<?php
error_reporting (E_ALL ^ E_WARNING ^ E_NOTICE);
define("_SECURE",1); // define secure constant
$settings_dir = "./settings";
include "./admin/settings/backup/Sphider-plus_default-configuration.php"; // intermediate for first wakeup
$template_dir = "./".$templ_dir."";
$language_dir = "./languages";
$admin_dir = "./admin/";
$image_dir = "$include_dir/images";
$textcache_dir = "$include_dir/textcache";
$mediacache_dir = "$include_dir/mediacache";
$stem_dir = "$include_dir/stemming";
$result = '';
require_once("$settings_dir/database.php");
// get active table prefix for "Search user"
if ($dbu_act == '1') {
$mysql_table_prefix = $mysql_table_prefix1;
}
if ($dbu_act == '2') {
$mysql_table_prefix = $mysql_table_prefix2;
}
if ($dbu_act == '3') {
$mysql_table_prefix = $mysql_table_prefix3;
}
if ($dbu_act == '4') {
$mysql_table_prefix = $mysql_table_prefix4;
}
if ($dbu_act == '5') {
$mysql_table_prefix = $mysql_table_prefix5;
}
// get settings for active db and default table-prefix
$def_config = '';
$plus_nr = '';
@include "".$settings_dir."/db".$dbu_act."/conf_".$mysql_table_prefix.".php";
if (!$plus_nr) { // if not yet defined, use default settings
$def_config = '1';
include "/admin/settings/backup/Sphider-plus_default-configuration.php";
}
include ("$include_dir/commonfuncs.php");
// get an intermediate database, just to warm-up
$db_con = db1_connect() ;
//$success = @mysql_select_db ($database1, $db_con);
$start_links = '';
$domain = '';
$adv = '';
$query = '';
$type = '';
$start = '';
$search = '';
$results = '';
$category = '';
$catid = '';
$media_type = '';
$media_only = '';
$text_only = '';
$link = '';
$title = '';
$db = '0';
$prefix = '0';
$avg = '';
$wildcount = '';
$one_word = '';
$mustbe_and = '';
$mark0 = '';
$tpl_ = array();
$black = array();
$description = 'Sphider-plus. The PHP search engine';
if (isset($_GET['query']))
$query = cleaninput(substr(trim($_GET['query']),0,255));
if (isset($_GET['search']))
$search = cleaninput(substr(trim($_GET['search']),0,10));
if (isset($_GET['domain']))
$domain = cleaninput(substr(trim($_GET['domain']),0,255));
if (isset($_GET['type']))
$type = cleaninput(substr(trim($_GET['type']),0,10));
if (isset($_GET['catid']))
$catid = cleaninput(substr(trim($_GET['catid']),0,10));
if (isset($_GET['category']))
$category = cleaninput(substr(trim($_GET['category']),0,255));
if (isset($_GET['mark']))
$mark0 = cleaninput(substr(trim($_GET['mark']),0,64));
if (isset($_GET['results']))
$results = cleaninput(substr(trim($_GET['results']),0,10));
if (isset($_GET['start']))
$start = cleaninput(substr(trim($_GET['start']),0,10));
if (isset($_GET['start_links']))
$start_links = cleaninput(substr(trim($_GET['start_links']),0,10));
if (isset($_GET['adv']))
$adv = cleaninput(substr(trim($_GET['adv']),0,10));
if (isset($_GET['media_type']))
$media_type = cleaninput(substr(trim($_GET['media_type']),0,10));
if (isset($_GET['media_only']))
$media_only = cleaninput(substr(trim($_GET['media_only']),0,10));
if (isset($_GET['link']))
$link = cleaninput(substr(trim($_GET['link']),0,255));
if (isset($_GET['title']))
$title = cleaninput(substr(trim($_GET['title']),0,255));
if (isset($_GET['db']))
$db = cleaninput(substr(trim($_GET['db']),0,1));
if (isset($_GET['prefix']))
$prefix = cleaninput(substr(trim($_GET['prefix']),0,20));
if (isset($_GET['sort']))
$sort = cleaninput(substr(trim($_GET['sort']),0,20));
if (isset($_GET['submit']))
$submit = cleaninput(substr(trim($_GET['submit']),0,20));
$query = preg_replace("/<|>/", "", $query); // delete tags from query
//if 'Search only Media' should become default,
//uncomment the following 3 rows
/*
if ($media_only == '') {
$media_only = '1';
}
*/
$start_all = getmicrotime();
$nostalgic_phrase = '';
if (strpos($query, "\"")) {
$nostalgic_phrase = '1';
$query = str_replace('"', '', $query);
}
// if requested by query, overwrite search type to AND
if (strpos($query, " && ")){
$type = "and";
}
// if requested by query, overwrite search type to OR
if (strpos($query, " || ")){
$type = "or";
}
if($type_search) { // if Search form settings should be overwritten
$type = $type_search;
}
// if requested by Search-form, overwrite default db number
if ($db > 0 && $db <= 5) {
// build an array of active db's
$active = array();
if ($db1_set == "1") $active[] = "1";
if ($db2_set == "1") $active[] = "2";
if ($db3_set == "1") $active[] = "3";
if ($db4_set == "1") $active[] = "4";
if ($db5_set == "1") $active[] = "5";
// check for active db
if (in_array($db, $active) ) {
$dbu_act = $db;
} else {
// inactive db selected
if ($debug_user == "1") {
echo "Selected database $db is inactive";
}
$query = '';
}
}
// valid domain ?
