND medium RLIKE " . quote_smart($mediumName . "$");
  3397. }
  3398. // ... if the user has specified an ISSN, add the value of '$issnName' as an AND clause:
  3399. $issnName = $_REQUEST['issnName'];
  3400. if ($issnName != "")
  3401. {
  3402. $issnSelector = $_REQUEST['issnSelector'];
  3403. if ($issnSelector == "contains")
  3404. $query .= " AND issn RLIKE " . quote_smart($issnName);
  3405. elseif ($issnSelector == "does not contain")
  3406. $query .= " AND issn NOT RLIKE " . quote_smart($issnName);
  3407. elseif ($issnSelector == "is equal to")
  3408. $query .= " AND issn = " . quote_smart($issnName);
  3409. elseif ($issnSelector == "is not equal to")
  3410. $query .= " AND issn != " . quote_smart($issnName);
  3411. elseif ($issnSelector == "starts with")
  3412. $query .= " AND issn RLIKE " . quote_smart("^" . $issnName);
  3413. elseif ($issnSelector == "ends with")
  3414. $query .= " AND issn RLIKE " . quote_smart($issnName . "$");
  3415. }
  3416. // ... if the user has specified an ISBN, add the value of '$isbnName' as an AND clause:
  3417. $isbnName = $_REQUEST['isbnName'];
  3418. if ($isbnName != "")
  3419. {
  3420. $isbnSelector = $_REQUEST['isbnSelector'];
  3421. if ($isbnSelector == "contains")
  3422. $query .= " AND isbn RLIKE " . quote_smart($isbnName);
  3423. elseif ($isbnSelector == "does not contain")
  3424. $query .= " AND isbn NOT RLIKE " . quote_smart($isbnName);
  3425. elseif ($isbnSelector == "is equal to")
  3426. $query .= " AND isbn = " . quote_smart($isbnName);
  3427. elseif ($isbnSelector == "is not equal to")
  3428. $query .= " AND isbn != " . quote_smart($isbnName);
  3429. elseif ($isbnSelector == "starts with")
  3430. $query .= " AND isbn RLIKE " . quote_smart("^" . $isbnName);
  3431. elseif ($isbnSelector == "ends with")
  3432. $query .= " AND isbn RLIKE " . quote_smart($isbnName . "$");
  3433. }
  3434. // ... if the user has specified a language, add the value of '$languageName' as an AND clause:
  3435. $languageRadio = $_REQUEST['languageRadio'];
  3436. if ($languageRadio == "1")
  3437. {
  3438. $languageName = $_REQUEST['languageName'];
  3439. if ($languageName != "All" && $languageName != "")
  3440. {
  3441. $languageSelector = $_REQUEST['languageSelector'];
  3442. if ($languageSelector == "contains")
  3443. $query .= " AND language RLIKE " . quote_smart($languageName);
  3444. elseif ($languageSelector == "does not contain")
  3445. $query .= " AND language NOT RLIKE " . quote_smart($languageName);
  3446. elseif ($languageSelector == "is equal to")
  3447. $query .= " AND language = " . quote_smart($languageName);
  3448. elseif ($languageSelector == "is not equal to")
  3449. $query .= " AND language != " . quote_smart($languageName);
  3450. elseif ($languageSelector == "starts with")
  3451. $query .= " AND language RLIKE " . quote_smart("^" . $languageName);
  3452. elseif ($languageSelector == "ends with")
  3453. $query .= " AND language RLIKE " . quote_smart($languageName . "$");
  3454. }
  3455. }
  3456. elseif ($languageRadio == "0")
  3457. {
  3458. $languageName2 = $_REQUEST['languageName2'];
  3459. if ($languageName2 != "")
  3460. {
  3461. $languageSelector2 = $_REQUEST['languageSelector2'];
  3462. if ($languageSelector2 == "contains")
  3463. $query .= " AND language RLIKE " . quote_smart($languageName2);
  3464. elseif ($languageSelector2 == "does not contain")
  3465. $query .= " AND language NOT RLIKE " . quote_smart($languageName2);
  3466. elseif ($languageSelector2 == "is equal to")
  3467. $query .= " AND language = " . quote_smart($languageName2);
  3468. elseif ($languageSelector2 == "is not equal to")
  3469. $query .= " AND language != " . quote_smart($languageName2);
  3470. elseif ($languageSelector2 == "starts with")
  3471. $query .= " AND language RLIKE " . quote_smart("^" . $languageName2);
  3472. elseif ($languageSelector2 == "ends with")
  3473. $query .= " AND language RLIKE " . quote_smart($languageName2 . "$");
  3474. }
  3475. }
  3476. // ... if the user has specified a summary language, add the value of '$summaryLanguageName' as an AND clause:
  3477. $summaryLanguageRadio = $_REQUEST['summaryLanguageRadio'];
  3478. if ($summaryLanguageRadio == "1")
  3479. {
  3480. $summaryLanguageName = $_REQUEST['summaryLanguageName'];
  3481. if ($summaryLanguageName != "All" && $summaryLanguageName != "")
  3482. {
  3483. $summaryLanguageSelector = $_REQUEST['summaryLanguageSelector'];
  3484. if ($summaryLanguageSelector == "contains")
  3485. $query .= " AND summary_language RLIKE " . quote_smart($summaryLanguageName);
  3486. elseif ($summaryLanguageSelector == "does not contain")
  3487. $query .= " AND summary_language NOT RLIKE " . quote_smart($summaryLanguageName);
  3488. elseif ($summaryLanguageSelector == "is equal to")
  3489. $query .= " AND summary_language = " . quote_smart($summaryLanguageName);
  3490. elseif ($summaryLanguageSelector == "is not equal to")
  3491. $query .= " AND summary_language != " . quote_smart($summaryLanguageName);
  3492. elseif ($summaryLanguageSelector == "starts with")
  3493. $query .= " AND summary_language RLIKE " . quote_smart("^" . $summaryLanguageName);
  3494. elseif ($summaryLanguageSelector == "ends with")
  3495. $query .= " AND summary_language RLIKE " . quote_smart($summaryLanguageName . "$");
  3496. }
  3497. }
  3498. elseif ($summaryLanguageRadio == "0")
  3499. {
  3500. $summaryLanguageName2 = $_REQUEST['summaryLanguageName2'];
  3501. if ($summaryLanguageName2 != "")
  3502. {
  3503. $summaryLanguageSelector2 = $_REQUEST['summaryLanguageSelector2'];
  3504. if ($summaryLanguageSelector2 == "contains")
  3505. $query .= " AND summary_language RLIKE " . quote_smart($summaryLanguageName2);
  3506. elseif ($summaryLanguageSelector2 == "does not contain")
  3507. $query .= " AND summary_language NOT RLIKE " . quote_smart($summaryLanguageName2);
  3508. elseif ($summaryLanguageSelector2 == "is equal to")
  3509. $query .= " AND summary_language = " . quote_smart($summaryLanguageName2);
  3510. elseif ($summaryLanguageSelector2 == "is not equal to")
  3511. $query .= " AND summary_language != " . quote_smart($summaryLanguageName2);
  3512. elseif ($summaryLanguageSelector2 == "starts with")
  3513. $query .= " AND summary_language RLIKE " . quote_smart("^" . $summaryLanguageName2);
  3514. elseif ($summaryLanguageSelector2 == "ends with")
  3515. $query .= " AND summary_language RLIKE " . quote_smart($summaryLanguageName2 . "$");
  3516. }
  3517. }
  3518. // ... if the user has specified some keywords, add the value of '$keywordsName' as an AND clause:
  3519. $keywordsName = $_REQUEST['keywordsName'];
  3520. if ($keywordsName != "")
  3521. {
  3522. $keywordsSelector = $_REQUEST['keywordsSelector'];
  3523. if ($keywordsSelector == "contains")
  3524. $query .= " AND keywords RLIKE " . quote_smart($keywordsName);
  3525. elseif ($keywordsSelector == "does not contain")
  3526. $query .= " AND keywords NOT RLIKE " . quote_smart($keywordsName);
  3527. elseif ($keywordsSelector == "is equal to")
  3528. $query .= " AND keywords = " . quote_smart($keywordsName);
  3529. elseif ($keywordsSelector == "is not equal to")
  3530. $query .= " AND keywords != " . quote_smart($keywordsName);
  3531. elseif ($keywordsSelector == "starts with")
  3532. $query .= " AND keywords RLIKE " . quote_smart("^" . $keywordsName);
  3533. elseif ($keywordsSelector == "ends with")
  3534. $query .= " AND keywords RLIKE " . quote_smart($keywordsName . "$");
  3535. }
  3536. // ... if the user has specified an abstract, add the value of '$abstractName' as an AND clause:
  3537. $abstractName = $_REQUEST['abstractName'];
  3538. if ($abstractName != "")
  3539. {
  3540. $abstractSelector = $_REQUEST['abstractSelector'];
  3541. if ($abstractSelector == "contains")
  3542. $query .= " AND abstract RLIKE " . quote_smart($abstractName);
  3543. elseif ($abstractSelector == "does not contain")
  3544. $query .= " AND abstract NOT RLIKE " . quote_smart($abstractName);
  3545. elseif ($abstractSelector == "is equal to")
  3546. $query .= " AND abstract = " . quote_smart($abstractName);
  3547. elseif ($abstractSelector == "is not equal to")
  3548. $query .= " AND abstract != " . quote_smart($abstractName);
  3549. elseif ($abstractSelector == "starts with")
  3550. $query .= " AND abstract RLIKE " . quote_smart("^" . $abstractName);
  3551. elseif ($abstractSelector == "ends with")
  3552. $query .= " AND abstract RLIKE " . quote_smart($abstractName . "$");
  3553. }
  3554. // ... if the user has specified an area, add the value of '$areaName' as an AND clause:
  3555. $areaRadio = $_REQUEST['areaRadio'];
  3556. if ($areaRadio == "1")
  3557. {
  3558. $areaName = $_REQUEST['areaName'];
  3559. if ($areaName != "All" && $areaName != "")
  3560. {
  3561. $areaSelector = $_REQUEST['areaSelector'];
  3562. if ($areaSelector == "contains")
  3563. $query .= " AND area RLIKE " . quote_smart($areaName);
  3564. elseif ($areaSelector == "does not contain")
  3565. $query .= " AND area NOT RLIKE " . quote_smart($areaName);
  3566. elseif ($areaSelector == "is equal to")
  3567. $query .= " AND area = " . quote_smart($areaName);
  3568. elseif ($areaSelector == "is not equal to")
  3569. $query .= " AND area != " . quote_smart($areaName);
  3570. elseif ($areaSelector == "starts with")
  3571. $query .= " AND area RLIKE " . quote_smart("^" . $areaName);
  3572. elseif ($areaSelector == "ends with")
  3573. $query .= " AND area RLIKE " . quote_smart($areaName . "$");
  3574. }
  3575. }
  3576. elseif ($areaRadio == "0")
  3577. {
  3578. $areaName2 = $_REQUEST['areaName2'];
  3579. if ($areaName2 != "")
  3580. {
  3581. $areaSelector2 = $_REQUEST['areaSelector2'];
  3582. if ($areaSelector2 == "contains")
  3583. $query .= " AND area RLIKE " . quote_smart($areaName2);
  3584. elseif ($areaSelector2 == "does not contain")
  3585. $query .= " AND area NOT RLIKE " . quote_smart($areaName2);
  3586. elseif ($areaSelector2 == "is equal to")
  3587. $query .= " AND area = " . quote_smart($areaName2);
  3588. elseif ($areaSelector2 == "is not equal to")
  3589. $query .= " AND area != " . quote_smart($areaName2);
  3590. elseif ($areaSelector2 == "starts with")
  3591. $query .= " AND area RLIKE " . quote_smart("^" . $areaName2);
  3592. elseif ($areaSelector2 == "ends with")
  3593. $query .= " AND area RLIKE " . quote_smart($areaName2 . "$");
  3594. }
  3595. }
  3596. // ... if the user has specified an expedition, add the value of '$expeditionName' as an AND clause:
  3597. $expeditionName = $_REQUEST['expeditionName'];
  3598. if ($expeditionName != "")
  3599. {
  3600. $expeditionSelector = $_REQUEST['expeditionSelector'];
  3601. if ($expeditionSelector == "contains")
  3602. $query .= " AND expedition RLIKE " . quote_smart($expeditionName);
  3603. elseif ($expeditionSelector == "does not contain")
  3604. $query .= " AND expedition NOT RLIKE " . quote_smart($expeditionName);
  3605. elseif ($expeditionSelector == "is equal to")
  3606. $query .= " AND expedition = " . quote_smart($expeditionName);
  3607. elseif ($expeditionSelector == "is not equal to")
  3608. $query .= " AND expedition != " . quote_smart($expeditionName);
  3609. elseif ($expeditionSelector == "starts with")
  3610. $query .= " AND expedition RLIKE " . quote_smart("^" . $expeditionName);
  3611. elseif ($expeditionSelector == "ends with")
  3612. $query .= " AND expedition RLIKE " . quote_smart($expeditionName . "$");
  3613. }
  3614. // ... if the user has specified a conference, add the value of '$conferenceName' as an AND clause:
  3615. $conferenceName = $_REQUEST['conferenceName'];
  3616. if ($conferenceName != "")
  3617. {
  3618. $conferenceSelector = $_REQUEST['conferenceSelector'];
  3619. if ($conferenceSelector == "contains")
  3620. $query .= " AND conference RLIKE " . quote_smart($conferenceName);
  3621. elseif ($conferenceSelector == "does not contain")
  3622. $query .= " AND conference NOT RLIKE " . quote_smart($conferenceName);
  3623. elseif ($conferenceSelector == "is equal to")
  3624. $query .= " AND conference = " . quote_smart($conferenceName);
  3625. elseif ($conferenceSelector == "is not equal to")
  3626. $query .= " AND conference != " . quote_smart($conferenceName);
  3627. elseif ($conferenceSelector == "starts with")
  3628. $query .= " AND conference RLIKE " . quote_smart("^" . $conferenceName);
  3629. elseif ($conferenceSelector == "ends with")
  3630. $query .= " AND conference RLIKE " . quote_smart($conferenceName . "$");
  3631. }
  3632. // ... if the user has specified a DOI, add the value of '$doiName' as an AND clause:
  3633. $doiName = $_REQUEST['doiName'];
  3634. if ($doiName != "")
  3635. {
  3636. $doiSelector = $_REQUEST['doiSelector'];
  3637. if ($doiSelector == "contains")
  3638. $query .= " AND doi RLIKE " . quote_smart($doiName);
  3639. elseif ($doiSelector == "does not contain")
  3640. $query .= " AND doi NOT RLIKE " . quote_smart($doiName);
  3641. elseif ($doiSelector == "is equal to")
  3642. $query .= " AND doi = " . quote_smart($doiName);
  3643. elseif ($doiSelector == "is not equal to")
  3644. $query .= " AND doi != " . quote_smart($doiName);
  3645. elseif ($doiSelector == "starts with")
