XMB PHP Cross Reference Discussion Forums

Source: /search.php - 286 lines - 9475 bytes - Summary - Text - Print

Description: eXtreme Message Board XMB 1.9.11

   1  <?php
   2  /**
   3   * eXtreme Message Board
   4   * XMB 1.9.11
   5   *
   6   * Developed And Maintained By The XMB Group
   7   * Copyright (c) 2001-2012, The XMB Group
   8   * http://www.xmbforum2.com/
   9   *
  10   * This program is free software; you can redistribute it and/or
  11   * modify it under the terms of the GNU General Public License
  12   * as published by the Free Software Foundation; either version 2
  13   * of the License, or (at your option) any later version.
  14   *
  15   * This program is distributed in the hope that it will be useful,
  16   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18   * GNU General Public License for more details.
  19   *
  20   * You should have received a copy of the GNU General Public License
  21   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22   *
  23   **/
  24  
  25  define('X_SCRIPT', 'search.php');
  26  
  27  require  'header.php';
  28  
  29  loadtemplates(
  30  'misc_feature_notavailable',
  31  'search',
  32  'search_captcha',
  33  'search_nextlink',
  34  'search_results',
  35  'search_results_none',
  36  'search_results_row'
  37  );
  38  
  39  smcwcache();
  40  eval('$css = "'.template('css').'";');
  41  nav($lang['textsearch']);
  42  
  43  $misc = $multipage = $nextlink = '';
  44  
  45  if ($SETTINGS['searchstatus'] != 'on') {
  46      header('HTTP/1.0 403 Forbidden');
  47      eval('echo "'.template('header').'";');
  48      eval('echo "'.template('misc_feature_notavailable').'";');
  49      end_time();
  50      eval('echo "'.template('footer').'";');
  51      exit();
  52  }
  53  
  54  if (!isset($searchsubmit) && !isset($page)) {
  55  // Common XSS Protection: XMB disallows '<' and unencoded ':/' in all URLs.
  56      $url_check = Array('%3c', '<', ':/');
  57      foreach($url_check as $name) {
  58          if (strpos(strtolower($url), $name) !== FALSE) {
  59              header('HTTP/1.0 403 Forbidden');
  60              exit('403 Forbidden - URL rejected by XMB');
  61          }
  62      }
  63      unset($url_check);
  64      
  65      setCanonicalLink('search.php');
  66  
  67      $forumselect = forumList('f', TRUE, TRUE, getInt('fid'));
  68  
  69      $captchasearchcheck = '';
  70      if (X_GUEST) {
  71          if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_search_status'] == 'on') {
  72              require  ROOT.'include/captcha.inc.php';
  73              $Captcha = new Captcha();
  74              if ($Captcha->bCompatible !== false) {
  75                  $imghash = $Captcha->GenerateCode();
  76                  if ($SETTINGS['captcha_code_casesensitive'] == 'off') {
  77                      $lang['captchacaseon'] = '';
  78                  }
  79                  eval('$captchasearchcheck = "'.template('search_captcha').'";');
  80              }
  81          }
  82      }
  83  
  84      eval('$search = "'.template('search').'";');
  85      $misc = $search;
  86  } else {
  87      header('X-Robots-Tag: noindex');
  88  
  89      $srchtxt = postedVar('srchtxt', '', FALSE, FALSE, FALSE, 'g');
  90      $srchuname = postedVar('srchuname', '', TRUE, TRUE, FALSE, 'g');
  91      $rawsrchuname = postedVar('srchuname', '', FALSE, FALSE, FALSE, 'g');
  92      $filter_distinct = postedVar('filter_distinct', '', FALSE, FALSE, FALSE, 'g');
  93      $srchfid = postedArray('f', 'int', '', FALSE, FALSE, FALSE, 'g');
  94      $srchfield = postedVar('srchfield', '', FALSE, FALSE, FALSE, 'g');
  95      $page = getInt('page');
  96      $srchfrom = getInt('srchfrom');