if (strlen($domain) < "3" ) {
$domain = '';
}
// get active database
if ($dbu_act == '1') {
$db_con = db1_connect() ;
$success = @mysql_select_db ($database1, $db_con);
$mysql_table_prefix = $mysql_table_prefix1;
}
if ($dbu_act == '2') {
$db_con = db2_connect() ;
$success = @mysql_select_db ($database2, $db_con);
$mysql_table_prefix = $mysql_table_prefix2;
}
if ($dbu_act == '3') {
$db_con = db3_connect() ;
$success = @mysql_select_db ($database3, $db_con);
$mysql_table_prefix = $mysql_table_prefix3;
}
if ($dbu_act == '4') {
$db_con = db4_connect() ;
$success = @mysql_select_db ($database4, $db_con);
$mysql_table_prefix = $mysql_table_prefix4;
}
if ($dbu_act == '5') {
$db_con = db5_connect() ;
$success = @mysql_select_db ($database5, $db_con);
$mysql_table_prefix = $mysql_table_prefix5;
}
// if requested by Search-form, overwrite default table prefix
if ($prefix) {
// check for valid table prefix
$result = @mysql_query("select * from ".$prefix."sites");
if($row = @mysql_fetch_row($result)) {
$mysql_table_prefix = $prefix;
} else {
// invalid prefix
if ($debug_user == "1") {
echo mysql_error();
}
$query = '';
}
}
// if search form has overwritten the prior db and table-prefix, get correct settings
$def_config = '';
$plus_nr = '';
@include "".$settings_dir."/db".$dbu_act."/conf_".$mysql_table_prefix.".php";
if (!$plus_nr) {
$def_config = '1';
include "/admin/settings/backup/Sphider-plus_default-configuration.php";
}
if ($out == 'xml') { //clear all privoius XML results
require_once ("$include_dir/xml.php");
@unlink("".$xml_dir."/text_".$xml_name.""); // remove last XML file holding text results
@unlink("".$xml_dir."/media_".$xml_name.""); // remove last XML file holding media results
@unlink("".$xml_dir."/link_".$xml_name.""); // remove last XML file holding link results
@unlink("".$xml_dir."/multiple_link_".$xml_name.""); // remove last XML file holding multiple link results
}
// block all queries from known evil user-agents
if ($kill_black_uas && @$_SERVER['HTTP_USER_AGENT']) {
$client_ua = strtolower(htmlspecialchars(@$_SERVER['HTTP_USER_AGENT']));
//$client_ua = "mozilla/2.0"; // test for evil User-Agent string
foreach ($black_uas as $value) { // check all known evil User-Agent strings
if (trim($value) == $client_ua) {
if ($debug_user) {
die("<br />With respect to the corresponding Admin setting,<br />no results are presented for the known evil User-Agent: <strong>'$client_ua'</strong>");
} else {
die("<br />No results found.");
}
}
}
}
$client_ip = @$_SERVER['REMOTE_ADDR'];
//$client_ip = "174.129.228.68"; //test
// block all queries from meta search engines (restricted to IPv4)
if ($kill_black_ips && (false===strrpos($_SERVER['REMOTE_ADDR'], ":"))) {
//$client_ip = "174.129.228.67"; //test for known IP used by Amazon
//$client_ip = "66.249.72.170"; //test for known IP range used by Google
$client_ip_long = ip2long($client_ip);
foreach ($black_ips as $value) { // check all single IPs and IP ranges
if(!strpos($value, "-")) { // enter here for single IPs
$value_long = ip2long(trim($value));
if ($client_ip_long == $value_long) {
if ($debug_user) {
die("<br />With respect to the corresponding Admin setting,<br />no results are presented for the IP <strong>$client_ip</strong><br />Known to be used by a Meta search engine.");
} else {
die("<br />No results found.");
}
}
} else { // enter here for IP range
$range = explode('-', trim($value)); // separate the low border IP from the high border
if($client_ip_long >= ip2long($range[0]) && $client_ip_long <= ip2long($range[1])) {
if ($debug_user) {
$value = str_replace("-", " - ", $value);
die("<br />With respect to the corresponding Admin setting,<br />no results are presented for the IP range <strong> $value </strong><br /> Known to be used by a Meta search engine.<br />Here they used: <strong>$client_ip</strong>");
} else {
die("<br />No results found.");
}
}
}
}
}
if ($use_ids == 1 && $def_config != 1){ // if Intrusion Detection System should be used
require_once ("$include_dir/ids_handler.php");
}
// does the IDS detect an attack?
