forked from elabftw/elabftw
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsearch.php
280 lines (246 loc) · 7.61 KB
/
search.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
<?php
/**
* search.php
*
* @author Nicolas CARPi <[email protected]>
* @copyright 2012 Nicolas CARPi
* @see https://www.elabftw.net Official website
* @license AGPL-3.0
* @package elabftw
*/
namespace Elabftw\Elabftw;
/**
* The search page
* Here be dragons!
*
*/
require_once 'app/init.inc.php';
$App->pageTitle = _('Search');
$Experiments = new Experiments($App->Users);
$Database = new Database($App->Users);
$ItemsTypes = new ItemsTypes($App->Users);
$categoryArr = $ItemsTypes->readAll();
$Status = new Status($App->Users);
$statusArr = $Status->readAll();
$TeamGroups = new TeamGroups($App->Users);
$teamGroupsArr = $TeamGroups->readAll();
$usersArr = $App->Users->readAllFromTeam();
$title = '';
$titleWithSpace = false;
// TITLE
if (isset($_GET['title']) && !empty($_GET['title'])) {
// check if there is a space in the query
if (strrpos(trim($_GET['title']), " ") !== false) {
$title_arr = explode(' ', trim($_GET['title']));
$titleWithSpace = true;
}
$title = filter_var(trim($_GET['title']), FILTER_SANITIZE_STRING);
}
// BODY
$body = '';
$bodyWithSpace = false;
if (isset($_GET['body']) && !empty($_GET['body'])) {
if (strrpos(trim($_GET['body']), " ") !== false) {
$body_arr = explode(' ', trim($_GET['body']));
$bodyWithSpace = true;
}
$body = filter_var(Tools::checkBody(trim($_GET['body'])), FILTER_SANITIZE_STRING);
}
// ANDOR
$andor = ' AND ';
if (isset($_GET['andor']) && ($_GET['andor'] === 'and')) {
$andSel = " selected='selected'";
} else {
$andSel = '';
}
if (isset($_GET['andor']) && ($_GET['andor'] === 'or')) {
$orSel = " selected='selected'";
$andor = ' OR ';
} else {
$orSel = '';
}
// TAGS
$tagsArr = array();
if (isset($_GET['type']) && $_GET['type'] === 'experiments' && isset($_GET['tag_exp'])) {
$tagsArr = $_GET['tag_exp'];
}
if (isset($_GET['type']) && $_GET['type'] === 'database' && isset($_GET['tag_db'])) {
$tagsArr = $_GET['tag_db'];
}
// VISIBILITY
$vis = '';
if (isset($_GET['vis']) && !empty($_GET['vis'])) {
if ($Experiments->checkVisibility($_GET['vis'])) {
$vis = $_GET['vis'];
}
}
// FROM
if (isset($_GET['from']) && !empty($_GET['from'])) {
$from = Tools::kdate($_GET['from']);
} else {
$from = '';
}
// TO
if (isset($_GET['to']) && !empty($_GET['to'])) {
$to = Tools::kdate($_GET['to']);
} else {
$to = '';
}
// RENDER THE FIRST PART OF THE PAGE (search form)
$renderArr = array(
'Request' => $Request,
'Experiments' => $Experiments,
'Database' => $Database,
'categoryArr' => $categoryArr,
'statusArr' => $statusArr,
'teamGroupsArr' => $teamGroupsArr,
'usersArr' => $usersArr,
'title' => $title,
'body' => $body,
'andor' => $andor,
'tagsArr' => $tagsArr
);
echo $App->render('search.html', $renderArr);
/**
* Here the search begins
* If there is a search, there will be get parameters, so this is our main switch
*/
if (isset($_GET)) {
// assign variables from get
$table = 'items';
$tagTable = 'items_tags';
$status = '';
$rating = '';
$tags = '';
// TABLE
if (isset($_GET['type']) && $_GET['type'] === 'experiments') {
$table = 'experiments';
$tagTable = 'experiments_tags';
}
// STATUS
if (isset($_GET['status']) && !empty($_GET['status']) && Tools::checkId($_GET['status'])) {