  3646. $query .= " AND doi RLIKE " . quote_smart("^" . $doiName);
  3647. elseif ($doiSelector == "ends with")
  3648. $query .= " AND doi RLIKE " . quote_smart($doiName . "$");
  3649. }
  3650. // ... if the user has specified an URL, add the value of '$urlName' as an AND clause:
  3651. $urlName = $_REQUEST['urlName'];
  3652. if ($urlName != "")
  3653. {
  3654. $urlSelector = $_REQUEST['urlSelector'];
  3655. if ($urlSelector == "contains")
  3656. $query .= " AND url RLIKE " . quote_smart($urlName);
  3657. elseif ($urlSelector == "does not contain")
  3658. $query .= " AND url NOT RLIKE " . quote_smart($urlName);
  3659. elseif ($urlSelector == "is equal to")
  3660. $query .= " AND url = " . quote_smart($urlName);
  3661. elseif ($urlSelector == "is not equal to")
  3662. $query .= " AND url != " . quote_smart($urlName);
  3663. elseif ($urlSelector == "starts with")
  3664. $query .= " AND url RLIKE " . quote_smart("^" . $urlName);
  3665. elseif ($urlSelector == "ends with")
  3666. $query .= " AND url RLIKE " . quote_smart($urlName . "$");
  3667. }
  3668. // ... if the user has specified a location, add the value of '$locationName' as an AND clause:
  3669. if (isset($_REQUEST['locationRadio'])) // the location text entry form is not available if the user is not logged in
  3670. {
  3671. $locationRadio = $_REQUEST['locationRadio'];
  3672. if ($locationRadio == "1")
  3673. {
  3674. $locationName = $_REQUEST['locationName'];
  3675. if ($locationName != "All" && $locationName != "")
  3676. {
  3677. $locationSelector = $_REQUEST['locationSelector'];
  3678. if ($locationSelector == "contains")
  3679. $query .= " AND location RLIKE " . quote_smart($locationName);
  3680. elseif ($locationSelector == "does not contain")
  3681. $query .= " AND location NOT RLIKE " . quote_smart($locationName);
  3682. elseif ($locationSelector == "is equal to")
  3683. $query .= " AND location = " . quote_smart($locationName);
  3684. elseif ($locationSelector == "is not equal to")
  3685. $query .= " AND location != " . quote_smart($locationName);
  3686. elseif ($locationSelector == "starts with")
  3687. $query .= " AND location RLIKE " . quote_smart("^" . $locationName);
  3688. elseif ($locationSelector == "ends with")
  3689. $query .= " AND location RLIKE " . quote_smart($locationName . "$");
  3690. }
  3691. }
  3692. elseif ($locationRadio == "0")
  3693. {
  3694. $locationName2 = $_REQUEST['locationName2'];
  3695. if ($locationName2 != "")
  3696. {
  3697. $locationSelector2 = $_REQUEST['locationSelector2'];
  3698. if ($locationSelector2 == "contains")
  3699. $query .= " AND location RLIKE " . quote_smart($locationName2);
  3700. elseif ($locationSelector2 == "does not contain")
  3701. $query .= " AND location NOT RLIKE " . quote_smart($locationName2);
  3702. elseif ($locationSelector2 == "is equal to")
  3703. $query .= " AND location = " . quote_smart($locationName2);
  3704. elseif ($locationSelector2 == "is not equal to")
  3705. $query .= " AND location != " . quote_smart($locationName2);
  3706. elseif ($locationSelector2 == "starts with")
  3707. $query .= " AND location RLIKE " . quote_smart("^" . $locationName2);
  3708. elseif ($locationSelector2 == "ends with")
  3709. $query .= " AND location RLIKE " . quote_smart($locationName2 . "$");
  3710. }
  3711. }
  3712. }
  3713. // ... if the user has specified a call number, add the value of '$callNumberName' as an AND clause:
  3714. $callNumberName = $_REQUEST['callNumberName'];
  3715. if ($callNumberName != "")
  3716. {
  3717. $callNumberSelector = $_REQUEST['callNumberSelector'];
  3718. if ($callNumberSelector == "contains")
  3719. $query .= " AND call_number RLIKE " . quote_smart($callNumberName);
  3720. elseif ($callNumberSelector == "does not contain")
  3721. $query .= " AND call_number NOT RLIKE " . quote_smart($callNumberName);
  3722. elseif ($callNumberSelector == "is equal to")
  3723. $query .= " AND call_number = " . quote_smart($callNumberName);
  3724. elseif ($callNumberSelector == "is not equal to")
  3725. $query .= " AND call_number != " . quote_smart($callNumberName);
  3726. elseif ($callNumberSelector == "starts with")
  3727. $query .= " AND call_number RLIKE " . quote_smart("^" . $callNumberName);
  3728. elseif ($callNumberSelector == "ends with")
  3729. $query .= " AND call_number RLIKE " . quote_smart($callNumberName . "$");
  3730. }
  3731. // ... if the user has specified a file, add the value of '$fileName' as an AND clause:
  3732. if (isset($_REQUEST['fileName'])) // the file text entry form may be hidden if the user has no permission to see any files
  3733. {
  3734. $fileName = $_REQUEST['fileName'];
  3735. if ($fileName != "")
  3736. {
  3737. $fileSelector = $_REQUEST['fileSelector'];
  3738. if ($fileSelector == "contains")
  3739. $query .= " AND file RLIKE " . quote_smart($fileName);
  3740. elseif ($fileSelector == "does not contain")
  3741. $query .= " AND file NOT RLIKE " . quote_smart($fileName);
  3742. elseif ($fileSelector == "is equal to")
  3743. $query .= " AND file = " . quote_smart($fileName);
  3744. elseif ($fileSelector == "is not equal to")
  3745. $query .= " AND file != " . quote_smart($fileName);
  3746. elseif ($fileSelector == "starts with")
  3747. $query .= " AND file RLIKE " . quote_smart("^" . $fileName);
  3748. elseif ($fileSelector == "ends with")
  3749. $query .= " AND file RLIKE " . quote_smart($fileName . "$");
  3750. }
  3751. }
  3752. if (isset($loginEmail)) // if a user is logged in and...
  3753. {
  3754. // ... if the user has specified a copy status, add the value of '$copyName' as an AND clause:
  3755. $copyName = $_REQUEST['copyName'];
  3756. if ($copyName != "All" && $copyName != "")
  3757. {
  3758. $copySelector = $_REQUEST['copySelector'];
  3759. if ($copySelector == "is equal to")
  3760. $query .= " AND copy = " . quote_smart($copyName);
  3761. elseif ($copySelector == "is not equal to")
  3762. $query .= " AND copy != " . quote_smart($copyName);
  3763. }
  3764. }
  3765. // ... if the user has specified some notes, add the value of '$notesName' as an AND clause:
  3766. $notesName = $_REQUEST['notesName'];
  3767. if ($notesName != "")
  3768. {
  3769. $notesSelector = $_REQUEST['notesSelector'];
  3770. if ($notesSelector == "contains")
  3771. $query .= " AND notes RLIKE " . quote_smart($notesName);
  3772. elseif ($notesSelector == "does not contain")
  3773. $query .= " AND notes NOT RLIKE " . quote_smart($notesName);
  3774. elseif ($notesSelector == "is equal to")
  3775. $query .= " AND notes = " . quote_smart($notesName);
  3776. elseif ($notesSelector == "is not equal to")
  3777. $query .= " AND notes != " . quote_smart($notesName);
  3778. elseif ($notesSelector == "starts with")
  3779. $query .= " AND notes RLIKE " . quote_smart("^" . $notesName);
  3780. elseif ($notesSelector == "ends with")
  3781. $query .= " AND notes RLIKE " . quote_smart($notesName . "$");
  3782. }
  3783. if (isset($loginEmail)) // if a user is logged in and...
  3784. {
  3785. // ... if the user has specified some user keys, add the value of '$userKeysName' as an AND clause:
  3786. $userKeysRadio = $_REQUEST['userKeysRadio'];
  3787. if ($userKeysRadio == "1")
  3788. {
  3789. $userKeysName = $_REQUEST['userKeysName'];
  3790. if ($userKeysName != "All" && $userKeysName != "")
  3791. {
  3792. $userKeysSelector = $_REQUEST['userKeysSelector'];
  3793. if ($userKeysSelector == "contains")
  3794. $query .= " AND user_keys RLIKE " . quote_smart($userKeysName);
  3795. elseif ($userKeysSelector == "does not contain")
  3796. $query .= " AND user_keys NOT RLIKE " . quote_smart($userKeysName);
  3797. elseif ($userKeysSelector == "is equal to")
  3798. $query .= " AND user_keys = " . quote_smart($userKeysName);
  3799. elseif ($userKeysSelector == "is not equal to")
  3800. $query .= " AND user_keys != " . quote_smart($userKeysName);
  3801. elseif ($userKeysSelector == "starts with")
  3802. $query .= " AND user_keys RLIKE " . quote_smart("^" . $userKeysName);
  3803. elseif ($userKeysSelector == "ends with")
  3804. $query .= " AND user_keys RLIKE " . quote_smart($userKeysName . "$");
  3805. }
  3806. }
  3807. elseif ($userKeysRadio == "0")
  3808. {
  3809. $userKeysName2 = $_REQUEST['userKeysName2'];
  3810. if ($userKeysName2 != "")
  3811. {
  3812. $userKeysSelector2 = $_REQUEST['userKeysSelector2'];
  3813. if ($userKeysSelector2 == "contains")
  3814. $query .= " AND user_keys RLIKE " . quote_smart($userKeysName2);
  3815. elseif ($userKeysSelector2 == "does not contain")
  3816. $query .= " AND user_keys NOT RLIKE " . quote_smart($userKeysName2);
  3817. elseif ($userKeysSelector2 == "is equal to")
  3818. $query .= " AND user_keys = " . quote_smart($userKeysName2);
  3819. elseif ($userKeysSelector2 == "is not equal to")
  3820. $query .= " AND user_keys != " . quote_smart($userKeysName2);
  3821. elseif ($userKeysSelector2 == "starts with")
  3822. $query .= " AND user_keys RLIKE " . quote_smart("^" . $userKeysName2);
  3823. elseif ($userKeysSelector2 == "ends with")
  3824. $query .= " AND user_keys RLIKE " . quote_smart($userKeysName2 . "$");
  3825. }
  3826. }
  3827. // ... if the user has specified some user notes, add the value of '$userNotesName' as an AND clause:
  3828. $userNotesName = $_REQUEST['userNotesName'];
  3829. if ($userNotesName != "")
  3830. {
  3831. $userNotesSelector = $_REQUEST['userNotesSelector'];
  3832. if ($userNotesSelector == "contains")
  3833. $query .= " AND user_notes RLIKE " . quote_smart($userNotesName);
  3834. elseif ($userNotesSelector == "does not contain")
  3835. $query .= " AND user_notes NOT RLIKE " . quote_smart($userNotesName);
  3836. elseif ($userNotesSelector == "is equal to")
  3837. $query .= " AND user_notes = " . quote_smart($userNotesName);
  3838. elseif ($userNotesSelector == "is not equal to")
  3839. $query .= " AND user_notes != " . quote_smart($userNotesName);
  3840. elseif ($userNotesSelector == "starts with")
  3841. $query .= " AND user_notes RLIKE " . quote_smart("^" . $userNotesName);
  3842. elseif ($userNotesSelector == "ends with")
  3843. $query .= " AND user_notes RLIKE " . quote_smart($userNotesName . "$");
  3844. }
  3845. // ... if the user has specified a user file, add the value of '$userFileName' as an AND clause:
  3846. $userFileName = $_REQUEST['userFileName'];
  3847. if ($userFileName != "")
  3848. {
  3849. $userFileSelector = $_REQUEST['userFileSelector'];
  3850. if ($userFileSelector == "contains")
  3851. $query .= " AND user_file RLIKE " . quote_smart($userFileName);
  3852. elseif ($userFileSelector == "does not contain")
  3853. $query .= " AND user_file NOT RLIKE " . quote_smart($userFileName);
  3854. elseif ($userFileSelector == "is equal to")
  3855. $query .= " AND user_file = " . quote_smart($userFileName);
  3856. elseif ($userFileSelector == "is not equal to")
  3857. $query .= " AND user_file != " . quote_smart($userFileName);
  3858. elseif ($userFileSelector == "starts with")
  3859. $query .= " AND user_file RLIKE " . quote_smart("^" . $userFileName);
  3860. elseif ($userFileSelector == "ends with")
  3861. $query .= " AND user_file RLIKE " . quote_smart($userFileName . "$");
  3862. }
  3863. // ... if the user has specified some user groups, add the value of '$userGroupsName' as an AND clause:
  3864. $userGroupsRadio = $_REQUEST['userGroupsRadio'];
  3865. if ($userGroupsRadio == "1")
  3866. {
  3867. $userGroupsName = $_REQUEST['userGroupsName'];
  3868. if ($userGroupsName != "All" && $userGroupsName != "")
  3869. {
  3870. $userGroupsSelector = $_REQUEST['userGroupsSelector'];
  3871. if ($userGroupsSelector == "contains")
  3872. $query .= " AND user_groups RLIKE " . quote_smart($userGroupsName);
  3873. elseif ($userGroupsSelector == "does not contain")
  3874. $query .= " AND user_groups NOT RLIKE " . quote_smart($userGroupsName);
  3875. elseif ($userGroupsSelector == "is equal to")
  3876. $query .= " AND user_groups = " . quote_smart($userGroupsName);
  3877. elseif ($userGroupsSelector == "is not equal to")
  3878. $query .= " AND user_groups != " . quote_smart($userGroupsName);
  3879. elseif ($userGroupsSelector == "starts with")
  3880. $query .= " AND user_groups RLIKE " . quote_smart("^" . $userGroupsName);
  3881. elseif ($userGroupsSelector == "ends with")
  3882. $query .= " AND user_groups RLIKE " . quote_smart($userGroupsName . "$");
  3883. }
  3884. }
  3885. elseif ($userGroupsRadio == "0")
  3886. {
  3887. $userGroupsName2 = $_REQUEST['userGroupsName2'];
  3888. if ($userGroupsName2 != "")
  3889. {
  3890. $userGroupsSelector2 = $_REQUEST['userGroupsSelector2'];
  3891. if ($userGroupsSelector2 == "contains")
  3892. $query .= " AND user_groups RLIKE " . quote_smart($userGroupsName2);
  3893. elseif ($userGroupsSelector2 == "does not contain")
  3894. $query .= " AND user_groups NOT RLIKE " . quote_smart($userGroupsName2);
  3895. elseif ($userGroupsSelector2 == "is equal to")
  3896. $query .= " AND user_groups = " . quote_smart($userGroupsName2);
  3897. elseif ($userGroupsSelector2 == "is not equal to")
  3898. $query .= " AND user_groups != " . quote_smart($userGroupsName2);
  3899. elseif ($userGroupsSelector2 == "starts with")