if (strlen($result) > 13 && $def_config != 1) {
// get impact of intrusion
$len = strpos($result, "<")-13;
$res = trim(substr($result, '13', $len));
if ($res >= $ids_warn) {
$mytitle .= " - IDS supervisor";
require_once "".$template_dir."/html/010_html_header.html";
echo " <br /><br />
<div class='headline cntr'>
IDS result message
</div>
<br /><br />
$result
<br />
<div class='cntr warnadmin'>
<br />
Further input blocked by the Sphider-plus supervisor, because the
<br /><br />
Intrusion Detection System noticed the above attempt to attack this search engine.
<br /><br />
</div>
<div class='headline cntr'>
</div>
<br /><br />
</body>
</html>
";
die();
}
}
//echo "\r\n\r\n<br>_SERVER Array:<br><pre>";print_r($_SERVER);echo "</pre>\r\n";
// already known as an eval IP by the IDS ?
if ($ids_blocked == 1 && $def_config != 1) {
$blocked = '';
if ( isset ( $_SERVER['REMOTE_ADDR'] ) ) { // get actual IP from user
$new_ip = htmlspecialchars($_SERVER['REMOTE_ADDR']);
$handle = @fopen ("$include_dir/IDS/tmp/phpids_log.txt","r");
if ($handle) { // read IDS log-file
$lines = @file("$include_dir/IDS/tmp/phpids_log.txt");
@fclose($handle);
}
foreach ($lines as $thisline) { // analyze all stored intrusion attempts
preg_match("@\"(.*?)\",(.*?),(.*?),@",$thisline, $regs);
if ($new_ip == $regs[1] && $regs[3] >= $ids_stop) { // if actual IP is known to be eval and impact was significant
$blocked = '1';
}
}
if ($blocked) {
$mytitle .= " - IDS supervisor";
require_once "".$template_dir."/html/010_html_header.html";
echo " <br /><br />
<div class='headline cntr'>
IDS message: known eval IP due to former attacks
</div>
<br /><br />
<div class='cntr warnadmin'>
<br />
Further access blocked by the Sphider-plus supervisor, because the
<br /><br />
Intrusion Detection System already noticed an attempt to attack this search engine.
<br /><br />
</div>
<div class='headline cntr'>
</div>
<br /><br />
</body>
</html>
";
die();
}
}
}
// overwrite the configuration setting with respect to users decision
if($mark0) {
$mark = $mark0;
}
if ($mb == 1) {
mb_internal_encoding("UTF-8"); // define standard charset for mb functions
}
if ($debug == '0') {
if (function_exists("ini_set")) {
ini_set("display_errors", "0");
}
error_reporting(0); // suppress PHP messages
}
if ($show_media == 1) {
include "$include_dir/search_media.php";
}
include "$language_dir/$language-language.php";
// try to get the currently valid language
if ($auto_lng == 1) { // if enabled in Admin settings, get country code of calling client
if ( isset ( $_SERVER['HTTP_ACCEPT_LANGUAGE'] ) ) {
$cc = substr( htmlspecialchars($_SERVER['HTTP_ACCEPT_LANGUAGE']), 0, 2);
$handle = @fopen ("$language_dir/$cc-language.php","r");
if ($handle) {
$language = $cc; // if available set language to users slang
include "$language_dir/$language-language.php";
@fclose($handle);
}
}
}
//echo "\r\n\r\n<br>Info array:<br><pre>";print_r($_SERVER);echo "</pre>\r\n";
if($user_lng) { // if Admin settings should be overwritten
$language = $user_lng;
}
// now replace some variables with actual Admin settings as of $dbu_act config file
if (is_dir($common_dir)) {
$handle = opendir($common_dir);
if ($use_common == 'all') {
while (false !== ($common_file = readdir($handle))) { // get all common files
if (strpos($common_file, "ommon_")) {
$act = @file($common_dir.$common_file); // get content of actual common file
$all = array_merge($all, $act); // build a complete array of common words
}
}
}
if ($use_common != 'all' && $use_common != 'none') {
$all = @file("".$common_dir."common_".$use_common.".txt"); // get content of language specific common file
}
if ($kill_query == '1'){
