2013-07-21 00:50:40 +02:00
|
|
|
<?php
|
2021-02-13 21:30:27 +01:00
|
|
|
require 'inc/bootstrap.php';
|
2013-07-21 00:50:40 +02:00
|
|
|
|
2013-07-21 02:01:22 +02:00
|
|
|
if (!$config['search']['enable']) {
|
|
|
|
die(_("Post search is disabled"));
|
|
|
|
}
|
|
|
|
|
|
|
|
$queries_per_minutes = $config['search']['queries_per_minutes'];
|
|
|
|
$queries_per_minutes_all = $config['search']['queries_per_minutes_all'];
|
|
|
|
$search_limit = $config['search']['search_limit'];
|
2013-07-21 00:50:40 +02:00
|
|
|
|
2024-05-10 08:19:50 +02:00
|
|
|
//Is there a whitelist? Let's list those boards and if not, let's list everything.
|
2014-04-19 23:02:42 +02:00
|
|
|
if (isset($config['search']['boards'])) {
|
|
|
|
$boards = $config['search']['boards'];
|
|
|
|
} else {
|
|
|
|
$boards = listBoards(TRUE);
|
|
|
|
}
|
2024-05-10 08:19:50 +02:00
|
|
|
|
|
|
|
//Let's remove any disallowed boards from the above list (the blacklist)
|
|
|
|
if (isset($config['search']['disallowed_boards'])) {
|
|
|
|
$boards = array_values(array_diff($boards, $config['search']['disallowed_boards']));
|
|
|
|
}
|
2013-07-21 00:50:40 +02:00
|
|
|
|
2017-07-08 00:35:38 +02:00
|
|
|
$body = Element('search_form.html', Array('boards' => $boards, 'board' => isset($_GET['board']) ? $_GET['board'] : false, 'search' => isset($_GET['search']) ? str_replace('"', '"', utf8tohtml($_GET['search'])) : false));
|
2013-07-21 00:50:40 +02:00
|
|
|
|
2024-05-10 08:19:50 +02:00
|
|
|
if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) {
|
2024-05-10 08:00:51 +02:00
|
|
|
|
2013-07-21 02:39:41 +02:00
|
|
|
$phrase = $_GET['search'];
|
2013-07-21 00:50:40 +02:00
|
|
|
$_body = '';
|
|
|
|
|
2013-08-01 07:16:20 +02:00
|
|
|
$query = prepare("SELECT COUNT(*) FROM ``search_queries`` WHERE `ip` = :ip AND `time` > :time");
|
2013-07-21 00:50:40 +02:00
|
|
|
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
|
|
|
|
$query->bindValue(':time', time() - ($queries_per_minutes[1] * 60));
|
|
|
|
$query->execute() or error(db_error($query));
|
|
|
|
if($query->fetchColumn() > $queries_per_minutes[0])
|
2013-07-21 02:01:22 +02:00
|
|
|
error(_('Wait a while before searching again, please.'));
|
2013-07-21 00:50:40 +02:00
|
|
|
|
2013-08-01 07:16:20 +02:00
|
|
|
$query = prepare("SELECT COUNT(*) FROM ``search_queries`` WHERE `time` > :time");
|
2013-07-21 00:50:40 +02:00
|
|
|
$query->bindValue(':time', time() - ($queries_per_minutes_all[1] * 60));
|
|
|
|
$query->execute() or error(db_error($query));
|
|
|
|
if($query->fetchColumn() > $queries_per_minutes_all[0])
|
2013-07-21 02:01:22 +02:00
|
|
|
error(_('Wait a while before searching again, please.'));
|
2013-07-21 00:50:40 +02:00
|
|
|
|
|
|
|
|
2013-08-01 07:16:20 +02:00
|
|
|
$query = prepare("INSERT INTO ``search_queries`` VALUES (:ip, :time, :query)");
|
2013-07-21 00:50:40 +02:00
|
|
|
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
|
|
|
|
$query->bindValue(':time', time());
|
|
|
|
$query->bindValue(':query', $phrase);
|
|
|
|
$query->execute() or error(db_error($query));
|
|
|
|
|
2013-07-21 02:39:41 +02:00
|
|
|
_syslog(LOG_NOTICE, 'Searched /' . $_GET['board'] . '/ for "' . $phrase . '"');
|
2013-07-21 02:01:22 +02:00
|
|
|
|
|
|
|
// Cleanup search queries table
|
2013-08-01 07:16:20 +02:00
|
|
|
$query = prepare("DELETE FROM ``search_queries`` WHERE `time` <= :time");
|
2013-07-21 02:01:22 +02:00
|
|
|
$query->bindValue(':time', time() - ($queries_per_minutes_all[1] * 60));
|
|
|
|
$query->execute() or error(db_error($query));
|
2013-07-21 00:50:40 +02:00
|
|
|
|
2013-07-21 02:39:41 +02:00
|
|
|
openBoard($_GET['board']);
|
2013-07-21 00:50:40 +02:00
|
|
|
|
|
|
|
$filters = Array();
|
|
|
|
|
|
|
|
function search_filters($m) {
|
|
|
|
global $filters;
|
|
|
|
$name = $m[2];
|
|
|
|
$value = isset($m[4]) ? $m[4] : $m[3];
|
|
|
|
|
2013-07-21 02:01:22 +02:00
|
|
|
if(!in_array($name, array('id', 'thread', 'subject', 'name'))) {
|
2013-07-21 00:50:40 +02:00
|
|
|
// unknown filter
|
|
|
|
return $m[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
$filters[$name] = $value;
|
|
|
|
|
|
|
|
return $m[1];
|
|
|
|
}
|
|
|
|
|
|
|
|