  3900. $query .= " AND user_groups RLIKE " . quote_smart("^" . $userGroupsName2);
  3901. elseif ($userGroupsSelector2 == "ends with")
  3902. $query .= " AND user_groups RLIKE " . quote_smart($userGroupsName2 . "$");
  3903. }
  3904. }
  3905. // ... if the user has specified a cite key, add the value of '$citeKeyName' as an AND clause:
  3906. $citeKeyName = $_REQUEST['citeKeyName'];
  3907. if ($citeKeyName != "")
  3908. {
  3909. $citeKeySelector = $_REQUEST['citeKeySelector'];
  3910. if ($citeKeySelector == "contains")
  3911. $query .= " AND cite_key RLIKE " . quote_smart($citeKeyName);
  3912. elseif ($citeKeySelector == "does not contain")
  3913. $query .= " AND cite_key NOT RLIKE " . quote_smart($citeKeyName);
  3914. elseif ($citeKeySelector == "is equal to")
  3915. $query .= " AND cite_key = " . quote_smart($citeKeyName);
  3916. elseif ($citeKeySelector == "is not equal to")
  3917. $query .= " AND cite_key != " . quote_smart($citeKeyName);
  3918. elseif ($citeKeySelector == "starts with")
  3919. $query .= " AND cite_key RLIKE " . quote_smart("^" . $citeKeyName);
  3920. elseif ($citeKeySelector == "ends with")
  3921. $query .= " AND cite_key RLIKE " . quote_smart($citeKeyName . "$");
  3922. }
  3923. }
  3924. // ... if the user has specified a serial, add the value of '$serialNo' as an AND clause:
  3925. $serialNo = $_REQUEST['serialNo'];
  3926. if ($serialNo != "")
  3927. {
  3928. $serialSelector = $_REQUEST['serialSelector'];
  3929. if ($serialSelector == "contains")
  3930. $query .= " AND serial RLIKE " . quote_smart($serialNo);
  3931. elseif ($serialSelector == "does not contain")
  3932. $query .= " AND serial NOT RLIKE " . quote_smart($serialNo);
  3933. elseif ($serialSelector == "is equal to")
  3934. $query .= " AND serial = " . quote_smart($serialNo);
  3935. elseif ($serialSelector == "is not equal to")
  3936. $query .= " AND serial != " . quote_smart($serialNo);
  3937. elseif ($serialSelector == "starts with")
  3938. $query .= " AND serial RLIKE " . quote_smart("^" . $serialNo);
  3939. elseif ($serialSelector == "ends with")
  3940. $query .= " AND serial RLIKE " . quote_smart($serialNo . "$");
  3941. elseif ($serialSelector == "is greater than")
  3942. $query .= " AND serial > " . quote_smart($serialNo);
  3943. elseif ($serialSelector == "is less than")
  3944. $query .= " AND serial < " . quote_smart($serialNo);
  3945. elseif ($serialSelector == "is within range")
  3946. {
  3947. if (preg_match("/\d+/", $serialNo)) // if '$serialNo' does contain at least one number
  3948. {
  3949. // extract first number:
  3950. $serialNoStart = preg_replace("/^\D*(\d+).*/", "\\1", $serialNo);
  3951. $query .= " AND serial >= " . quote_smart($serialNoStart);
  3952. if (preg_match("/^\D*\d+\D+\d+/", $serialNo)) // if '$serialNo' does contain at least two numbers (which are separated by one or more non-digit characters)
  3953. {
  3954. // extract the second number:
  3955. $serialNoEnd = preg_replace("/^\D*\d+\D+(\d+).*/", "\\1", $serialNo);
  3956. $query .= " AND serial <= " . quote_smart($serialNoEnd);
  3957. }
  3958. }
  3959. else // fallback if no number is given:
  3960. $query .= " AND serial RLIKE " . quote_smart($serialNo); // this will never produce any results since serial is always numeric but we keep it here for reasons of consistency
  3961. }
  3962. elseif ($serialSelector == "is within list")
  3963. {
  3964. // replace any non-digit chars with "|":
  3965. $serialNo = preg_replace("/\D+/", "|", $serialNo);
  3966. // strip "|" from beginning/end of string (if any):
  3967. $serialNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $serialNo);
  3968. $query .= " AND serial RLIKE " . quote_smart("^(" . $serialNo . ")$");
  3969. }
  3970. }
  3971. // ... if the user has specified a type, add the value of '$typeName' as an AND clause:
  3972. $typeRadio = $_REQUEST['typeRadio'];
  3973. if ($typeRadio == "1")
  3974. {
  3975. $typeName = $_REQUEST['typeName'];
  3976. if ($typeName != "All" && $typeName != "")
  3977. {
  3978. $typeSelector = $_REQUEST['typeSelector'];
  3979. if ($typeSelector == "contains")
  3980. $query .= " AND type RLIKE " . quote_smart($typeName);
  3981. elseif ($typeSelector == "does not contain")
  3982. $query .= " AND type NOT RLIKE " . quote_smart($typeName);
  3983. elseif ($typeSelector == "is equal to")
  3984. $query .= " AND type = " . quote_smart($typeName);
  3985. elseif ($typeSelector == "is not equal to")
  3986. $query .= " AND type != " . quote_smart($typeName);
  3987. elseif ($typeSelector == "starts with")
  3988. $query .= " AND type RLIKE " . quote_smart("^" . $typeName);
  3989. elseif ($typeSelector == "ends with")
  3990. $query .= " AND type RLIKE " . quote_smart($typeName . "$");
  3991. }
  3992. }
  3993. elseif ($typeRadio == "0")
  3994. {
  3995. $typeName2 = $_REQUEST['typeName2'];
  3996. if ($typeName2 != "")
  3997. {
  3998. $typeSelector2 = $_REQUEST['typeSelector2'];
  3999. if ($typeSelector2 == "contains")
  4000. $query .= " AND type RLIKE " . quote_smart($typeName2);
  4001. elseif ($typeSelector2 == "does not contain")
  4002. $query .= " AND type NOT RLIKE " . quote_smart($typeName2);
  4003. elseif ($typeSelector2 == "is equal to")
  4004. $query .= " AND type = " . quote_smart($typeName2);
  4005. elseif ($typeSelector2 == "is not equal to")
  4006. $query .= " AND type != " . quote_smart($typeName2);
  4007. elseif ($typeSelector2 == "starts with")
  4008. $query .= " AND type RLIKE " . quote_smart("^" . $typeName2);
  4009. elseif ($typeSelector2 == "ends with")
  4010. $query .= " AND type RLIKE " . quote_smart($typeName2 . "$");
  4011. }
  4012. }
  4013. if (isset($loginEmail)) // if a user is logged in and...
  4014. {
  4015. // ... if the user has selected a radio button for 'Marked', add the corresponding value for 'marked' as an AND clause:
  4016. if (isset($_REQUEST['markedRadio']))
  4017. {
  4018. $markedRadio = $_REQUEST['markedRadio'];
  4019. if ($markedRadio == "1")
  4020. $query .= " AND marked = \"yes\"";
  4021. elseif ($markedRadio == "0")
  4022. $query .= " AND marked = \"no\"";
  4023. }
  4024. // ... if the user has selected a radio button for 'Selected', add the corresponding value for 'selected' as an AND clause:
  4025. if (isset($_REQUEST['selectedRadio']))
  4026. {
  4027. $selectedRadio = $_REQUEST['selectedRadio'];
  4028. if ($selectedRadio == "1")
  4029. $query .= " AND selected = \"yes\"";
  4030. elseif ($selectedRadio == "0")
  4031. $query .= " AND selected = \"no\"";
  4032. }
  4033. }
  4034. // ... if the user has selected a radio button for 'Approved', add the corresponding value for 'approved' as an AND clause:
  4035. if (isset($_REQUEST['approvedRadio']))
  4036. {
  4037. $approvedRadio = $_REQUEST['approvedRadio'];
  4038. if ($approvedRadio == "1")
  4039. $query .= " AND approved = \"yes\"";
  4040. elseif ($approvedRadio == "0")
  4041. $query .= " AND approved = \"no\"";
  4042. }
  4043. // ... if the user has specified a created date, add the value of '$createdDateNo' as an AND clause:
  4044. $createdDateNo = $_REQUEST['createdDateNo'];
  4045. if ($createdDateNo != "")
  4046. {
  4047. $createdDateSelector = $_REQUEST['createdDateSelector'];
  4048. if ($createdDateSelector == "contains")
  4049. $query .= " AND created_date RLIKE " . quote_smart($createdDateNo);
  4050. elseif ($createdDateSelector == "does not contain")
  4051. $query .= " AND created_date NOT RLIKE " . quote_smart($createdDateNo);
  4052. elseif ($createdDateSelector == "is equal to")
  4053. $query .= " AND created_date = " . quote_smart($createdDateNo);
  4054. elseif ($createdDateSelector == "is not equal to")
  4055. $query .= " AND created_date != " . quote_smart($createdDateNo);
  4056. elseif ($createdDateSelector == "starts with")
  4057. $query .= " AND created_date RLIKE " . quote_smart("^" . $createdDateNo);
  4058. elseif ($createdDateSelector == "ends with")
  4059. $query .= " AND created_date RLIKE " . quote_smart($createdDateNo . "$");
  4060. elseif ($createdDateSelector == "is greater than")
  4061. $query .= " AND created_date > " . quote_smart($createdDateNo);
  4062. elseif ($createdDateSelector == "is less than")
  4063. $query .= " AND created_date < " . quote_smart($createdDateNo);
  4064. elseif ($createdDateSelector == "is within range")
  4065. {
  4066. if (preg_match("/\d{4}/", $createdDateNo)) // if '$createdDateNo' does contain at least one date spec (which, as a minimum, is defined by a four-digit year)
  4067. {
  4068. // extract first date spec:
  4069. $createdDateNoStart = preg_replace("/^[^\d-]*(\d{4}(?:-\d{2})?(?:-\d{2})?).*/", "\\1", $createdDateNo); // extracts e.g. "2005-10-27", "2005-10" or just "2005" (in that order)
  4070. $query .= " AND created_date >= " . quote_smart($createdDateNoStart);
  4071. if (preg_match("/^[^\d-]*\d{4}(?:-\d{2})?(?:-\d{2})?[^\d-]+\d{4}(?:-\d{2})?(?:-\d{2})?/", $createdDateNo)) // if '$createdDateNo' does contain at least two date specs (which are separated by one or more non-digit/non-hyphen characters)
  4072. {
  4073. // extract the second date spec:
  4074. $createdDateNoEnd = preg_replace("/^[^\d-]*\d{4}(?:-\d{2})?(?:-\d{2})?[^\d-]+(\d{4}(?:-\d{2})?(?:-\d{2})?).*/", "\\1", $createdDateNo);
  4075. $query .= " AND created_date <= " . quote_smart($createdDateNoEnd);
  4076. }
  4077. }
  4078. else // fallback if no recognized date spec is given:
  4079. $query .= " AND created_date RLIKE " . quote_smart($createdDateNo);
  4080. }
  4081. elseif ($createdDateSelector == "is within list")
  4082. {
  4083. // replace any non-digit/non-hyphen chars with "|":
  4084. $createdDateNo = preg_replace("/[^\d-]+/", "|", $createdDateNo);
  4085. // strip "|" from beginning/end of string (if any):
  4086. $createdDateNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $createdDateNo);
  4087. $query .= " AND created_date RLIKE " . quote_smart("^(" . $createdDateNo . ")$");
  4088. }
  4089. }
  4090. // ... if the user has specified a created time, add the value of '$createdTimeNo' as an AND clause:
  4091. $createdTimeNo = $_REQUEST['createdTimeNo'];
  4092. if ($createdTimeNo != "")
  4093. {
  4094. $createdTimeSelector = $_REQUEST['createdTimeSelector'];
  4095. if ($createdTimeSelector == "contains")
  4096. $query .= " AND created_time RLIKE " . quote_smart($createdTimeNo);
  4097. elseif ($createdTimeSelector == "does not contain")
  4098. $query .= " AND created_time NOT RLIKE " . quote_smart($createdTimeNo);
  4099. elseif ($createdTimeSelector == "is equal to")
  4100. $query .= " AND created_time = " . quote_smart($createdTimeNo);
  4101. elseif ($createdTimeSelector == "is not equal to")
  4102. $query .= " AND created_time != " . quote_smart($createdTimeNo);
  4103. elseif ($createdTimeSelector == "starts with")
  4104. $query .= " AND created_time RLIKE " . quote_smart("^" . $createdTimeNo);
  4105. elseif ($createdTimeSelector == "ends with")
  4106. $query .= " AND created_time RLIKE " . quote_smart($createdTimeNo . "$");
  4107. elseif ($createdTimeSelector == "is greater than")
  4108. $query .= " AND created_time > " . quote_smart($createdTimeNo);
  4109. elseif ($createdTimeSelector == "is less than")
  4110. $query .= " AND created_time < " . quote_smart($createdTimeNo);
  4111. elseif ($createdTimeSelector == "is within range")
  4112. {
  4113. if (preg_match("/\d{2}:\d{2}/", $createdTimeNo)) // if '$createdTimeNo' does contain at least one time spec (which, as a minimum, is defined by a HH:MM)
  4114. {
  4115. // extract first time spec:
  4116. $createdTimeNoStart = preg_replace("/^[^\d:]*(\d{2}:\d{2}(?::\d{2})?).*/", "\\1", $createdTimeNo); // extracts e.g. "23:59:59" or just "23:59" (in that order)
  4117. $query .= " AND created_time >= " . quote_smart($createdTimeNoStart);
  4118. if (preg_match("/^[^\d:]*\d{2}:\d{2}(?::\d{2})?[^\d:]+\d{2}:\d{2}(?::\d{2})?/", $createdTimeNo)) // if '$createdTimeNo' does contain at least two date specs (which are separated by one or more non-digit/non-colon characters)
  4119. {
  4120. // extract the second time spec:
  4121. $createdTimeNoEnd = preg_replace("/^[^\d:]*\d{2}:\d{2}(?::\d{2})?[^\d:]+(\d{2}:\d{2}(?::\d{2})?).*/", "\\1", $createdTimeNo);
  4122. $query .= " AND created_time <= " . quote_smart($createdTimeNoEnd);
  4123. }
  4124. }
  4125. else // fallback if no recognized time spec is given:
  4126. $query .= " AND created_time RLIKE " . quote_smart($createdTimeNo);
  4127. }
  4128. elseif ($createdTimeSelector == "is within list")
  4129. {
  4130. // replace any non-digit/non-colon chars with "|":
  4131. $createdTimeNo = preg_replace("/[^\d:]+/", "|", $createdTimeNo);
  4132. // strip "|" from beginning/end of string (if any):
  4133. $createdTimeNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $createdTimeNo);
  4134. $query .= " AND created_time RLIKE " . quote_smart("^(" . $createdTimeNo . ")$");
  4135. }
  4136. }
  4137. // ... if the user has specified a created by, add the value of '$createdByName' as an AND clause:
  4138. if (isset($_REQUEST['createdByRadio'])) // the "created by" text entry form is not available if the user is not logged in
  4139. {
  4140. $createdByRadio = $_REQUEST['createdByRadio'];
  4141. if ($createdByRadio == "1")
  4142. {
  4143. $createdByName = $_REQUEST['createdByName'];
