| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2021-06-29 23:10:12 -02:00
										 |  |  | 	require 'inc/bootstrap.php'; | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 	 | 
					
						
							| 
									
										
										
										
											2013-07-20 20:01:22 -04:00
										 |  |  | 	if (!$config['search']['enable']) { | 
					
						
							|  |  |  | 		die(_("Post search is disabled")); | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	$queries_per_minutes = $config['search']['queries_per_minutes']; | 
					
						
							|  |  |  | 	$queries_per_minutes_all = $config['search']['queries_per_minutes_all']; | 
					
						
							|  |  |  | 	$search_limit = $config['search']['search_limit']; | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 	 | 
					
						
							| 
									
										
										
										
											2014-04-19 23:02:42 +02:00
										 |  |  | 	if (isset($config['search']['boards'])) { | 
					
						
							|  |  |  | 		$boards = $config['search']['boards']; | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		$boards = listBoards(TRUE); | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 	 | 
					
						
							| 
									
										
										
										
											2019-02-26 10:47:07 +10:00
										 |  |  | 	$body = Element('search_form.html', Array('boards' => $boards, 'board' => isset($_GET['board']) ? $_GET['board'] : false, 'search' => isset($_GET['search']) ? str_replace('"', '"', utf8tohtml($_GET['search'])) : false)); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 	 | 
					
						
							| 
									
										
										
										
											2013-07-20 20:39:41 -04:00
										 |  |  | 	if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) {		 | 
					
						
							|  |  |  | 		$phrase = $_GET['search']; | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		$_body = ''; | 
					
						
							|  |  |  | 		 | 
					
						
							| 
									
										
										
										
											2013-08-01 01:16:20 -04:00
										 |  |  | 		$query = prepare("SELECT COUNT(*) FROM ``search_queries`` WHERE `ip` = :ip AND `time` > :time"); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); | 
					
						
							|  |  |  | 		$query->bindValue(':time', time() - ($queries_per_minutes[1] * 60)); | 
					
						
							|  |  |  | 		$query->execute() or error(db_error($query)); | 
					
						
							|  |  |  | 		if($query->fetchColumn() > $queries_per_minutes[0]) | 
					
						
							| 
									
										
										
										
											2013-07-20 20:01:22 -04:00
										 |  |  | 			error(_('Wait a while before searching again, please.')); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		 | 
					
						
							| 
									
										
										
										
											2013-08-01 01:16:20 -04:00
										 |  |  | 		$query = prepare("SELECT COUNT(*) FROM ``search_queries`` WHERE `time` > :time"); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		$query->bindValue(':time', time() - ($queries_per_minutes_all[1] * 60)); | 
					
						
							|  |  |  | 		$query->execute() or error(db_error($query)); | 
					
						
							|  |  |  | 		if($query->fetchColumn() > $queries_per_minutes_all[0]) | 
					
						
							| 
									
										
										
										
											2013-07-20 20:01:22 -04:00
										 |  |  | 			error(_('Wait a while before searching again, please.')); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 			 | 
					
						
							|  |  |  | 		 | 
					
						
							| 
									
										
										
										
											2013-08-01 01:16:20 -04:00
										 |  |  | 		$query = prepare("INSERT INTO ``search_queries`` VALUES (:ip, :time, :query)"); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); | 
					
						
							|  |  |  | 		$query->bindValue(':time', time()); | 
					
						
							|  |  |  | 		$query->bindValue(':query', $phrase); | 
					
						
							|  |  |  | 		$query->execute() or error(db_error($query)); | 
					
						
							|  |  |  | 		 | 
					
						
							| 
									
										
										
										
											2013-07-20 20:39:41 -04:00
										 |  |  | 		_syslog(LOG_NOTICE, 'Searched /' . $_GET['board'] . '/ for "' . $phrase . '"'); | 
					
						
							| 
									
										
										
										
											2013-07-20 20:01:22 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  | 		// Cleanup search queries table
 | 
					
						
							| 
									
										
										