$phrase = trim(preg_replace_callback('/(^|\s)(\w+):("(.*)?"|[^\s]*)/', 'search_filters', $phrase));
|
|
|
|
|
|
|
|
if(!preg_match('/[^*^\s]/', $phrase) && empty($filters)) {
|
|
|
|
_syslog(LOG_WARNING, 'Query too broad.');
|
|
|
|
$body .= '<p class="unimportant" style="text-align:center">(Query too broad.)</p>';
|
2022-08-29 16:50:45 +02:00
|
|
|
echo Element($config['file_page_template'], Array(
|
2013-07-21 00:50:40 +02:00
|
|
|
'config'=>$config,
|
|
|
|
'title'=>'Search',
|
|
|
|
'body'=>$body,
|
|
|
|
));
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Escape escape character
|
|
|
|
$phrase = str_replace('!', '!!', $phrase);
|
|
|
|
|
|
|
|
// Remove SQL wildcard
|
|
|
|
$phrase = str_replace('%', '!%', $phrase);
|
|
|
|
|
|
|
|
// Use asterisk as wildcard to suit convention
|
|
|
|
$phrase = str_replace('*', '%', $phrase);
|
|
|
|
|
2013-08-01 07:16:20 +02:00
|
|
|
// Remove `, it's used by table prefix magic
|
|
|
|
$phrase = str_replace('`', '!`', $phrase);
|
|
|
|
|
2013-07-21 00:50:40 +02:00
|
|
|
$like = '';
|
|
|
|
$match = Array();
|
|
|
|
|
|
|
|
// Find exact phrases
|
|
|
|
if(preg_match_all('/"(.+?)"/', $phrase, $m)) {
|
|
|
|
foreach($m[1] as &$quote) {
|
|
|
|
$phrase = str_replace("\"{$quote}\"", '', $phrase);
|
|
|
|
$match[] = $pdo->quote($quote);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$words = explode(' ', $phrase);
|
|
|
|
foreach($words as &$word) {
|
|
|
|
if(empty($word))
|
|
|
|
continue;
|
|
|
|
$match[] = $pdo->quote($word);
|
|
|
|
}
|
|
|
|
|
|
|
|
$like = '';
|
|
|
|
foreach($match as &$phrase) {
|
|
|
|
if(!empty($like))
|
|
|
|
$like .= ' AND ';
|
|
|
|
$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase);
|
|
|
|
$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'';
|
|
|
|
}
|
|
|
|
|
|
|
|
foreach($filters as $name => $value) {
|
|
|
|
if(!empty($like))
|
|
|
|
$like .= ' AND ';
|
|
|
|
$like .= '`' . $name . '` = '. $pdo->quote($value);
|
|
|
|
}
|
|
|
|
|
|
|
|
$like = str_replace('%', '%%', $like);
|
|
|
|
|
2013-08-01 07:16:20 +02:00
|
|
|
$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
|
2013-07-21 00:50:40 +02:00
|
|
|
$query->bindValue(':limit', $search_limit, PDO::PARAM_INT);
|
|
|
|
$query->execute() or error(db_error($query));
|
|
|
|
|
|
|
|
if($query->rowCount() == $search_limit) {
|
|
|
|
_syslog(LOG_WARNING, 'Query too broad.');
|
2013-07-21 02:01:22 +02:00
|
|
|
$body .= '<p class="unimportant" style="text-align:center">('._('Query too broad.').')</p>';
|
2022-08-29 16:50:45 +02:00
|
|
|
echo Element($config['file_page_template'], Array(
|
2013-07-21 00:50:40 +02:00
|
|
|
'config'=>$config,
|
|
|
|
'title'=>'Search',
|
|
|
|
'body'=>$body,
|
|
|
|
));
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
$temp = '';
|
|
|
|
while($post = $query->fetch()) {
|
|
|
|
if(!$post['thread']) {
|
2013-08-16 16:17:13 +02:00
|
|
|
$po = new Thread($post);
|
2013-07-21 00:50:40 +02:00
|
|
|
} else {
|
2013-08-16 16:17:13 +02:00
|
|
|
$po = new Post($post);
|
2013-07-21 00:50:40 +02:00
|
|
|
}
|
|
|
|
$temp .= $po->build(true) . '<hr/>';
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!empty($temp))
|
2013-07-21 02:07:28 +02:00
|
|
|
$_body .= '<fieldset><legend>' .
|
2013-07-21 02:01:22 +02:00
|
|
|
sprintf(ngettext('%d result in', '%d results in', $query->rowCount()),
|
2013-07-21 02:05:16 +02:00
|
|
|
$query->rowCount()) . ' <a href="/' .
|
2013-07-21 00:50:40 +02:00
|
|
|
sprintf($config['board_path'], $board['uri']) . $config['file_index'] .
|
|
|
|
'">' .
|
|
|
|
sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] .
|
|
|
|
'</a></legend>' . $temp . '</fieldset>';
|
|
|
|
|
|
|
|
$body .= '<hr/>';
|
|
|
|
if(!empty($_body))
|
|
|
|
$body .= $_body;
|
|
|
|
else
|
2013-07-21 02:01:22 +02:00
|
|
|
$body .= '<p style="text-align:center" class="unimportant">('._('No results.').')</p>';
|
2013-07-21 00:50:40 +02:00
|
|
|
}
|
|
|
|
|
2022-08-29 16:50:45 +02:00
|
|
|
echo Element($config['file_page_template'], Array(
|
2013-07-21 00:50:40 +02:00
|
|
|
'config'=>$config,
|
2013-07-21 02:36:54 +02:00
|
|
|
'title'=>_('Search'),
|
2019-11-05 11:34:09 +01:00
|
|
|
'boardlist'=>createBoardlist(),
|
2013-07-21 00:50:40 +02:00
|
|
|
'body'=>'' . $body
|
|
|
|
));
|