  4144. if ($createdByName != "All" && $createdByName != "")
  4145. {
  4146. $createdBySelector = $_REQUEST['createdBySelector'];
  4147. if ($createdBySelector == "contains")
  4148. $query .= " AND created_by RLIKE " . quote_smart($createdByName);
  4149. elseif ($createdBySelector == "does not contain")
  4150. $query .= " AND created_by NOT RLIKE " . quote_smart($createdByName);
  4151. elseif ($createdBySelector == "is equal to")
  4152. $query .= " AND created_by = " . quote_smart($createdByName);
  4153. elseif ($createdBySelector == "is not equal to")
  4154. $query .= " AND created_by != " . quote_smart($createdByName);
  4155. elseif ($createdBySelector == "starts with")
  4156. $query .= " AND created_by RLIKE " . quote_smart("^" . $createdByName);
  4157. elseif ($createdBySelector == "ends with")
  4158. $query .= " AND created_by RLIKE " . quote_smart($createdByName . "$");
  4159. }
  4160. }
  4161. elseif ($createdByRadio == "0")
  4162. {
  4163. $createdByName2 = $_REQUEST['createdByName2'];
  4164. if ($createdByName2 != "")
  4165. {
  4166. $createdBySelector2 = $_REQUEST['createdBySelector2'];
  4167. if ($createdBySelector2 == "contains")
  4168. $query .= " AND created_by RLIKE " . quote_smart($createdByName2);
  4169. elseif ($createdBySelector2 == "does not contain")
  4170. $query .= " AND created_by NOT RLIKE " . quote_smart($createdByName2);
  4171. elseif ($createdBySelector2 == "is equal to")
  4172. $query .= " AND created_by = " . quote_smart($createdByName2);
  4173. elseif ($createdBySelector2 == "is not equal to")
  4174. $query .= " AND created_by != " . quote_smart($createdByName2);
  4175. elseif ($createdBySelector2 == "starts with")
  4176. $query .= " AND created_by RLIKE " . quote_smart("^" . $createdByName2);
  4177. elseif ($createdBySelector2 == "ends with")
  4178. $query .= " AND created_by RLIKE " . quote_smart($createdByName2 . "$");
  4179. }
  4180. }
  4181. }
  4182. // ... if the user has specified a modified date, add the value of '$modifiedDateNo' as an AND clause:
  4183. $modifiedDateNo = $_REQUEST['modifiedDateNo'];
  4184. if ($modifiedDateNo != "")
  4185. {
  4186. $modifiedDateSelector = $_REQUEST['modifiedDateSelector'];
  4187. if ($modifiedDateSelector == "contains")
  4188. $query .= " AND modified_date RLIKE " . quote_smart($modifiedDateNo);
  4189. elseif ($modifiedDateSelector == "does not contain")
  4190. $query .= " AND modified_date NOT RLIKE " . quote_smart($modifiedDateNo);
  4191. elseif ($modifiedDateSelector == "is equal to")
  4192. $query .= " AND modified_date = " . quote_smart($modifiedDateNo);
  4193. elseif ($modifiedDateSelector == "is not equal to")
  4194. $query .= " AND modified_date != " . quote_smart($modifiedDateNo);
  4195. elseif ($modifiedDateSelector == "starts with")
  4196. $query .= " AND modified_date RLIKE " . quote_smart("^" . $modifiedDateNo);
  4197. elseif ($modifiedDateSelector == "ends with")
  4198. $query .= " AND modified_date RLIKE " . quote_smart($modifiedDateNo . "$");
  4199. elseif ($modifiedDateSelector == "is greater than")
  4200. $query .= " AND modified_date > " . quote_smart($modifiedDateNo);
  4201. elseif ($modifiedDateSelector == "is less than")
  4202. $query .= " AND modified_date < " . quote_smart($modifiedDateNo);
  4203. elseif ($modifiedDateSelector == "is within range")
  4204. {
  4205. if (preg_match("/\d{4}/", $modifiedDateNo)) // if '$modifiedDateNo' does contain at least one date spec (which, as a minimum, is defined by a four-digit year)
  4206. {
  4207. // extract first date spec:
  4208. $modifiedDateNoStart = preg_replace("/^[^\d-]*(\d{4}(?:-\d{2})?(?:-\d{2})?).*/", "\\1", $modifiedDateNo); // extracts e.g. "2005-10-27", "2005-10" or just "2005" (in that order)
  4209. $query .= " AND modified_date >= " . quote_smart($modifiedDateNoStart);
  4210. if (preg_match("/^[^\d-]*\d{4}(?:-\d{2})?(?:-\d{2})?[^\d-]+\d{4}(?:-\d{2})?(?:-\d{2})?/", $modifiedDateNo)) // if '$modifiedDateNo' does contain at least two date specs (which are separated by one or more non-digit/non-hyphen characters)
  4211. {
  4212. // extract the second date spec:
  4213. $modifiedDateNoEnd = preg_replace("/^[^\d-]*\d{4}(?:-\d{2})?(?:-\d{2})?[^\d-]+(\d{4}(?:-\d{2})?(?:-\d{2})?).*/", "\\1", $modifiedDateNo);
  4214. $query .= " AND modified_date <= " . quote_smart($modifiedDateNoEnd);
  4215. }
  4216. }
  4217. else // fallback if no recognized date spec is given:
  4218. $query .= " AND modified_date RLIKE " . quote_smart($modifiedDateNo);
  4219. }
  4220. elseif ($modifiedDateSelector == "is within list")
  4221. {
  4222. // replace any non-digit/non-hyphen chars with "|":
  4223. $modifiedDateNo = preg_replace("/[^\d-]+/", "|", $modifiedDateNo);
  4224. // strip "|" from beginning/end of string (if any):
  4225. $modifiedDateNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $modifiedDateNo);
  4226. $query .= " AND modified_date RLIKE " . quote_smart("^(" . $modifiedDateNo . ")$");
  4227. }
  4228. }
  4229. // ... if the user has specified a modified time, add the value of '$modifiedTimeNo' as an AND clause:
  4230. $modifiedTimeNo = $_REQUEST['modifiedTimeNo'];
  4231. if ($modifiedTimeNo != "")
  4232. {
  4233. $modifiedTimeSelector = $_REQUEST['modifiedTimeSelector'];
  4234. if ($modifiedTimeSelector == "contains")
  4235. $query .= " AND modified_time RLIKE " . quote_smart($modifiedTimeNo);
  4236. elseif ($modifiedTimeSelector == "does not contain")
  4237. $query .= " AND modified_time NOT RLIKE " . quote_smart($modifiedTimeNo);
  4238. elseif ($modifiedTimeSelector == "is equal to")
  4239. $query .= " AND modified_time = " . quote_smart($modifiedTimeNo);
  4240. elseif ($modifiedTimeSelector == "is not equal to")
  4241. $query .= " AND modified_time != " . quote_smart($modifiedTimeNo);
  4242. elseif ($modifiedTimeSelector == "starts with")
  4243. $query .= " AND modified_time RLIKE " . quote_smart("^" . $modifiedTimeNo);
  4244. elseif ($modifiedTimeSelector == "ends with")
  4245. $query .= " AND modified_time RLIKE " . quote_smart($modifiedTimeNo . "$");
  4246. elseif ($modifiedTimeSelector == "is greater than")
  4247. $query .= " AND modified_time > " . quote_smart($modifiedTimeNo);
  4248. elseif ($modifiedTimeSelector == "is less than")
  4249. $query .= " AND modified_time < " . quote_smart($modifiedTimeNo);
  4250. elseif ($modifiedTimeSelector == "is within range")
  4251. {
  4252. if (preg_match("/\d{2}:\d{2}/", $modifiedTimeNo)) // if '$modifiedTimeNo' does contain at least one time spec (which, as a minimum, is defined by a HH:MM)
  4253. {
  4254. // extract first time spec:
  4255. $modifiedTimeNoStart = preg_replace("/^[^\d:]*(\d{2}:\d{2}(?::\d{2})?).*/", "\\1", $modifiedTimeNo); // extracts e.g. "23:59:59" or just "23:59" (in that order)
  4256. $query .= " AND modified_time >= " . quote_smart($modifiedTimeNoStart);
  4257. if (preg_match("/^[^\d:]*\d{2}:\d{2}(?::\d{2})?[^\d:]+\d{2}:\d{2}(?::\d{2})?/", $modifiedTimeNo)) // if '$modifiedTimeNo' does contain at least two date specs (which are separated by one or more non-digit/non-colon characters)
  4258. {
  4259. // extract the second time spec:
  4260. $modifiedTimeNoEnd = preg_replace("/^[^\d:]*\d{2}:\d{2}(?::\d{2})?[^\d:]+(\d{2}:\d{2}(?::\d{2})?).*/", "\\1", $modifiedTimeNo);
  4261. $query .= " AND modified_time <= " . quote_smart($modifiedTimeNoEnd);
  4262. }
  4263. }
  4264. else // fallback if no recognized time spec is given:
  4265. $query .= " AND modified_time RLIKE " . quote_smart($modifiedTimeNo);
  4266. }
  4267. elseif ($modifiedTimeSelector == "is within list")
  4268. {
  4269. // replace any non-digit/non-colon chars with "|":
  4270. $modifiedTimeNo = preg_replace("/[^\d:]+/", "|", $modifiedTimeNo);
  4271. // strip "|" from beginning/end of string (if any):
  4272. $modifiedTimeNo = preg_replace("/^\|?(.+?)\|?$/", "\\1", $modifiedTimeNo);
  4273. $query .= " AND modified_time RLIKE " . quote_smart("^(" . $modifiedTimeNo . ")$");
  4274. }
  4275. }
  4276. // ... if the user has specified a modified by, add the value of '$modifiedByName' as an AND clause:
  4277. if (isset($_REQUEST['modifiedByRadio'])) // the "modified by" text entry form is not available if the user is not logged in
  4278. {
  4279. $modifiedByRadio = $_REQUEST['modifiedByRadio'];
  4280. if ($modifiedByRadio == "1")
  4281. {
  4282. $modifiedByName = $_REQUEST['modifiedByName'];
  4283. if ($modifiedByName != "All" && $modifiedByName != "")
  4284. {
  4285. $modifiedBySelector = $_REQUEST['modifiedBySelector'];
  4286. if ($modifiedBySelector == "contains")
  4287. $query .= " AND modified_by RLIKE " . quote_smart($modifiedByName);
  4288. elseif ($modifiedBySelector == "does not contain")
  4289. $query .= " AND modified_by NOT RLIKE " . quote_smart($modifiedByName);
  4290. elseif ($modifiedBySelector == "is equal to")
  4291. $query .= " AND modified_by = " . quote_smart($modifiedByName);
  4292. elseif ($modifiedBySelector == "is not equal to")
  4293. $query .= " AND modified_by != " . quote_smart($modifiedByName);
  4294. elseif ($modifiedBySelector == "starts with")
  4295. $query .= " AND modified_by RLIKE " . quote_smart("^" . $modifiedByName);
  4296. elseif ($modifiedBySelector == "ends with")
  4297. $query .= " AND modified_by RLIKE " . quote_smart($modifiedByName . "$");
  4298. }
  4299. }
  4300. elseif ($modifiedByRadio == "0")
  4301. {
  4302. $modifiedByName2 = $_REQUEST['modifiedByName2'];
  4303. if ($modifiedByName2 != "")
  4304. {
  4305. $modifiedBySelector2 = $_REQUEST['modifiedBySelector2'];
  4306. if ($modifiedBySelector2 == "contains")
  4307. $query .= " AND modified_by RLIKE " . quote_smart($modifiedByName2);
  4308. elseif ($modifiedBySelector2 == "does not contain")
  4309. $query .= " AND modified_by NOT RLIKE " . quote_smart($modifiedByName2);
  4310. elseif ($modifiedBySelector2 == "is equal to")
  4311. $query .= " AND modified_by = " . quote_smart($modifiedByName2);
  4312. elseif ($modifiedBySelector2 == "is not equal to")
  4313. $query .= " AND modified_by != " . quote_smart($modifiedByName2);
  4314. elseif ($modifiedBySelector2 == "starts with")
  4315. $query .= " AND modified_by RLIKE " . quote_smart("^" . $modifiedByName2);
  4316. elseif ($modifiedBySelector2 == "ends with")
  4317. $query .= " AND modified_by RLIKE " . quote_smart($modifiedByName2 . "$");
  4318. }
  4319. }
  4320. }
  4321. // Construct the ORDER BY clause:
  4322. $query .= " ORDER BY ";
  4323. // A) extract first level sort option:
  4324. $sortSelector1 = $_REQUEST['sortSelector1'];
  4325. if ($sortSelector1 != "")
  4326. {
  4327. // when field name = 'pages' then sort by 'first_page' instead:
  4328. $sortSelector1 = str_replace("pages", "first_page", $sortSelector1);
  4329. $sortRadio1 = $_REQUEST['sortRadio1'];
  4330. if ($sortRadio1 == "0") // sort ascending
  4331. $query .= "$sortSelector1";
  4332. else // sort descending
  4333. $query .= "$sortSelector1 DESC";
  4334. }
  4335. // B) extract second level sort option:
  4336. $sortSelector2 = $_REQUEST['sortSelector2'];
  4337. if ($sortSelector2 != "")
  4338. {
  4339. // when field name = 'pages' then sort by 'first_page' instead:
  4340. $sortSelector2 = str_replace("pages", "first_page", $sortSelector2);
  4341. $sortRadio2 = $_REQUEST['sortRadio2'];
  4342. if ($sortRadio2 == "0") // sort ascending
  4343. $query .= ", $sortSelector2";
  4344. else // sort descending
  4345. $query .= ", $sortSelector2 DESC";
  4346. }
  4347. // C) extract third level sort option:
  4348. $sortSelector3 = $_REQUEST['sortSelector3'];
  4349. if ($sortSelector3 != "")
  4350. {
  4351. // when field name = 'pages' then sort by 'first_page' instead:
  4352. $sortSelector3 = str_replace("pages", "first_page", $sortSelector3);
  4353. $sortRadio3 = $_REQUEST['sortRadio3'];
  4354. if ($sortRadio3 == "0") // sort ascending
  4355. $query .= ", $sortSelector3";
  4356. else // sort descending
  4357. $query .= ", $sortSelector3 DESC";
  4358. }
  4359. // Since the sort popup menus use empty fields as delimiters between groups of fields
  4360. // we'll have to trap the case that the user hasn't chosen any field names for sorting:
  4361. if (preg_match("/ORDER BY $/i", $query))
  4362. $query .= "author, year DESC, publication"; // use the default ORDER BY clause
  4363. // Finally, fix the wrong syntax where its says "ORDER BY, author, title, ..." instead of "ORDER BY author, title, ...":
  4364. $query = preg_replace("/ORDER BY , /i","ORDER BY ",$query);
  4365. return $query;
  4366. }
  4367. // --------------------------------------------------------------------
  4368. // Note: function 'extractFormElementsRefineDisplay()' is defined in 'include.inc.php' since it's also used by 'users.php'
  4369. // --------------------------------------------------------------------
  4370. // Build the database query from records selected by the user within the query results list (which, in turn, was returned by 'search.php'):
  4371. function extractFormElementsQueryResults($displayType, $originalDisplayType, $showLinks, $citeOrder, $orderBy, $userID, $sqlQuery, $referer, $recordSerialsArray, $recordsSelectionRadio)
  4372. {
  4373. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  4374. // Process ALL found records:
  4375. if ($recordsSelectionRadio == "1") // if the user checked the radio button next to the "All Found Records" option [this is the default]
  4376. {
  4377. // extract the 'WHERE' clause from the SQL query:
  4378. $queryWhereClause = extractWHEREclause($sqlQuery); // function 'extractWHEREclause()' is defined in 'include.inc.php'
  4379. if (preg_match("/^(Add|Remove)$/i", $displayType)) // the user clicked either the 'Add' or the 'Remove' button
  4380. // get the serial numbers of all found records (which is required by function 'modifyUserGroups()'):
  4381. $recordSerialsArray = getFieldContents($tableRefs, "serial", $userID, $queryWhereClause); // function 'getFieldContents()' is defined in 'include.inc.php'
  4382. }
  4383. // Process SELECTED records only:
  4384. else // $recordsSelectionRadio == "0" // if the user checked the radio button next to the "Selected Records" option
  4385. {
  4386. if (empty($recordSerialsArray)) // the user did NOT check any checkboxes
  4387. $recordSerialsArray[] = "0"; // since '0' doesn't exist as serial number, this will result in a "nothing found" feedback
  4388. $queryWhereClause = "serial RLIKE " . quote_smart("^(" . implode("|", $recordSerialsArray) . ")$");
  4389. }
  4390. if (isset($_SESSION['loginEmail']) AND (isset($_SESSION['user_permissions']) AND preg_match("/allow_user_groups/", $_SESSION['user_permissions']))) // if a user is logged in AND the 'user_permissions' session variable contains 'allow_user_groups', extract form elements which add/remove the selected records to/from a user's group:
  4391. {
  4392. $userGroupActionRadio = $_REQUEST['userGroupActionRadio']; // extract user option whether we're supposed to process an existing group name or any custom/new group name that was specified by the user
  4393. // Extract the chosen user group from the request:
  4394. // first, we need to check whether the user did choose an existing group name from the popup menu
  4395. // -OR- if he/she did enter a custom group name in the text entry field:
  4396. if ($userGroupActionRadio == "1") // if the user checked the radio button next to the group popup menu ('userGroupSelector') [this is the default]
  4397. {
  4398. if (isset($_REQUEST['userGroupSelector']))
  4399. $userGroup = $_REQUEST['userGroupSelector']; // extract the value of the 'userGroupSelector' popup menu
  4400. else
  4401. $userGroup = "";
  4402. }
  4403. else // $userGroupActionRadio == "0" // if the user checked the radio button next to the group text entry field ('userGroupName')
  4404. {
  4405. if (isset($_REQUEST['userGroupName']))
  4406. $userGroup = $_REQUEST['userGroupName']; // extract the value of the 'userGroupName' text entry field
  4407. else
  4408. $userGroup = "";
  4409. }
  4410. }
  4411. // Depending on the chosen output format, construct an appropriate SQL query:
  4412. // TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
  4413. if (preg_match("/^Cite$/i", $displayType)) // (if any form element is selected, hitting <enter> will act as if the user clicked the 'Cite' button)
  4414. {
  4415. $query = buildSELECTclause($displayType, $showLinks); // function 'buildSELECTclause()' is defined in 'include.inc.php'
  4416. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  4417. $query .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . quote_smart($userID) . " WHERE " . $queryWhereClause;
  4418. else // NO user logged in
  4419. $query .= " FROM $tableRefs WHERE " . $queryWhereClause;
  4420. if ($citeOrder == "year") // sort records first by year (descending), then in the usual way:
  4421. $query .= " ORDER BY year DESC, first_author, author_count, author, title";
  4422. elseif ($citeOrder == "type") // sort records first by record type (and thesis type), then in the usual way:
  4423. $query .= " ORDER BY type DESC, thesis DESC, first_author, author_count, author, year, title";
  4424. elseif ($citeOrder == "type-year") // sort records first by record type (and thesis type), then by year (descending), then in the usual way:
  4425. $query .= " ORDER BY type DESC, thesis DESC, year DESC, first_author, author_count, author, title";
  4426. elseif ($citeOrder == "creation-date") // sort records such that newly added/edited records get listed top of the list:
  4427. $query .= " ORDER BY created_date DESC, created_time DESC, modified_date DESC, modified_time DESC, serial DESC";
  4428. else // if any other or no '$citeOrder' parameter is specified, we supply the default ORDER BY pattern (which is suitable for citation in a journal etc.):
  4429. $query .= " ORDER BY first_author, author_count, author, year, title";
  4430. }
  4431. elseif (preg_match("/^(Display|Export)$/i", $displayType))
  4432. {
  4433. $query = buildSELECTclause($displayType, $showLinks); // function 'buildSELECTclause()' is defined in 'include.inc.php'
  4434. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  4435. $query .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . quote_smart($userID) . " WHERE " . $queryWhereClause . " ORDER BY $orderBy";
  4436. else // NO user logged in
  4437. $query .= " FROM $tableRefs WHERE " . $queryWhereClause . " ORDER BY $orderBy";
  4438. }
  4439. elseif (isset($_SESSION['loginEmail']) AND preg_match("/^(Add|Remove)$/i", $displayType)) // if a user (who's logged in) clicked the 'Add' or 'Remove' button...
  4440. {
  4441. if (preg_match("/^(Add|Remove)$/i", $displayType) AND !empty($userGroup)) // the user clicked either the 'Add' or the 'Remove' button
  4442. modifyUserGroups($tableUserData, $displayType, $recordSerialsArray, $userID, $userGroup); // add (remove) selected records to (from) the specified user group (function 'modifyUserGroups()' is defined in 'include.inc.php')
  4443. // re-apply the current sqlQuery:
  4444. $query = preg_replace("/ FROM $tableRefs/i",", orig_record FROM $tableRefs", $sqlQuery); // add 'orig_record' column (which is required in order to present visual feedback on duplicate records)
  4445. $query = preg_replace("/ FROM $tableRefs/i",", serial FROM $tableRefs", $query); // add 'serial' column (which is required in order to obtain unique checkbox names)
  4446. if ($showLinks == "1")
  4447. $query = preg_replace("/ FROM $tableRefs/i",", file, url, doi, isbn, type FROM $tableRefs", $query); // add 'file', 'url', 'doi', 'isbn' & 'type columns
  4448. // re-assign the correct display type if the user clicked the 'Add' or 'Remove' button of the 'queryResults' form:
  4449. $displayType = $originalDisplayType;
  4450. }
  4451. return array($query, $displayType);
  4452. }
  4453. // --------------------------------------------------------------------
  4454. // Build the database query from user input provided by the 'extract.php' form:
  4455. function extractFormElementsExtract($showLinks, $citeOrder, $userID)
  4456. {
  4457. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  4458. global $loc; // '$loc' is made globally available in 'core.php'
  4459. // Extract form elements (that are unique to the 'extract.php' form):
  4460. $sourceText = $_REQUEST['sourceText']; // get the source text that contains the record serial numbers/cite keys
  4461. $startDelim = $_REQUEST['startDelim']; // get the start delimiter that precedes record serial numbers/cite keys
  4462. $endDelim = $_REQUEST['endDelim']; // get the end delimiter that follows record serial numbers/cite keys
  4463. $startDelim = preg_quote($startDelim); // escape any potential meta-characters
  4464. $endDelim = preg_quote($endDelim); // escape any potential meta-characters
  4465. // Extract record serial numbers/cite keys from source text:
  4466. $sourceText = "_" . $sourceText; // Note: by adding a character at the beginning of '$sourceText' we circumvent a problem with the regex pattern below which will strip everything up to the 2nd serial number/cite key if '$sourceText' starts with '$startDelim'
  4467. $recordSerialsKeysString = preg_replace("/^.*?(?=$startDelim.+?$endDelim|$)/s", "", $sourceText); // remove any text preceeding the first serial number/cite key
  4468. $recordSerialsKeysString = preg_replace("/$startDelim(.+?)$endDelim.*?(?=$startDelim.+?$endDelim|$)/s", "\\1_#_�_~_", $recordSerialsKeysString); // replace any text between serial numbers/cite keys (or between a serial number/cite key and the end of the text) with "_#_�_~_"; additionally, remove the delimiters enclosing the serial numbers/cite keys
  4469. // Note: we do a quick'n dirty approach here, by inserting the string "_#_�_~_" as string delimiter between serial numbers/cite keys. Of course, this will only work as long the string "_#_�_~_" doesn't occur within '$sourceText'.
  4470. $recordSerialsKeysString = preg_replace("/(_#_�_~_)?\n?$/s", "", $recordSerialsKeysString); // remove any trailing chars (like \n or "_#_�_~_") at end of line
  4471. $recordSerialsKeysArray = preg_split("/_#_�_~_/", $recordSerialsKeysString, -1, PREG_SPLIT_NO_EMPTY); // split string containing the serial numbers/cite keys on the string delimiter "_#_�_~_" (the 'PREG_SPLIT_NO_EMPTY' flag causes only non-empty pieces to be returned)
  4472. $recordSerialsKeysArray = array_unique($recordSerialsKeysArray); // remove any duplicate serial numbers/cite keys from the list of extracted record identifiers
  4473. $recordSerialsArray = array();
  4474. $escapedRecordKeysArray = array();
  4475. $foundRecordSerialsKeysArray = array();
  4476. $missingRecordSerialsKeysArray = array();
  4477. foreach($recordSerialsKeysArray as $recordSerialKey)
  4478. {
  4479. if (preg_match("/^\d+$/", $recordSerialKey)) // every identifier which only contains digits is treated as a serial number! (In other words: cite keys must contain at least one non-digit character)
  4480. $recordSerialsArray[] = $recordSerialKey;
  4481. elseif (!empty($recordSerialKey)) // identifier is treated as cite key
  4482. {
  4483. $escapedRecordKey = preg_quote($recordSerialKey); // escape any potential meta-characters within cite key
  4484. $escapedRecordKeysArray[] = $escapedRecordKey;
  4485. }
  4486. }
  4487. $recordSerialsString = implode("|", $recordSerialsArray); // merge array of serial numbers again into a string, using "|" as delimiter
  4488. $escapedRecordKeysString = implode("|", $escapedRecordKeysArray); // merge array of cite keys again into a string, using "|" as delimiter
  4489. // Construct the SQL query:
  4490. // TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
  4491. // for the selected records, select all fields that are visible in Citation view:
  4492. $query = buildSELECTclause("Cite", $showLinks); // function 'buildSELECTclause()' is defined in 'include.inc.php'
  4493. $query .= " FROM $tableRefs"; // add FROM clause
  4494. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  4495. $query .= " LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . quote_smart($userID); // add LEFT JOIN part to FROM clause
  4496. // add WHERE clause:
  4497. $query .= " WHERE";
  4498. if (!empty($recordSerialsArray) OR (empty($recordSerialsArray) AND empty($escapedRecordKeysArray)) OR (empty($recordSerialsArray) AND !isset($_SESSION['loginEmail']))) // the second condition ensures a valid SQL query if no serial numbers or cite keys were found, same for the third condition if a user isn't logged in and '$sourceText' did only contain cite keys
  4499. $query .= " serial RLIKE " . quote_smart("^(" . $recordSerialsString . ")$"); // add any serial numbers to WHERE clause
  4500. if (!empty($recordSerialsArray) AND (!empty($escapedRecordKeysArray) AND isset($_SESSION['loginEmail'])))
  4501. $query .= " OR";
  4502. if (!empty($escapedRecordKeysArray) AND isset($_SESSION['loginEmail']))
  4503. $query .= " cite_key RLIKE " . quote_smart("^(" . $escapedRecordKeysString . ")$"); // add any cite keys to WHERE clause
  4504. // add ORDER BY clause:
  4505. if ($citeOrder == "year") // sort records first by year (descending), then in the usual way:
  4506. $query .= " ORDER BY year DESC, first_author, author_count, author, title";
  4507. elseif ($citeOrder == "type") // sort records first by record type (and thesis type), then in the usual way:
  4508. $query .= " ORDER BY type DESC, thesis DESC, first_author, author_count, author, year, title";
  4509. elseif ($citeOrder == "type-year") // sort records first by record type (and thesis type), then by year (descending), then in the usual way:
  4510. $query .= " ORDER BY type DESC, thesis DESC, year DESC, first_author, author_count, author, title";
  4511. elseif ($citeOrder == "creation-date") // sort records such that newly added/edited records get listed top of the list:
  4512. $query .= " ORDER BY created_date DESC, created_time DESC, modified_date DESC, modified_time DESC, serial DESC";
  4513. else // if any other or no '$citeOrder' parameter is specified, we supply the default ORDER BY pattern (which is suitable for citation in a journal etc.):
  4514. $query .= " ORDER BY first_author, author_count, author, year, title";
  4515. // Check whether the extracted serial numbers and cite keys exist in the database:
  4516. $result = queryMySQLDatabase($query); // RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
  4517. if (@ mysqli_num_rows($result) > 0) // if there were rows found ...