$status = $_GET['status'];
}
// RATING
if (isset($_GET['rating']) && !empty($_GET['rating'])) {
if ($_GET['rating'] === 'no') {
$rating = '0';
} else {
$rating = intval($_GET['rating']);
}
}
// PREPARE SQL query
$sqlUserid = '';
$sqlDate = '';
$sqlTitle = '';
$sqlBody = '';
$sqlTag = '';
$sqlStatus = '';
$sqlRating = '';
$sqlVisibility = '';
// Title search
if ($titleWithSpace) {
$sqlTitle = " AND (";
foreach ($title_arr as $key => $value) {
if ($key != 0) {
$sqlTitle .= $andor;
}
$sqlTitle .= $table . ".title LIKE '%$value%'";
}
$sqlTitle .= ")";
} elseif (!empty($title)) {
$sqlTitle = " AND " . $table . ".title LIKE '%$title%'";
}
// Body search
if ($bodyWithSpace) {
$sqlBody = " AND (";
foreach ($body_arr as $key => $value) {
if ($key != 0) {
$sqlBody .= $andor;
}
$sqlBody .= "$table.body LIKE '%$value%'";
}
$sqlBody .= ")";
} elseif (!empty($body)) {
$sqlBody = " AND $table.body LIKE '%$body%'";
}
// Tag search
if (!empty($tagsArr)) {
foreach ($tagsArr as $tag) {
$tag = filter_var($tag, FILTER_SANITIZE_STRING);
$sqlTag .= " AND EXISTS (SELECT 1 FROM " . $tagTable . " tagt WHERE tagt.item_id = " .
$table . ".id AND tagt.tag LIKE '%" . $tag . "%') ";
}
}
// Status search
if (!empty($status)) {
$sqlStatus = " AND $table.status = '$status'";
}
// Rating search
if (!empty($rating)) {
$sqlRating = " AND $table.rating LIKE '$rating'";
}
// Visibility search
if (!empty($vis)) {
$sqlVisibility = " AND $table.visibility = '$vis'";
}
// Date search
if (!empty($from) && !empty($to)) {
$sqlDate = " AND $table.date BETWEEN '$from' AND '$to'";
} elseif (!empty($from) && empty($to)) {
$sqlDate = " AND $table.date BETWEEN '$from' AND '99991212'";
} elseif (empty($from) && !empty($to)) {
$sqlDate = " AND $table.date BETWEEN '00000101' AND '$to'";
}
/////////////////////////////////////////////////////////////////
if (isset($_GET['type'])) {
if ($_GET['type'] === 'experiments') {
// EXPERIMENTS SEARCH
$Entity = new Experiments($App->Users);
// USERID FILTER
if (isset($_GET['owner'])) {
if (Tools::checkId($_GET['owner'])) {
$owner = $_GET['owner'];
$sqlUserid = " AND experiments.userid = " . $owner;
} elseif (empty($_GET['owner'])) {
$owner = $App->Users->userid;
$sqlUserid = " AND experiments.userid = " . $owner;
}
if ($_GET['owner'] === '0') {
$sqlUserid = '';
}
}
// STATUS
$Entity->categoryFilter = $sqlStatus;
// VISIBILITY FILTER
$Entity->visibilityFilter = $sqlVisibility;
} else {
// DATABASE SEARCH
$Entity = new Database($App->Users);
// RATING
$Entity->ratingFilter = $sqlRating;
if (Tools::checkId($_GET['type'])) {
// filter on database items types
$Entity->categoryFilter = "AND items_types.id = " . $_GET['type'];
}
}
// common filters for XP and DB
$Entity->bodyFilter = $sqlBody;
$Entity->dateFilter = $sqlDate;
$Entity->tagFilter = $sqlTag;
$Entity->titleFilter = $sqlTitle;
$Entity->useridFilter = $sqlUserid;
$itemsArr = $Entity->read();
// RENDER THE SECOND PART OF THE PAGE
// with a subpart of show.html (no create new/filter menu, and no head)
echo $App->render('show.html', array(
'Entity' => $Entity,
'itemsArr' => $itemsArr,
'categoryArr' => $categoryArr,
// we are on the search page, so we don't want any "click here to create your first..."
'searchType' => 'something',
// generate light show page
'searchPage' => true
));
}
}