  97      if (strlen($srchuname) < 3 && (empty($srchtxt) || strlen($srchtxt) < 3)) {
  98          error($lang['nosearchq']);
  99      }
 100      if (!X_STAFF) {
 101          // Common XSS Protection: XMB disallows '<' and unencoded ':/' in all URLs.
 102          if ($srchtxt != censor($srchtxt) Or strpos($srchtxt, '<') !== FALSE Or strpos($srchuname, '<') !== FALSE) {
 103              error($lang['searchinvalid']);
 104          }
 105          $url_check = Array('%3c', '<', ':/');
 106          foreach($url_check as $name) {
 107              if (strpos(strtolower($url), $name) !== FALSE) {
 108                  header('HTTP/1.0 403 Forbidden');
 109                  exit('403 Forbidden - URL rejected by XMB');
 110              }
 111          }
 112          unset($url_check);
 113      }
 114  
 115      if (strlen($srchuname) < 3) {
 116          $srchuname = '';
 117      }
 118  
 119      if (X_GUEST) {
 120          if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_search_status'] == 'on') {
 121              if ($page > 1) {
 122                  error($lang['searchguesterror']);
 123              }
 124              require  ROOT.'include/captcha.inc.php';
 125              $Captcha = new Captcha();
 126              if ($Captcha->bCompatible !== false) {
 127                  $imgcode = postedVar('imgcode', '', FALSE, FALSE, FALSE, 'g');
 128                  $imghash = postedVar('imghash', '', TRUE, TRUE, FALSE, 'g');
 129                  if ($Captcha->ValidateCode($imgcode, $imghash) !== TRUE) {
 130                      error($lang['captchaimageinvalid']);
 131                  }
 132              }
 133              unset($Captcha);
 134          }
 135      }
 136  
 137      validatePpp();
 138  
 139      $searchresults = '';
 140  
 141      if ($page < 1) {
 142          $page = 1;
 143      }
 144      $offset = ($page-1) * ($ppp);
 145      $start = $offset;
 146      $pagenum = $page+1;
 147  
 148      $forums = permittedForums(forumCache(), 'thread', 'csv');
 149      $sql = "SELECT p.*, t.subject AS tsubject "
 150           . "FROM ".X_PREFIX."posts AS p INNER JOIN ".X_PREFIX."threads AS t USING(tid) INNER JOIN ".X_PREFIX."forums AS f ON f.fid=t.fid "
 151           . "WHERE f.fid IN($forums)";
 152  
 153      if ($srchfrom <= 0) {
 154          $srchfrom = $onlinetime;
 155          $srchfromold = 0;
 156      } else {
 157          $srchfromold = $srchfrom;
 158      }
 159      $srchfrom = $onlinetime - $srchfrom;
 160  
 161      $ext = array();
 162      if (!empty($srchtxt)) {
 163          $sqlsrch = array();
 164          $srchtxtsq = explode(' ', $srchtxt);
 165          $sql .= ' AND (';
 166          foreach($srchtxtsq as $stxt) {
 167              $dblikebody = $db->like_escape(addslashes(cdataOut($stxt)));  //Messages are historically double-slashed.
 168              $dblikesub = $db->like_escape(addslashes(attrOut($stxt)));
 169              if ($srchfield == 'body') {
 170                  $sqlsrch[] = "p.message LIKE '%$dblikebody%' OR p.subject LIKE '%$dblikesub%'";
 171                  $ext[] = 'srchfield=body';
 172              } else {
 173                  $sqlsrch[] = "p.subject LIKE '%$dblikesub%'";
 174              }
 175          }
 176  
 177          $sql .= implode(') AND (', $sqlsrch);
 178          $sql .= ')';
 179          $ext[] = 'srchtxt='.rawurlencode($srchtxt);
 180      }
 181  
 182      if ($srchuname != '') {
 183          $sql .= " AND p.author='$srchuname'";
 184          $ext[] = 'srchuname='.rawurlencode($rawsrchuname);
 185      }
 186  
 187      if (count($srchfid) > 0) {
 188          if ($srchfid[0] != 'all') {
 189              $srchfidcsv = implode(',', $srchfid);
 190              $sql .= " AND f.fid IN ($srchfidcsv)";