  4518. {
  4519. // Loop over each row in the result set:
  4520. for ($rowCounter=0; $row = @ mysqli_fetch_array($result); $rowCounter++)
  4521. {
  4522. if (!in_array($row["serial"], $foundRecordSerialsKeysArray) OR (!empty($row["cite_key"]) AND !in_array($row["cite_key"], $foundRecordSerialsKeysArray))) // if this record identifier hasn't been seen yet
  4523. {
  4524. // add this record's serial number and cite key to the array of found record serials and cite keys:
  4525. $foundRecordSerialsKeysArray[] = $row["serial"];
  4526. if (!empty($row["cite_key"]))
  4527. $foundRecordSerialsKeysArray[] = $row["cite_key"];
  4528. }
  4529. }
  4530. }
  4531. $missingRecordSerialsKeysArray = array_diff($recordSerialsKeysArray, $foundRecordSerialsKeysArray); // get all unique array elements of '$recordSerialsKeysArray' which are not in '$foundRecordSerialsKeysArray'
  4532. sort($missingRecordSerialsKeysArray);
  4533. if (!empty($escapedRecordKeysArray) AND !isset($_SESSION['loginEmail'])) // a user can only use cite keys as record identifiers when he's logged in
  4534. $messageSuffix = "<br>" . $loc["Warning_LoginToUseCiteKeysAsIdentifiers"] . "!";
  4535. else
  4536. $messageSuffix = "";
  4537. if (!empty($missingRecordSerialsKeysArray) OR (!empty($escapedRecordKeysArray) AND !isset($_SESSION['loginEmail']))) // if some record identifiers could not be found in the database -OR- if a user tries to use cite keys while not being logged in
  4538. // return an appropriate error message:
  4539. $HeaderString = returnMsg("Following record identifiers could not be found: " . implode(", ", $missingRecordSerialsKeysArray), "warning", "strong", "HeaderString", "", $messageSuffix); // function 'returnMsg()' is defined in 'include.inc.php'
  4540. return $query;
  4541. }
  4542. // --------------------------------------------------------------------
  4543. // Build the database query from user input provided by the "Quick Search" form on the main page ('index.php'):
  4544. // TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
  4545. function extractFormElementsQuick($sqlQuery, $showLinks, $userID, $displayType, $originalDisplayType)
  4546. {
  4547. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  4548. global $defaultFieldsListViewMajor; // these variables are specified in 'ini.inc.php'
  4549. global $defaultFieldsListViewMinor;
  4550. global $query;
  4551. $quickSearchSelector = $_REQUEST['quickSearchSelector']; // extract field name chosen by the user
  4552. $quickSearchName = $_REQUEST['quickSearchName']; // extract search text entered by the user
  4553. $userMainFieldsArray = preg_split("/ *, */", $_SESSION['userMainFields']); // get the list of "main fields" preferred by the current user
  4554. if (!empty($originalDisplayType))
  4555. {
  4556. // NOTE: if the user submits the 'quickSearch' form from Browse view, we currently don't display
  4557. // the new search results in Browse view but switch to the user's default view instead
  4558. if ($originalDisplayType == "Browse")
  4559. // note that, as long as the 'quickSearch' form doesn't transmit a 'submit' parameter, the next line
  4560. // isn't strictly necessary (since then '$displayType' will already contain the user's default view)
  4561. $displayType = $_SESSION['userDefaultView']; // get the default view for the current user
  4562. else // re-assign the correct display type (i.e. the view that was active when the user clicked the 'Search' button of the 'quickSearch' form):
  4563. $displayType = $originalDisplayType;
  4564. }
  4565. // Build SELECT clause:
  4566. if (preg_match("/^(Cite|Display)$/i", $displayType))
  4567. {
  4568. if ((preg_match("/^Display$/i", $displayType)) AND (isset($_SESSION['lastDetailsViewQuery']))) // get SELECT clause from previous Details view query (if any):
  4569. {
  4570. $previousSelectClause = extractSELECTclause($_SESSION['lastDetailsViewQuery']); // function 'extractSELECTclause()' is defined in 'include.inc.php'
  4571. $query = buildSELECTclause($displayType, $showLinks, "", false, true, $previousSelectClause); // function 'buildSELECTclause()' is defined in 'include.inc.php'
  4572. }
  4573. else // generate a new SELECT clause that's appropriate for Citation view (or Details view):
  4574. $query = buildSELECTclause($displayType, $showLinks);
  4575. }
  4576. else // output found records in List view:
  4577. {
  4578. if ($quickSearchSelector == "main_fields") // if we're supposed to query all of the "main fields" at once
  4579. {
  4580. $additionalFields = $defaultFieldsListViewMinor; // note that for the "main fields" option, we simply display the default list of columns
  4581. }
  4582. else
  4583. {
  4584. // if the default list of "major" fields (to be displayed in List view) doesn't already contain the chosen field name...
  4585. // (which is e.g. the case for the 'keywords' & 'abstract' fields)
  4586. if (!preg_match("/" . $quickSearchSelector . "/", $defaultFieldsListViewMajor))
  4587. $additionalFields = $quickSearchSelector; // ...add chosen field to SELECT query
  4588. else
  4589. $additionalFields = $defaultFieldsListViewMinor; // ...otherwise, add further default columns
  4590. }
  4591. $query = buildSELECTclause("", $showLinks, $additionalFields, false, true, $defaultFieldsListViewMajor);
  4592. }
  4593. // Build FROM clause:
  4594. if (isset($_SESSION['loginEmail'])) // if a user is logged in...
  4595. $query .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . $userID;
  4596. else // NO user logged in
  4597. $query .= " FROM $tableRefs";
  4598. // Build WHERE clause:
  4599. $query .= " WHERE";
  4600. // we construct a hierarchical '$searchArray' from the given search field name(s) & value;
  4601. // this array then gets merged into a full SQL WHERE clause by function 'appendToWhereClause()'
  4602. $searchArray = array();
  4603. $searchArray[] = array("_boolean" => "",
  4604. "_query" => "serial RLIKE \".+\"");
  4605. if ($quickSearchName != "") // if the user typed a search string into the text entry field...
  4606. {
  4607. if ($quickSearchSelector == "main_fields")
  4608. {
  4609. $searchSubArray = array();
  4610. foreach($userMainFieldsArray as $userMainField)
  4611. $searchSubArray[] = array("_boolean" => "OR",
  4612. "_query" => $userMainField . " RLIKE " . quote_smart($quickSearchName));
  4613. $searchArray[] = array("_boolean" => "AND",
  4614. "_query" => $searchSubArray);
  4615. }
  4616. else
  4617. $searchArray[] = array("_boolean" => "AND",
  4618. "_query" => $quickSearchSelector . " RLIKE " . quote_smart($quickSearchName));
  4619. }
  4620. appendToWhereClause($searchArray); // function 'appendToWhereClause()' is defined in 'include.inc.php'
  4621. // Build ORDER BY clause:
  4622. $query .= " ORDER BY ";
  4623. if (($originalDisplayType != "Browse") AND (!empty($sqlQuery)))
  4624. // use the custom ORDER BY clause chosen by the user:
  4625. $query .= extractORDERBYclause($sqlQuery); // function 'extractORDERBYclause()' is defined in 'include.inc.php'
  4626. else
  4627. // add the default ORDER BY clause:
  4628. $query .= "author, year DESC, publication";
  4629. return array($query, $displayType);
  4630. }
  4631. // --------------------------------------------------------------------
  4632. // Build the database query from user input provided by the "Show My Group" form on the main page ('index.php') or above the query results list (that was produced by 'search.php'):
  4633. // TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
  4634. function extractFormElementsGroup($sqlQuery, $showLinks, $userID, $displayType, $originalDisplayType)
  4635. {
  4636. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  4637. $groupSearchSelector = $_REQUEST['groupSearchSelector']; // extract the user group chosen by the user
  4638. $groupSearchSelector = preg_quote($groupSearchSelector, "/"); // escape possible meta characters within group names (otherwise the RLIKE SQL query that's generated below might fail)
  4639. if (!empty($originalDisplayType))
  4640. {
  4641. // NOTE: if the user submits the 'groupSearch' form from Browse view, we currently don't display
  4642. // the group's entries in Browse view but switch to the user's default view instead
  4643. if ($originalDisplayType == "Browse")
  4644. // note that, as long as the 'groupSearch' form doesn't transmit a 'submit' parameter, the next line
  4645. // isn't strictly necessary (since then '$displayType' will already contain the user's default view)
  4646. $displayType = $_SESSION['userDefaultView']; // get the default view for the current user
  4647. else // re-assign the correct display type (i.e. the view that was active when the user clicked the 'Show' button of the 'groupSearch' form):
  4648. $displayType = $originalDisplayType;
  4649. }
  4650. if (preg_match("/^(Cite|Display)$/i", $displayType))
  4651. {
  4652. if ((preg_match("/^Display$/i", $displayType)) AND (isset($_SESSION['lastDetailsViewQuery']))) // get SELECT clause from previous Details view query (if any):
  4653. {
  4654. $previousSelectClause = extractSELECTclause($_SESSION['lastDetailsViewQuery']); // function 'extractSELECTclause()' is defined in 'include.inc.php'
  4655. $query = buildSELECTclause($displayType, $showLinks, "", false, true, $previousSelectClause); // function 'buildSELECTclause()' is defined in 'include.inc.php'
  4656. }
  4657. else // generate a new SELECT clause that's appropriate for Citation view (or Details view):
  4658. $query = buildSELECTclause($displayType, $showLinks);
  4659. }
  4660. // output found records in List view:
  4661. elseif (($originalDisplayType != "Browse") AND (!empty($sqlQuery))) // if we're not in Browse view and there's a previous SQL query available (as is the case if the group search originated from a search results page - and not from the main page 'index.php')
  4662. {
  4663. // use the custom set of colums chosen by the user:
  4664. $previousSelectClause = extractSELECTclause($sqlQuery);
  4665. $query = buildSELECTclause("", $showLinks, "", false, true, $previousSelectClause);
  4666. }
  4667. else
  4668. {
  4669. // use the default SELECT statement:
  4670. $query = buildSELECTclause("", $showLinks, "user_groups", false, true);
  4671. }
  4672. if (($originalDisplayType != "Browse") AND (!empty($sqlQuery)))
  4673. // use the custom ORDER BY clause chosen by the user:
  4674. $queryOrderBy = extractORDERBYclause($sqlQuery); // function 'extractORDERBYclause()' is defined in 'include.inc.php'
  4675. else
  4676. // add the default ORDER BY clause:
  4677. $queryOrderBy = "author, year DESC, publication";
  4678. $query .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . $userID; // add FROM clause
  4679. $query .= " WHERE user_groups RLIKE " . quote_smart("(^|.*;) *" . $groupSearchSelector. " *(;.*|$)"); // add WHERE clause
  4680. $query .= " ORDER BY " . $queryOrderBy; // add ORDER BY clause
  4681. return array($query, $displayType);
  4682. }
  4683. // --------------------------------------------------------------------
  4684. // Build the database query from user input provided by the "Show My Refs" form on the
  4685. // main page ('index.php') which searches the user specific fields from table 'user_data':
  4686. // Note: Although the "Show My Refs" form on 'index.php' is of method="POST" we do accept
  4687. // GET queries as well in order to allow for the 'My Refs' links provided by the
  4688. // 'showLogin()' function (from 'include.inc.php').
  4689. function extractFormElementsMyRefs($showLinks, $loginEmail, $userID)
  4690. {
  4691. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  4692. $myRefsRadio = $_REQUEST['myRefsRadio']; // will be "1" if the user wants to display ALL of his records, otherwise it will be "0"
  4693. // extract form popup 'marked/not marked':
  4694. if (isset($_REQUEST['findMarked']))
  4695. $findMarked = $_REQUEST['findMarked']; // will be "1" if the user wants to search the 'marked' field
  4696. else
  4697. $findMarked = "";
  4698. if (isset($_REQUEST['markedSelector']))
  4699. $markedSelector = $_REQUEST['markedSelector']; // extract 'marked' field value chosen by the user
  4700. else
  4701. $markedSelector = "";
  4702. // extract form popup 'selected/not selected':
  4703. if (isset($_REQUEST['findSelected']))
  4704. $findSelected = $_REQUEST['findSelected']; // will be "1" if the user wants to search the 'selected' field
  4705. else
  4706. $findSelected = "";
  4707. if (isset($_REQUEST['selectedSelector']))
  4708. $selectedSelector = $_REQUEST['selectedSelector']; // extract 'selected' field value chosen by the user
  4709. else
  4710. $selectedSelector = "";
  4711. // extract form popup 'copy = true/fetch/ordered/false':
  4712. if (isset($_REQUEST['findCopy']))
  4713. $findCopy = $_REQUEST['findCopy']; // will be "1" if the user wants to search the 'copy' field
  4714. else
  4715. $findCopy = "";
  4716. if (isset($_REQUEST['copySelector']))
  4717. $copySelector = $_REQUEST['copySelector']; // extract 'copy' field value chosen by the user
  4718. else
  4719. $copySelector = "";
  4720. // extract form text entry field 'key':
  4721. if (isset($_REQUEST['findUserKeys']))
  4722. $findUserKeys = $_REQUEST['findUserKeys']; // will be "1" if the user wants to search the 'user_keys' field
  4723. else
  4724. $findUserKeys = "";
  4725. if (isset($_REQUEST['userKeysName']))
  4726. $userKeysName = $_REQUEST['userKeysName']; // extract user keys entered by the user
  4727. else
  4728. $userKeysName = "";
  4729. // extract form text entry field 'note':
  4730. if (isset($_REQUEST['findUserNotes']))
  4731. $findUserNotes = $_REQUEST['findUserNotes']; // will be "1" if the user wants to search the 'user_notes' field
  4732. else
  4733. $findUserNotes = "";
  4734. if (isset($_REQUEST['userNotesName']))
  4735. $userNotesName = $_REQUEST['userNotesName']; // extract user notes entered by the user
  4736. else
  4737. $userNotesName = "";
  4738. // extract form text entry field 'file':
  4739. if (isset($_REQUEST['findUserFile']))
  4740. $findUserFile = $_REQUEST['findUserFile']; // will be "1" if the user wants to search the 'user_file' field
  4741. else
  4742. $findUserFile = "";
  4743. if (isset($_REQUEST['userFileName']))
  4744. $userFileName = $_REQUEST['userFileName']; // extract file specification entered by the user
  4745. else
  4746. $userFileName = "";
  4747. if ($myRefsRadio == "0") // if the user only wants to display a subset of his records:
  4748. {
  4749. $additionalFieldsArray = array();
  4750. if ($findMarked == "1") // if the user wants to search the 'marked' field...