										
											2013-08-01 01:16:20 -04:00
										 |  |  | 		$query = prepare("DELETE FROM ``search_queries`` WHERE `time` <= :time"); | 
					
						
							| 
									
										
										
										
											2013-07-20 20:01:22 -04:00
										 |  |  | 		$query->bindValue(':time', time() - ($queries_per_minutes_all[1] * 60)); | 
					
						
							|  |  |  |                 $query->execute() or error(db_error($query)); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		 | 
					
						
							| 
									
										
										
										
											2013-07-20 20:39:41 -04:00
										 |  |  | 		openBoard($_GET['board']); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		 | 
					
						
							|  |  |  | 		$filters = Array(); | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		function search_filters($m) { | 
					
						
							|  |  |  | 			global $filters; | 
					
						
							|  |  |  | 			$name = $m[2]; | 
					
						
							|  |  |  | 			$value = isset($m[4]) ? $m[4] : $m[3]; | 
					
						
							|  |  |  | 			 | 
					
						
							| 
									
										
										
										
											2013-07-20 20:01:22 -04:00
										 |  |  | 			if(!in_array($name, array('id', 'thread', 'subject', 'name'))) { | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 				// unknown filter
 | 
					
						
							|  |  |  | 				return $m[0]; | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			 | 
					
						
							|  |  |  | 			$filters[$name] = $value; | 
					
						
							|  |  |  | 			 | 
					
						
							|  |  |  | 			return $m[1]; | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		$phrase = trim(preg_replace_callback('/(^|\s)(\w+):("(.*)?"|[^\s]*)/', 'search_filters', $phrase)); | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		if(!preg_match('/[^*^\s]/', $phrase) && empty($filters)) { | 
					
						
							|  |  |  | 			_syslog(LOG_WARNING, 'Query too broad.'); | 
					
						
							|  |  |  | 			$body .= '<p class="unimportant" style="text-align:center">(Query too broad.)</p>'; | 
					
						
							|  |  |  | 			echo Element('page.html', Array( | 
					
						
							|  |  |  | 				'config'=>$config, | 
					
						
							|  |  |  | 				'title'=>'Search', | 
					
						
							|  |  |  | 				'body'=>$body, | 
					
						
							|  |  |  | 			)); | 
					
						
							|  |  |  | 			exit; | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		// Escape escape character
 | 
					
						
							|  |  |  | 		$phrase = str_replace('!', '!!', $phrase); | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		// Remove SQL wildcard
 | 
					
						
							|  |  |  | 		$phrase = str_replace('%', '!%', $phrase); | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		// Use asterisk as wildcard to suit convention
 | 
					
						
							|  |  |  | 		$phrase = str_replace('*', '%', $phrase); | 
					
						
							|  |  |  | 		 | 
					
						
							| 
									
										
										
										
											2013-08-01 01:16:20 -04:00
										 |  |  | 		// Remove `, it's used by table prefix magic
 | 
					
						
							|  |  |  | 		$phrase = str_replace('`', '!`', $phrase); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		$like = ''; | 
					
						
							|  |  |  | 		$match = Array(); | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		// Find exact phrases
 | 
					
						
							|  |  |  | 		if(preg_match_all('/"(.+?)"/', $phrase, $m)) { | 
					
						
							|  |  |  | 			foreach($m[1] as &$quote) { | 
					
						
							|  |  |  | 				$phrase = str_replace("\"{$quote}\"", '', $phrase); | 
					
						
							|  |  |  | 				$match[] = $pdo->quote($quote); | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		$words = explode(' ', $phrase); | 
					
						
							|  |  |  | 		foreach($words as &$word) { | 
					
						
							|  |  |  | 			if(empty($word)) | 
					
						
							|  |  |  | 				continue; | 
					
						
							|  |  |  | 			$match[] = $pdo->quote($word); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		$like = ''; | 
					