$black_in = @file($common_dir.'blacklist.txt'); // get all words to prevent indexing of page
if (is_array($black_in)) {
foreach ($black_in as $val) {
if ($case_sensitive == '0') {
$val = lower_case($val);
}
$val = @iconv($home_charset,"UTF-8",$val);
if (preg_match("/\S/", $val)) {
$black[] = $val;
}
}
while (list($id, $word) = each($black))
$blacklist[] = trim($word);
$blacklist = array_unique($blacklist);
sort($blacklist);
// delete input if query contains any word of blacklist
if (count($blacklist) >= '1') {
$kill = implode("|", $blacklist);
if (preg_match("/$kill/i",$query)) {
$query = '';
}
}
}
}
closedir($handle);
if (is_array($all)) {
while (list($id, $word) = each($all))
$common[trim($word)] = 1;
}
}
require_once("$include_dir/searchfuncs.php");
require_once("$include_dir/categoryfuncs.php");
include "$language_dir/$language-language.php";
if ($mark == $sph_messages['markbold']) $mark = 'markbold';
if ($mark == $sph_messages['markred']) $mark = 'markred';
if ($mark == $sph_messages['markyellow']) $mark = 'markyellow';
if ($mark == $sph_messages['markgreen']) $mark = 'markgreen';
if ($mark == $sph_messages['markblue']) $mark = 'markblue';
if ($catid && is_numeric($catid)){
$cattree = array(" ",$sph_messages['Categories']);
$cat_info = get_category_info($catid);
foreach ($cat_info['cat_tree'] as $_val){
$thiscat = $_val['category'];
array_push($cattree," > ",$thiscat);
}
$cattree = implode($cattree);
}
//now follow the advanced search form for text and media search
if ($submit) {
if ($submit == $sph_messages['t_search']) {
$text_only = "1";
}
if ($submit == $sph_messages['m_search']) {
$media_only = "1";
}
}
$strictpos = strpos($query, '!');
$wildcount = substr_count($query, '*');
if ($wildcount || $strictpos === 0) {
if ($type != 'and') {
$mustbe_and = '1';
}
$type = 'and'; // if wildcard, or strict search mode, switch always to AND search
$strict_search = '1'; // prevent wildcard for quotes search
if(strpos($query, " ", 3)) {
$query = substr($query, 0, strpos($query, " ", 3)); // only the first word of the query will be used for these search modes
$one_word = '1';
}
}
if ($type != "or" && $type != "and" && $type != "phrase" && $type != "tol") {
$type = "and";
}
/*
if (preg_match("/[^a-z0-9-.]+/", $domain)) { //prevents domain search for localhost domain
$domain="";
}
*/
if ($results != "") {
$results_per_page = $results;
}
if (!is_numeric($catid)) {
$catid = "";
}
if (!is_numeric($category)) {
$category = "-1";
}
$checked_cat = '';
$checked_all = '';
if ($category == '-1') {
$checked_all = 'checked="checked"'; // remember that last query was for all sites
} else {
$checked_cat = 'checked="checked"'; // remember that last query was in category
}
if ($catid && is_numeric($catid)) {
$tpl_['category'] = sql_fetch_all('SELECT category FROM '.$mysql_table_prefix.'categories WHERE category_id='.(int)$_REQUEST['catid']);
}
$count_level0 = sql_fetch_all('SELECT count(*) FROM '.$mysql_table_prefix.'categories WHERE parent_num=0');
$has_categories = 0;
if ($count_level0) {
$has_categories = $count_level0[0][0];
}
$type_rem = $type;
$result_rem = $results_per_page;
$mark_rem = $mark;
$sort_rem = $sort;
$catid_rem = $catid;
$cat_rem = $category;
$query = str_replace("\\", "", $query); // kill remained backslash
$query = preg_replace("/'/", "'", $query); // replace ' ' with " ' " else: print quote_replace($query);
// otput of HTML-header
if (!$embedded) {
include "".$template_dir."/html/010_html_header.html"; // complete HTML header
} else {
include "".$template_dir."/html/011_html_header.html"; // only the Sphider-plus relevant part of the HTML header
}
?>