Location: PHPKode > scripts > WebCalendar > WebCalendar-1.2.5/search_handler.php
<?php
/* This page produces search results.
 *
 * "Advanced Search" adds the ability to search other users' calendars.
 * We do a number of security checks to make sure this is allowed.
 *
 * @author Craig Knudsen <hide@address.com>
 * @copyright Craig Knudsen, <hide@address.com>, http://www.k5n.us/cknudsen
 * @license http://www.gnu.org/licenses/gpl.html GNU GPL
 * @package WebCalendar
 * @version $Id: search_handler.php,v 1.46.2.8 2012/02/28 02:07:45 cknudsen Exp $
 */
include_once 'includes/init.php';
require_valide_referring_url ();

$error = '';

// Disable if public access and OVERRIDE_PUBLIC in use
if ( $login == '__public__' && ! empty ( $OVERRIDE_PUBLIC ) &&
  $OVERRIDE_PUBLIC == 'Y' ) {
  print_header ();
  echo print_not_auth ();
  print_trailer ();
  exit;
}

$keywords = getValue ( 'keywords' );
$advanced = getValue ( 'advanced' );

if ( strlen ( $keywords ) == 0 )
  $error = translate ( 'You must enter one or more search keywords' ) . '.';

$matches = 0;
// Determine if this user is allowed to search the calendar of other users
$search_others = false; // show "Advanced Search"
if ( $single_user == 'Y' )
  $search_others = false;

if ( $is_admin )
  $search_others = true;
else
if ( access_is_enabled () )
  $search_others = access_can_access_function ( ACCESS_ADVANCED_SEARCH );
else
if ( $login != '__public__' && ! empty ( $ALLOW_VIEW_OTHER ) &&
    $ALLOW_VIEW_OTHER == 'Y' )
  $search_others = true;
else
if ( $login == '__public__' && ! empty ( $PUBLIC_ACCESS_OTHERS ) &&
    $PUBLIC_ACCESS_OTHERS == 'Y' )
  $search_others = true;

$users = getValue ( 'users' );
if ( empty ( $users ) || empty ( $users[0] ) )
  $search_others = false;
// Security precaution -- make sure users listed in participants list
// was not hacked up to include users that they don't really have access to.
if ( $search_others ) {
  // If user can only see users in his group, then remove users not in his group.
  if ( ! empty ( $USER_SEES_ONLY_HIS_GROUPS ) &&
      $USER_SEES_ONLY_HIS_GROUPS == 'Y' && ! empty ( $GROUPS_ENABLED ) &&
      $GROUPS_ENABLED == 'Y' ) {
    $myusers = get_my_users ( '', 'view' );
    $userlookup = array ();
    for ( $i = 0, $cnt = count ( $myusers ); $i < $cnt; $i++ ) {
      $userlookup[$myusers[$i]['cal_login']] = 1;
    }
    $newlist = array ();
    $cnt = count ( $users );
    for ( $i = 0; $i < $cnt; $i++ ) {
      if ( ! empty ( $userlookup[$users[$i]] ) )
        $newlist[] = $users[$i];
    }
    $users = $newlist;
  }
  // Now, use access control to remove more users :-)
  if ( access_is_enabled () && ! $is_admin ) {
    $newlist = array ();
    for ( $i = 0; $i < count ( $users ); $i++ ) {
      if ( access_user_calendar ( 'view', $users[$i] ) ) {
        $newlist[] = $users[$i];
        //echo "can access $users[$i] <br>";
      } else {
        //echo "cannot access $users[$i] <br>";
      }
    }
    $users = $newlist;
  }
}

if ( empty ( $users ) || empty ( $users[0] ) )
  $search_others = false;

//Get advanced filters
$cat_filter = getPostValue ( 'cat_filter' );
$extra_filter = getPostValue ( 'extra_filter' );
$date_filter = getPostValue ( 'date_filter' );
$start_day = getPostValue ( 'from_day' );
$start_month = getPostValue ( 'from_month' );
$start_year = getPostValue ( 'from_year' );
if ( $start_year < 1970 )
  $start_year = 1970;
$end_day = getPostValue ( 'until_day' );
$end_month = getPostValue ( 'until_month' );
$end_year = getPostValue ( 'until_year' );
if ( $end_year < 1970 )
  $end_year = 1970;
$startDate =  gmdate ( 'Ymd', gmmktime ( 0, 0, 0,
  $start_month, $start_day, $start_year ) );
$endDate =  gmdate ( 'Ymd', gmmktime ( 23, 59, 59,
  $end_month, $end_day, $end_year ) );

print_header ();
echo '
    <h2>' . translate ( 'Search Results' ) . '</h2>';

if ( ! empty ( $error ) )
  echo print_error ( $error );
else {
// *** "Phrase" feature by Steve Weyer hide@address.com 4-May-2005
// check if keywords is surrounded by quotes
// an alternative might be to add a checkbox/list on search.php
// to indicate Phrase or other mode via an arg
// if a phrase, use (after removing quotes) rather than split into words
// also add query (keywords) to "match results" heading near end
// e.g., search_handler.php?keywords=%22Location:%20Arts%20and%20Crafts%22