						
							|  |  |  | 		foreach($match as &$phrase) { | 
					
						
							|  |  |  | 			if(!empty($like)) | 
					
						
							|  |  |  | 				$like .= ' AND '; | 
					
						
							|  |  |  | 			$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase); | 
					
						
							|  |  |  | 			$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\''; | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		foreach($filters as $name => $value) { | 
					
						
							|  |  |  | 			if(!empty($like)) | 
					
						
							|  |  |  | 				$like .= ' AND '; | 
					
						
							|  |  |  | 			$like .= '`' . $name . '` = '. $pdo->quote($value); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		$like = str_replace('%', '%%', $like); | 
					
						
							|  |  |  | 			 | 
					
						
							| 
									
										
										
										
											2013-08-01 01:16:20 -04:00
										 |  |  | 		$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri'])); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		$query->bindValue(':limit', $search_limit, PDO::PARAM_INT); | 
					
						
							|  |  |  | 		$query->execute() or error(db_error($query)); | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		if($query->rowCount() == $search_limit) { | 
					
						
							|  |  |  | 			_syslog(LOG_WARNING, 'Query too broad.'); | 
					
						
							| 
									
										
										
										
											2013-07-20 20:01:22 -04:00
										 |  |  | 			$body .= '<p class="unimportant" style="text-align:center">('._('Query too broad.').')</p>'; | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 			echo Element('page.html', Array( | 
					
						
							|  |  |  | 				'config'=>$config, | 
					
						
							|  |  |  | 				'title'=>'Search', | 
					
						
							|  |  |  | 				'body'=>$body, | 
					
						
							|  |  |  | 			)); | 
					
						
							|  |  |  | 			exit; | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		$temp = ''; | 
					
						
							|  |  |  | 		while($post = $query->fetch()) { | 
					
						
							|  |  |  | 			if(!$post['thread']) { | 
					
						
							| 
									
										
										
										
											2013-08-16 10:17:13 -04:00
										 |  |  | 				$po = new Thread($post); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 			} else { | 
					
						
							| 
									
										
										
										
											2013-08-16 10:17:13 -04:00
										 |  |  | 				$po = new Post($post); | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 			} | 
					
						
							|  |  |  | 			$temp .= $po->build(true) . '<hr/>'; | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		if(!empty($temp)) | 
					
						
							| 
									
										
										
										
											2013-07-20 20:07:28 -04:00
										 |  |  | 			$_body .= '<fieldset><legend>' . | 
					
						
							| 
									
										
										
										
											2013-07-20 20:01:22 -04:00
										 |  |  | 					sprintf(ngettext('%d result in', '%d results in', $query->rowCount()),  | 
					
						
							| 
									
										
										
										
											2013-07-20 20:05:16 -04:00
										 |  |  | 					$query->rowCount()) . ' <a href="/' . | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 					sprintf($config['board_path'], $board['uri']) . $config['file_index'] . | 
					
						
							|  |  |  | 			'">' . | 
					
						
							|  |  |  | 			sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] . | 
					
						
							|  |  |  | 			'</a></legend>' . $temp . '</fieldset>'; | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 		$body .= '<hr/>'; | 
					
						
							|  |  |  | 		if(!empty($_body)) | 
					
						
							|  |  |  | 			$body .= $_body; | 
					
						
							|  |  |  | 		else | 
					
						
							| 
									
										
										
										
											2013-07-20 20:01:22 -04:00
										 |  |  | 			$body .= '<p style="text-align:center" class="unimportant">('._('No results.').')</p>'; | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 	} | 
					
						
							|  |  |  | 		 | 
					
						
							|  |  |  | 	echo Element('page.html', Array( | 
					
						
							|  |  |  | 		'config'=>$config, | 
					
						
							| 
									
										
										
										
											2013-07-20 20:36:54 -04:00
										 |  |  | 		'title'=>_('Search'), | 
					
						
							| 
									
										
										
										
											2013-07-20 18:50:40 -04:00
										 |  |  | 		'body'=>'' . $body | 
					
						
							|  |  |  | 	)); |