  4751. $additionalFieldsArray[] = "marked"; // ...add 'marked' field to SELECT query
  4752. if ($findSelected == "1") // if the user wants to search the 'selected' field...
  4753. $additionalFieldsArray[] = "selected"; // ...add 'selected' field to SELECT query
  4754. if ($findCopy == "1") // if the user wants to search the 'copy' field...
  4755. $additionalFieldsArray[] = "copy"; // ...add 'copy' field to SELECT query
  4756. if ($findUserKeys == "1") // if the user wants to search the 'user_keys' field...
  4757. $additionalFieldsArray[] = "user_keys"; // ...add 'user_keys' to SELECT query
  4758. if ($findUserNotes == "1") // if the user wants to search the 'user_notes' field...
  4759. $additionalFieldsArray[] = "user_notes"; // ...add 'user_notes' to SELECT query
  4760. if ($findUserFile == "1") // if the user wants to search the 'user_file' field...
  4761. $additionalFieldsArray[] = "user_file"; // ...add 'user_file' to SELECT query
  4762. $additionalFields = implode(", ", $additionalFieldsArray); // merge array of additional fields into a string, using ", " as delimiter
  4763. }
  4764. else
  4765. $additionalFields = "";
  4766. // construct the SQL query:
  4767. // TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
  4768. $query = buildSELECTclause("", $showLinks, $additionalFields, false, true); // function 'buildSELECTclause()' is defined in 'include.inc.php'
  4769. $query .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . $userID . " WHERE location RLIKE \"$loginEmail\""; // add FROM & (initial) WHERE clause
  4770. if ($myRefsRadio == "0") // if the user only wants to display a subset of his records:
  4771. {
  4772. if ($findMarked == "1") // if the user wants to search the 'marked' field...
  4773. {
  4774. if ($markedSelector == "marked")
  4775. $query .= " AND marked = \"yes\""; // ...add 'marked' field name & value to the sql query
  4776. else // $markedSelector == "not marked" (i.e., 'marked' is either 'no' -or- NULL)
  4777. $query .= " AND (marked = \"no\" OR marked IS NULL)"; // ...add 'marked' field name & value to the sql query
  4778. }
  4779. if ($findSelected == "1") // if the user wants to search the 'selected' field...
  4780. {
  4781. if ($selectedSelector == "selected")
  4782. $query .= " AND selected = \"yes\""; // ...add 'selected' field name & value to the sql query
  4783. else // $selectedSelector == "not selected" (i.e., 'selected' is either 'no' -or- NULL)
  4784. $query .= " AND (selected = \"no\" OR selected IS NULL)"; // ...add 'selected' field name & value to the sql query
  4785. }
  4786. if ($findCopy == "1") // if the user wants to search the 'copy' field...
  4787. {
  4788. if ($copySelector == "true")
  4789. $query .= " AND copy = \"true\""; // ...add 'copy' field name & value to the sql query
  4790. elseif ($copySelector == "ordered")
  4791. $query .= " AND copy = \"ordered\""; // ...add 'copy' field name & value to the sql query
  4792. elseif ($copySelector == "fetch")
  4793. $query .= " AND copy = \"fetch\""; // ...add 'copy' field name & value to the sql query
  4794. else // 'copy' is either 'false' -or- NULL
  4795. $query .= " AND (copy = \"false\" OR copy IS NULL)"; // ...add 'copy' field name & value to the sql query
  4796. }
  4797. if ($findUserKeys == "1") // if the user wants to search the 'user_keys' field...
  4798. if ($userKeysName != "") // if the user typed a search string into the text entry field...
  4799. $query .= " AND user_keys RLIKE " . quote_smart($userKeysName); // ...add 'user_keys' field name & value to the sql query
  4800. if ($findUserNotes == "1") // if the user wants to search the 'user_notes' field...
  4801. if ($userNotesName != "") // if the user typed a search string into the text entry field...
  4802. $query .= " AND user_notes RLIKE " . quote_smart($userNotesName); // ...add 'user_notes' field name & value to the sql query
  4803. if ($findUserFile == "1") // if the user wants to search the 'user_file' field...
  4804. if ($userFileName != "") // if the user typed a search string into the text entry field...
  4805. $query .= " AND user_file RLIKE " . quote_smart($userFileName); // ...add 'user_file' field name & value to the sql query
  4806. }
  4807. $query .= " ORDER BY author, year DESC, publication"; // add the default ORDER BY clause
  4808. return $query;
  4809. }
  4810. // --------------------------------------------------------------------
  4811. // Build the database query from user input provided by the "Browse My Refs" form on the
  4812. // main page ('index.php') which lets the user browse a particular field:
  4813. function extractFormElementsBrowseMyRefs($showLinks, $loginEmail, $userID)
  4814. {
  4815. // IMPORTANT NOTE: Browse functionality is NOT fully implemented yet!!
  4816. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  4817. $browseFieldSelector = $_REQUEST['browseFieldSelector']; // extract field name chosen by the user
  4818. // construct the SQL query:
  4819. // TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
  4820. // if the chosen field can contain multiple items...
  4821. // TODO: we really should check here if the corresponding 'ref_...' table exists!
  4822. if (preg_match("/^(author|keywords|editor|language|summary_language|area|location|user_keys|user_groups)$/i", $browseFieldSelector))
  4823. {
  4824. list($refTableName, $browseFieldName) = buildRefTableAndFieldNames($browseFieldSelector); // get correct table name and field name for the 'ref_...' table that matches the chosen field
  4825. $browseFieldColumnName = " AS " . preg_replace("/^ref_(\w+)$/i", "\\1", $browseFieldName); // strip the 'ref_' prefix for the column name
  4826. $queryRefTableLeftJoinPart = " LEFT JOIN $refTableName ON serial = ref_id"; // ...add the appropriate 'LEFT JOIN...' part to the 'FROM' clause
  4827. if (preg_match("/^(user_keys|user_groups)$/i", $browseFieldSelector))
  4828. $queryRefTableLeftJoinPart .= " AND ref_user_id = " . quote_smart($userID); // add the user's user_id as additional condition to this 'LEFT JOIN...' part
  4829. }
  4830. else
  4831. {
  4832. $browseFieldName = $browseFieldSelector;
  4833. $browseFieldColumnName = "";
  4834. $queryRefTableLeftJoinPart = "";
  4835. }
  4836. $query = buildSELECTclause("Browse", $showLinks, "", false, false, "", $browseFieldName . $browseFieldColumnName); // function 'buildSELECTclause()' is defined in 'include.inc.php'
  4837. // if a user specific field was chosen...
  4838. if (preg_match("/^(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related)$/i", $browseFieldSelector))
  4839. $query .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . $userID; // add FROM clause and the appropriate 'LEFT JOIN...' part
  4840. else
  4841. $query .= " FROM $tableRefs"; // add FROM clause
  4842. $query .= $queryRefTableLeftJoinPart; // add additional 'LEFT JOIN...' part (if required)
  4843. $query .= " WHERE location RLIKE " . quote_smart($loginEmail); // add (initial) WHERE clause
  4844. $query .= " GROUP BY $browseFieldName"; // add the GROUP BY clause
  4845. $query .= " ORDER BY records DESC, $browseFieldName"; // add the default ORDER BY clause
  4846. return $query;
  4847. }
  4848. // --------------------------------------------------------------------
  4849. // Add columns given in '$columnsArray' to the list of fields available in the
  4850. // List View SELECT clause if they were marked in the search form interface:
  4851. function addToSelectClause($columnsArray)
  4852. {
  4853. $selectClauseColumnsArray = array();
  4854. foreach ($columnsArray as $checkboxName => $columnName)
  4855. {
  4856. // If the user has checked the checkbox next to this column,
  4857. // add it to the SELECT clause:
  4858. if (isset($_REQUEST[$checkboxName]) AND ($_REQUEST[$checkboxName] == "1"))
  4859. $selectClauseColumnsArray[$columnName] = $columnName;
  4860. }
  4861. // force add 'author' column if the user hasn't checked any of the column checkboxes:
  4862. if (empty($selectClauseColumnsArray))
  4863. $selectClauseColumnsArray['author'] = "author";
  4864. return $selectClauseColumnsArray;
  4865. }
  4866. // --------------------------------------------------------------------
  4867. // NOTHING FOUND
  4868. // informs the user that no results were found for the current query/action
  4869. function nothingFound($nothingChecked)
  4870. {
  4871. global $loc; // '$loc' is made globally available in 'core.php'
  4872. global $client;
  4873. if (preg_match("/^cli/i", $client)) // if the query originated from a command line client such as the refbase CLI clients ("cli-refbase-1.1", "cli-refbase_import-1.0")
  4874. {
  4875. $nothingFoundFeedback = "Nothing found!\n\n"; // return plain text
  4876. }
  4877. else // return HTML
  4878. {
  4879. $nothingFoundFeedback = "\n<table id=\"error\" class=\"results\" align=\"center\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" width=\"95%\" summary=\"This table holds the database results for your query\">";
  4880. if ($nothingChecked)
  4881. // Inform the user that no records were selected:
  4882. $nothingFoundFeedback .= "\n<tr>\n\t<td valign=\"top\">No records selected! Please select one or more records by clicking the appropriate checkboxes.&nbsp;&nbsp;<a href=\"javascript:history.back()\" title=\"" . $loc["LinkTitle_GoBackToResults"] . "\">" . $loc["Go Back"] . "</a></td>\n</tr>";
  4883. else // $nothingChecked == false (i.e., the user did check some checkboxes) -OR- the query resulted from another script like 'show.php' (which has no checkboxes to mark!)
  4884. {
  4885. // Report that nothing was found:
  4886. $nothingFoundFeedback .= "\n<tr>\n\t<td valign=\"top\">Sorry, but your query didn't produce any results!";
  4887. if (!preg_match("/^inc/i", $client))
  4888. $nothingFoundFeedback .= "&nbsp;&nbsp;<a href=\"javascript:history.back()\" title=\"" . $loc["LinkTitle_GoBackToResults"] . "\">" . $loc["Go Back"] . "</a></td>\n</tr>";
  4889. }
  4890. $nothingFoundFeedback .= "\n</table>";
  4891. }
  4892. return $nothingFoundFeedback;
  4893. }
  4894. // --------------------------------------------------------------------
  4895. // PRINT LINKS
  4896. // this function prints out available links in List view and Citation view
  4897. // (for links of type DOI/URL/ISBN/XREF, only one link will be printed; order of preference: DOI, URL, ISBN, XREF)
  4898. function printLinks($showLinkTypes, $row, $showQuery, $showLinks, $wrapResults, $userID, $viewType, $orderBy)
  4899. {
  4900. global $databaseBaseURL; // these variables are defined in 'ini.inc.php'
  4901. global $filesBaseURL;
  4902. global $fileVisibility;
  4903. global $fileVisibilityException;
  4904. global $openURLResolver;
  4905. global $isbnURLFormat;
  4906. global $tableRefs, $tableUserData; // defined in 'db.inc.php'
  4907. global $loc; // '$loc' is made globally available in 'core.php'
  4908. global $client;
  4909. // Note: for proper placement of links within the Links column we don't use the 'mergeLinks()' function here (as is done for Details view),
  4910. // since spacing before links is handled individually for each link type
  4911. $links = ""; // make sure that our buffer variable is empty
  4912. // count the number of available link elements:
  4913. $linkElementCounterLoggedOut = 0;
  4914. // if the 'user_permissions' session variable contains 'allow_details_view'...
  4915. if (in_array("details", $showLinkTypes) AND isset($_SESSION['user_permissions']) AND preg_match("/allow_details_view/", $_SESSION['user_permissions']))
  4916. $linkElementCounterLoggedOut = ($linkElementCounterLoggedOut + 1);
  4917. // if the 'user_permissions' session variable contains 'allow_edit'...
  4918. if (in_array("edit", $showLinkTypes) AND isset($_SESSION['user_permissions']) AND preg_match("/allow_edit/", $_SESSION['user_permissions']))
  4919. $linkElementCounterLoggedOut = ($linkElementCounterLoggedOut + 1);
  4920. // if either the URL or the DOI field contain something
  4921. if ((in_array("url", $showLinkTypes) AND !empty($row["url"])) OR (in_array("doi", $showLinkTypes) AND !empty($row["doi"])))
  4922. $linkElementCounterLoggedOut = ($linkElementCounterLoggedOut + 1);
  4923. // in case an ISBN number was given
  4924. elseif (in_array("isbn", $showLinkTypes) AND !empty($isbnURLFormat) AND !empty($row["isbn"])) // provide a link to an ISBN resolver
  4925. $linkElementCounterLoggedOut = ($linkElementCounterLoggedOut + 1);
  4926. // if we're supposed to auto-generate an OpenURL link
  4927. elseif (in_array("xref", $showLinkTypes) AND !empty($openURLResolver))
  4928. $linkElementCounterLoggedOut = ($linkElementCounterLoggedOut + 1);
  4929. $linkElementCounterLoggedIn = $linkElementCounterLoggedOut;
  4930. // if a user is logged in and a FILE is associated with the current record
  4931. if (in_array("file", $showLinkTypes) AND ($fileVisibility == "everyone" OR ($fileVisibility == "login" AND isset($_SESSION['loginEmail'])) OR ($fileVisibility == "user-specific" AND (isset($_SESSION['user_permissions']) AND preg_match("/allow_download/", $_SESSION['user_permissions']))) OR (!empty($fileVisibilityException) AND preg_match($fileVisibilityException[1], $row[$fileVisibilityException[0]]))))
  4932. if (!empty($row["file"]))// if the 'file' field is NOT empty
  4933. $linkElementCounterLoggedIn = ($linkElementCounterLoggedIn + 1);
  4934. if (preg_match("/^inc/i", $client)) // we open links in a new browser window if refbase data are included somewhere else:
  4935. $target = " target=\"_blank\"";
  4936. else
  4937. $target = "";
  4938. if (preg_match("/^(cli|inc)/i", $client) OR ($wrapResults == "0")) // we use absolute links for CLI clients, for include mechanisms, or when returning only a partial document structure
  4939. $baseURL = $databaseBaseURL;
  4940. else
  4941. $baseURL = "";
  4942. if (in_array("details", $showLinkTypes) AND isset($_SESSION['user_permissions']) AND preg_match("/allow_details_view/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_details_view'...