 191              $ext[] = "f=$srchfidcsv";
 192          }
 193      }
 194  
 195      if ($srchfrom) {
 196          $sql .= " AND p.dateline >= $srchfrom";
 197          $ext[] = "srchfrom=$srchfromold";
 198      }
 199  
 200      $counter = 1;
 201      $ppp++; // Peek at next page.
 202      $sql .=" ORDER BY dateline DESC LIMIT $start, $ppp";
 203  
 204      if (strlen($forums) == 0) {
 205          $results = 0;
 206      } else {
 207          $querysrch = $db->query($sql);
 208          $results = $db->num_rows($querysrch);
 209      }
 210  
 211      $temparray = array();
 212      $searchresults = '';
 213  
 214      while($results != 0 And $counter < $ppp And $post = $db->fetch_array($querysrch)) {
 215          $counter++;
 216          if ($filter_distinct != 'yes' Or !array_key_exists($post['tid'], $temparray)) {
 217              $temparray[$post['tid']] = true;
 218              $message = stripslashes($post['message']);
 219  
 220              if (empty($srchtxt)) {
 221                  $position = 0;
 222              } else {
 223                  $position = stripos($message, cdataOut($srchtxtsq[0]), 0);
 224              }
 225  
 226              $show_num = 100;
 227              $msg_leng = strlen($message);
 228  
 229              if ($position <= $show_num) {
 230                  $min = 0;
 231                  $add_pre = '';
 232              } else {
 233                  $min = $position - $show_num;
 234                  $add_pre = '...';
 235              }
 236  
 237              if (($msg_leng - $position) <= $show_num) {
 238                  $max = $msg_leng;
 239                  $add_post = '';
 240              } else {
 241                  $max = $position + $show_num;
 242                  $add_post = '...';
 243              }
 244  
 245              if (trim($post['subject']) == '') {
 246                  $post['subject'] = $post['tsubject'];
 247              }
 248  
 249              $show = substr($message, $min, $max - $min);
 250              $post['subject'] = stripslashes($post['subject']);
 251              if (!empty($srchtxt)) {
 252                  foreach($srchtxtsq as $stxt) {
 253                      $show = str_ireplace(cdataOut($stxt), '<b><i>'.cdataOut($stxt).'</i></b>', $show);
 254                      $post['subject'] = str_ireplace(attrOut($stxt), '<i>'.attrOut($stxt).'</i>', $post['subject']);
 255                  }
 256              }
 257  
 258              $show = postify($show, 'no', 'yes', 'yes', 'no', 'no', 'no');
 259              $post['subject'] = rawHTMLsubject($post['subject']);
 260  
 261              $date = gmdate($dateformat, $post['dateline'] + ($timeoffset * 3600) + ($addtime * 3600));
 262              $time = gmdate($timecode, $post['dateline'] + ($timeoffset * 3600) + ($addtime * 3600));
 263  
 264              $poston = $date.' '.$lang['textat'].' '.$time;
 265              $postby = $post['author'];
 266              eval('$searchresults .= "'.template('search_results_row').'";');
 267          }
 268      }
 269  
 270      if ($results == 0) {
 271          eval('$searchresults = "'.template('search_results_none').'";');
 272      } else if ($results == $ppp) {
 273          // create a string containing the stuff to search for
 274          $ext = implode('&', $ext);
 275          eval('$nextlink = "'.template('search_nextlink').'";');
 276      }
 277  
 278      eval('$search = "'.template('search_results').'";');
 279      $misc = $search;
 280  }
 281  
 282  eval('$header = "'.template('header').'";');
 283  end_time();
 284  eval('$footer = "'.template('footer').'";');
 285  echo $header, $misc, $footer;
 286  ?>

title

Description

title

Description

title

Description

title

title

Body