// begin Phrase modification
$klen = strlen ( $keywords );
$phrasedelim = "\\\"";
$plen = strlen ( $phrasedelim );

if ( substr ( $keywords, 0, $plen ) == $phrasedelim &&
    substr ( $keywords, $klen - $plen ) == $phrasedelim ) {
  $phrase = substr ( $keywords, $plen, $klen - ( $plen * 2 ) );
  $words = array ( $phrase );
} else
  // original (default) behavior
  $words = explode ( ' ', $keywords );
// end Phrase modification
  $order = 'DESC';
  $word_cnt = count ( $words );
  for ( $i = 0; $i < $word_cnt; $i++ ) {
    $sql_params = array ();
    // Note: we only search approved/waiting events (not deleted).
    $sql = 'SELECT we.cal_id, we.cal_name, we.cal_date, weu.cal_login '
      . ( ! empty ( $extra_filter ) ? ', wse.cal_data ' : '' )
      . 'FROM webcal_entry_user weu LEFT JOIN  webcal_entry we '
      . ( ! empty ( $cat_filter ) ? ', webcal_entry_categories wec ' : '')
      . ( ! empty ( $extra_filter ) ? ', webcal_site_extras wse ' : '')
	  . 'ON weu.cal_id = we.cal_id
        WHERE weu.cal_status in ( \'A\',\'W\' )
        AND weu.cal_login IN ( ?';
    if ( $search_others ) {
      if ( empty ( $users[0] ) )
        $sql_params[0] = $users[0] = $login;
      $user_cnt = count ( $users );
      for ( $j = 0; $j < $user_cnt; $j++ ) {
        if ( $j > 0 ) $sql .= ', ?';
        $sql_params[] = $users[$j];
      }
    } else
      $sql_params[] = $login;

    $sql .= ' ) ';
    if ( $search_others ) {
      // Don't search confidential entries of other users.
      $sql .= 'AND ( weu.cal_login = ?
        OR ( weu.cal_login != ? AND we.cal_access = \'P\' ) ) ';
      $sql_params[] = $login;
      $sql_params[] = $login;
    }
    // We get an error using mssql trying to read text column as varchar.
    // This workaround seems to fix it up ROJ
    // but, will only search the first 1kb of the description.
    $sql .= 'AND ( UPPER( we.cal_name ) LIKE UPPER( ? ) OR UPPER( '
     . ( strcmp ( $GLOBALS['db_type'], 'mssql' ) == 0
      ? 'CAST ( we.cal_description AS varchar (1024) )'
      : 'we.cal_description' )
     . ' ) LIKE UPPER( ? ) ';
    $sql_params[] = '%' . $words[$i] . '%';
    $sql_params[] = '%' . $words[$i] . '%';

    //process advanced filters
    if ( ! empty ( $extra_filter ) ) {
      $sql .= ' OR wse.cal_data LIKE UPPER( ? )';
      $sql_params[] = '%' . $words[$i] . '%';
    }
    //close AND statement from above
    $sql .= ')';
    if ( ! empty ( $cat_filter ) ) {
      $sql .= ' AND wec.cat_id = ? AND we.cal_id = wec.cal_id ';
      $sql_params[] = $cat_filter;
    }
    if ( ! empty ( $extra_filter ) )
      $sql .= ' AND we.cal_id = wse.cal_id ';
    if ( ! empty ( $date_filter ) ) {
      if ( $date_filter == 1 ) { //Past entries
        $sql .= 'AND we.cal_date < ? ';
        $sql_params[] = date ( 'Ymd' );
      }
      if ( $date_filter == 2 ) {//Upcoming entries
        $sql .= 'AND we.cal_date >= ? ';
        $sql_params[] = date ( 'Ymd' );
        $order = 'ASC';
      }
      if ( $date_filter == 3 ) {//Use Date Range
        $sql .= 'AND ( we.cal_date >= ? AND we.cal_date <= ? )';
        $sql_params[] = $startDate;
        $sql_params[] = $endDate;
      }
    }

    $res = dbi_execute ( $sql . ' ORDER BY we.cal_date ' . $order
     . ', we.cal_name', $sql_params );
    if ( $res ) {
      while ( $row = dbi_fetch_row ( $res ) ) {		  
        $info[$matches]['id'] = $row[0];
        $info[$matches]['text'] = $row[1] . ' ( ' . date_to_str ( $row[2] ) . ' )';
		$info[$matches]['user'] = $row[3];
		
		$matches++;
      }
    }
    dbi_free_result ( $res );
  }
}

ob_start ();
echo '
    <p><strong>';
if ( $matches > 0 ) {
  // Let update_translation.pl pick up translations.
  // translate ( 'match found' ) translate ( 'matches found' )
  echo $matches . ' '
   . translate ( // line break to bypass update_translation.pl here.
    'match' . ( $matches == 1 ? '' : 'es' ) . ' found' );
} else
  echo translate ( 'No matches found' );

echo ": " . htmlentities ( $keywords ) . '</strong>.</p>';


// now sort by number of hits
if ( empty ( $error ) && ! empty ( $info ) ) {
  echo '
    <ul>';
  foreach ( $info as $result ) {
    echo '
      <li><a class="nav" href="view_entry.php?id=' . $result['id'] 
	   . '&amp;user=' . $result['user'] . '">' . $result['text'] . '</a></li>';
  }
  echo '
    </ul>';
}
echo '
      <form action="search.php' . ( ! empty ( $advanced ) ? '?adv=1' : '' )
        . '"  style="margin-left: 13px;" method="post">
       <input type="submit" value="'
        . translate ( 'New Search' ) . '" /></form>';
ob_end_flush ();
echo print_trailer ();

?>
Return current item: WebCalendar