  4943. {
  4944. // display a link that opens the Details view for this record:
  4945. // NOTE: we use a 'show.php' URL here since it is much shorter and easier to bookmark as a permanent link; however,
  4946. // this means one additional redirect; the old code that directly generates a 'search.php' URL is commented out below
  4947. // TODO: verify that the time lag introduced by the redirect action is generally acceptable!
  4948. $queryParametersArray = array("record" => $row["serial"]);
  4949. // we only add further parameters to the 'show.php' URL if their current value differs from the defaults used by 'show.php' or 'search.php':
  4950. if (!empty($viewType) AND !preg_match("/^Web$/i", $viewType))
  4951. $queryParametersArray["viewType"] = $viewType;
  4952. if ($showQuery == "1")
  4953. $queryParametersArray["showQuery"] = $showQuery;
  4954. if ($showLinks == "0") // this is kinda superfluous since, for '$showLinks=0', the link isn't shown in the first place
  4955. $queryParametersArray["showLinks"] = $showLinks;
  4956. $links .= "\n\t\t<a href=\"" . $baseURL . generateURL("show.php", "html", $queryParametersArray, true) . "\"" . $target . ">"
  4957. . "<img src=\"" . $baseURL . "img/details.gif\" alt=\"" . $loc["details"] . "\" title=\"" . $loc["LinkTitle_ShowDetails"] . "\" width=\"9\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
  4958. // Old code that directly generates a 'search.php' URL which points to Details view for this record:
  4959. // // Construct the SQL query:
  4960. // // TODO: build the complete SQL query first (using functions 'buildFROMclause()' and 'buildORDERclause()'), then rawurlencode and add to link
  4961. // $showDetailsQuery = buildSELECTclause("Display", $showLinks, "", false, false); // function 'buildSELECTclause()' is defined in 'include.inc.php'
  4962. //
  4963. // // ... display a link that opens the Details view for this record:
  4964. // if (isset($_SESSION['loginEmail'])) // if a user is logged in, show user specific fields:
  4965. // $links .= "\n\t\t<a href=\"" . $baseURL . "search.php"
  4966. // . "?sqlQuery=" . rawurlencode($showDetailsQuery) . "%20FROM%20" . $tableRefs . "%20LEFT%20JOIN%20" . $tableUserData . "%20ON%20serial%20%3D%20record_id%20AND%20user_id%20%3D%20" . $userID . "%20";
  4967. // else // if NO user logged in, don't display any user specific fields and hide the 'location' field:
  4968. // $links .= "\n\t\t<a href=\"" . $baseURL . "search.php"
  4969. // . "?sqlQuery=" . rawurlencode($showDetailsQuery) . "%20FROM%20" . $tableRefs . "%20";
  4970. //
  4971. // $links .= "WHERE%20serial%20RLIKE%20%22%5E%28" . $row["serial"]
  4972. // . "%29%24%22%20ORDER%20BY%20" . rawurlencode($orderBy)
  4973. // . "&amp;formType=sqlSearch"
  4974. // . "&amp;showQuery=" . $showQuery
  4975. // . "&amp;showLinks=" . $showLinks
  4976. // . "&amp;submit=Display"
  4977. // . "&amp;viewType=" . $viewType
  4978. // . "\"" . $target . ">"
  4979. // . "<img src=\"" . $baseURL . "img/details.gif\" alt=\"" . $loc["details"] . "\" title=\"" . $loc["LinkTitle_ShowDetails"] . "\" width=\"9\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
  4980. }
  4981. if ((($linkElementCounterLoggedOut > 0) OR (isset($_SESSION['loginEmail']) AND $linkElementCounterLoggedIn > 0)) AND (in_array("details", $showLinkTypes) AND isset($_SESSION['user_permissions']) AND preg_match("/allow_details_view/", $_SESSION['user_permissions'])))
  4982. $links .= "&nbsp;&nbsp;";
  4983. if (in_array("edit", $showLinkTypes) AND isset($_SESSION['user_permissions']) AND preg_match("/allow_edit/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_edit'...
  4984. // ... display a link that opens the edit form for this record:
  4985. $links .= "\n\t\t<a href=\"" . $baseURL . "record.php"
  4986. . "?serialNo=" . $row["serial"]
  4987. . "&amp;recordAction=edit"
  4988. . "\"" . $target . ">"
  4989. . "<img src=\"" . $baseURL . "img/edit.gif\" alt=\"" . $loc["edit"] . "\" title=\"" . $loc["LinkTitle_EditRecord"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
  4990. if ((($linkElementCounterLoggedOut > 1) OR (isset($_SESSION['loginEmail']) AND $linkElementCounterLoggedIn > 1)) AND (in_array("edit", $showLinkTypes) AND isset($_SESSION['user_permissions']) AND preg_match("/allow_edit/", $_SESSION['user_permissions'])))
  4991. {
  4992. if (in_array("details", $showLinkTypes) AND isset($_SESSION['user_permissions']) AND preg_match("/allow_details_view/", $_SESSION['user_permissions']))
  4993. $links .= "\n\t\t<br>";
  4994. else
  4995. $links .= "&nbsp;&nbsp;";
  4996. }
  4997. // show a link to any corresponding file if one of the following conditions is met:
  4998. // - the variable '$fileVisibility' (defined in 'ini.inc.php') is set to 'everyone'
  4999. // - the variable '$fileVisibility' is set to 'login' AND the user is logged in
  5000. // - the variable '$fileVisibility' is set to 'user-specific' AND the 'user_permissions' session variable contains 'allow_download'
  5001. // - the array variable '$fileVisibilityException' (defined in 'ini.inc.php') contains a pattern (in array element 1) that matches the contents of the field given (in array element 0)
  5002. if (in_array("file", $showLinkTypes) AND ($fileVisibility == "everyone" OR ($fileVisibility == "login" AND isset($_SESSION['loginEmail'])) OR ($fileVisibility == "user-specific" AND (isset($_SESSION['user_permissions']) AND preg_match("/allow_download/", $_SESSION['user_permissions']))) OR (!empty($fileVisibilityException) AND preg_match($fileVisibilityException[1], $row[$fileVisibilityException[0]]))))
  5003. {
  5004. if (!empty($row["file"]))// if the 'file' field is NOT empty
  5005. {
  5006. if (preg_match("#^(https?|ftp|file)://#i", $row["file"])) // if the 'file' field contains a full URL (starting with "http://", "https://", "ftp://" or "file://")
  5007. $URLprefix = ""; // we don't alter the URL given in the 'file' field
  5008. else // if the 'file' field contains only a partial path (like 'polarbiol/10240001.pdf') or just a file name (like '10240001.pdf')
  5009. {
  5010. // use the base URL of the standard files directory as prefix:
  5011. if (preg_match('#^/#', $filesBaseURL)) // absolute path -> file dir is located outside of refbase root dir
  5012. {
  5013. if (preg_match("/^(cli|inc)/i", $client) OR ($wrapResults == "0")) // we use absolute links for CLI clients, for include mechanisms, or when returning only a partial document structure
  5014. $URLprefix = 'http://' . $_SERVER['HTTP_HOST'] . $filesBaseURL; // note that '$baseURL' cannot be used here since we need to prefix '$filesBaseURL' only with the host URL (and not the '$databaseBaseURL')
  5015. else
  5016. $URLprefix = $filesBaseURL;
  5017. }
  5018. else // relative path -> file dir is located within refbase root dir
  5019. $URLprefix = $baseURL . $filesBaseURL;
  5020. }
  5021. if (preg_match("/\.pdf$/i", $row["file"])) // if the 'file' field contains a link to a PDF file
  5022. $links .= "\n\t\t<a href=\"" . $URLprefix . encodeHTML($row["file"]) . "\"" . $target . "><img src=\"" . $baseURL . "img/file_PDF.gif\" alt=\"" . $loc["pdf"] . "\" title=\"" . $loc["LinkTitle_DownloadPDFFile"] . "\" width=\"17\" height=\"17\" hspace=\"0\" border=\"0\"></a>"; // display a PDF file icon as download link
  5023. else
  5024. $links .= "\n\t\t<a href=\"" . $URLprefix . encodeHTML($row["file"]) . "\"" . $target . "><img src=\"" . $baseURL . "img/file.gif\" alt=\"" . $loc["file"] . "\" title=\"" . $loc["LinkTitle_DownloadFile"] . "\" width=\"11\" height=\"15\" hspace=\"0\" border=\"0\"></a>"; // display a generic file icon as download link
  5025. }
  5026. }
  5027. // if a DOI number exists for this record, we'll prefer it as link, otherwise we use the URL (if available):
  5028. // (note, that in List view, we'll use the same icon, no matter if the DOI or the URL is used for the link)
  5029. if (in_array("doi", $showLinkTypes) AND !empty($row["doi"]))
  5030. $links .= "\n\t\t<a href=\"http://dx.doi.org/" . rawurlencode($row["doi"]) . "\"" . $target . "><img src=\"" . $baseURL . "img/link.gif\" alt=\"" . $loc["doi"] . "\" title=\"" . $loc["LinkTitle_GotoWebPageViaDOI"] . "\" width=\"11\" height=\"8\" hspace=\"0\" border=\"0\"></a>";
  5031. elseif (in_array("url", $showLinkTypes) AND !empty($row["url"])) // 'htmlentities()' is used to convert any '&' into '&amp;'
  5032. $links .= "\n\t\t<a href=\"" . encodeHTML($row["url"]) . "\"" . $target . "><img src=\"" . $baseURL . "img/link.gif\" alt=\"" . $loc["url"] . "\" title=\"" . $loc["LinkTitle_GotoWebPage"] . "\" width=\"11\" height=\"8\" hspace=\"0\" border=\"0\"></a>";
  5033. // if an ISBN number exists for the current record, provide a link to an ISBN resolver:
  5034. elseif (in_array("isbn", $showLinkTypes) AND !empty($isbnURLFormat) AND !empty($row["isbn"]))
  5035. {
  5036. // this is a stupid hack that maps the names of the '$row' array keys to those used
  5037. // by the '$formVars' array (which is required by function 'parsePlaceholderString()')
  5038. // (eventually, the '$formVars' array should use the MySQL field names as names for its array keys)
  5039. $formVars = buildFormVarsArray($row); // function 'buildFormVarsArray()' is defined in 'include.inc.php'
  5040. // auto-generate an ISBN link according to the naming scheme given in '$isbnURLFormat' (in 'ini.inc.php'):
  5041. $isbnURL = parsePlaceholderString($formVars, $isbnURLFormat, ""); // function 'parsePlaceholderString()' is defined in 'include.inc.php'
  5042. $encodedURL = encodeHTML($isbnURL); // 'htmlentities()' is used to convert higher ASCII chars into its entities and any '&' into '&amp;'
  5043. $encodedURL = str_replace(" ", "%20", $encodedURL); // ensure that any spaces are also properly urlencoded
  5044. if (!empty($isbnURL))
  5045. $links .= "\n\t\t<a href=\"" . $encodedURL . "\"" . $target . "><img src=\"" . $baseURL . "img/resolve.gif\" alt=\"" . $loc["isbn"] . "\" title=\"" . $loc["LinkTitle_FindBookDetailsViaISBN"] . "\" width=\"11\" height=\"8\" hspace=\"0\" border=\"0\"></a>";
  5046. }
  5047. // if still no link was generated, we'll provide a link to an OpenURL resolver:
  5048. elseif (in_array("xref", $showLinkTypes) AND !empty($openURLResolver))
  5049. {
  5050. $openURL = openURL($row); // function 'openURL()' is defined in 'openurl.inc.php'
  5051. $links .= "\n\t\t<a href=\"" . $openURL . "\"" . $target . "><img src=\"" . $baseURL . "img/resolve.gif\" alt=\"" . $loc["openurl"] . "\" title=\"" . $loc["LinkTitle_FindRecordDetailsViaOpenURL"] . "\" width=\"11\" height=\"8\" hspace=\"0\" border=\"0\"></a>";
  5052. }
  5053. // insert COinS (ContextObjects in Spans):
  5054. $links .= "\n\t\t" . coins($row); // function 'coins()' is defined in 'openurl.inc.php'
  5055. return $links;
  5056. }
  5057. // --------------------------------------------------------------------
  5058. // MERGE LINKS
  5059. // this function will merge links with delimiters appropriate for display in the Links column
  5060. function mergeLinks($linkArray)
  5061. {
  5062. $totalLinkCount = count($linkArray); // check how many links we're dealing with
  5063. $linkString = "";
  5064. if (!empty($linkArray)) // if some links are present
  5065. {
  5066. if ($totalLinkCount == 1) // only one link
  5067. {
  5068. $linkString = "&nbsp;&nbsp;" . $linkArray[0];
  5069. }
  5070. else // multiple links
  5071. {
  5072. for ($linkCounter=0; $linkCounter < ($totalLinkCount - 1); $linkCounter++) // first array element has offset '0' so we decrement '$totalLinkCount' by 1
  5073. {
  5074. if (is_integer(($linkCounter + 1)/2)) // even number
  5075. $suffix = "<br>"; // a set of two links is printed per row
  5076. else // uneven number
  5077. $suffix = "&nbsp;";
  5078. $linkString .= $linkArray[$linkCounter] . $suffix;
  5079. }
  5080. $linkString .= $linkArray[($totalLinkCount - 1)]; // append last link
  5081. }
  5082. }
  5083. return $linkString;
  5084. }
  5085. // --------------------------------------------------------------------
  5086. // DISPLAY THE HTML FOOTER:
  5087. // call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php')
  5088. if (!preg_match("/^cli/i", $client) AND ($wrapResults != "0") AND (!(($displayType == "Cite") AND (!preg_match("/^html$/i", $citeType))) OR ($rowsFound == 0))) // we exclude the HTML page footer for citation formats other than HTML if something was found
  5089. {
  5090. if ((!preg_match("/^(Print|Mobile)$/i", $viewType)) AND (!preg_match("/^inc/i", $client))) // Note: we omit the visible footer in print/mobile view ('viewType=Print' or 'viewType=Mobile') and for include mechanisms!
  5091. showPageFooter($HeaderString);
  5092. displayHTMLfoot();
  5093. }
  5094. // --------------------------------------------------------------------
  5095. ?>