<?
// *******************************************************************
// include/results.php
// *******************************************************************
if(isset($term) && strlen($term)>0){
//////////////////////////////////////////////////////////////////////////////////////////
// PHPLinks XSS Vulnerability Fix - By JeiAr - hide@address.com 01-2003 //
/////////////////////////////////////////////////////////////////////////////////////////
// $ip = $REMOTE_ADDR;
// $info = $HTTP_USER_AGENT;
// if (ereg('[-!#$%&\'"*+\\.<->=?^_`{|}]$', $term)) {$err.= "Please enter A
// valid Search Term.<BR>";}
// if ($err) {
// echo $err;
// echo "<b>Possible Hack Attempt!!</b><br>";
// echo "<b>$ip</b><br>";
// echo "<b>$info</b><br>";
// echo "<a href=index.php>Back</a>";
// exit;
// }
///////////////////////////////////////////////////////////////////////////////////////////
if(!isset($sr)){
$sr=0;
}
if($logic == "phrase"){
$st[0] = $term;
} else {
// $term = eregi_replace("[-!#$%&'"*\+.<->=?^_`{|}]$", " ", $term);
$st = explode(" ", $term);
$cst = sizeof($st);
if($cst > 1){
$sterm .= $st[0];
for($p=1; $p<$cst; $p++){$sterm .= "+" . $st[$p];
}
} else {
$sterm .= $st[0];
}
}
$i = 0;
while($st[$i]){
if(strlen($st[$i]) > 2){
$split_term[] = $st[$i];
} else {
$removed[] = $st[$i];}
$i++;
}
$i = 0;
while($split_term[$i]){
if(strlen($split_term[$i]) > 2){
$new_term .= $split_term[$i]." ";
}
$i++;
}
$i = 0;
if(strlen($new_term)>2){
if($ns!=1){
$record_term = sql_query("
insert into $tb_terms(
ID,
Term
) values (
'',
'$new_term'
)
");
}
}
while($removed[$i]){
$removed_term .= $removed[$i];
if($removed[$i+1]) {$removed_term .= ",";
}
$i++;
}
$removed_html = stripslashes($new_term);
if($removed_term){
$removed_html .= " (";
$removed_html .= trim($removed_term).") " . $results_1;
}
if($logic == "or"){
$sites_sql = "
select
$tb_links.ID as site_id,
$tb_links.SiteName as site_name,
$tb_links.SiteURL as site_url,
$tb_categories.Category as category_name,
$tb_categories.ID as cat_id,
$tb_links.Added as added,
$tb_links.LastUpdate as last_update,
$tb_links.Description as site_description,
$tb_links.Country as country,
$tb_links.HitsIn as hits_in,
$tb_links.HitsOut as hits_out,
count($tb_reviews.ID) as total_reviews
from
$tb_links
left join
$tb_categories
on
$tb_links.Category=$tb_categories.ID
left join
$tb_reviews
on
$tb_links.ID=$tb_reviews.SiteID
where (";
if(isset($search_cat) && $search_cat != 0){
$sites_sql .= "(";
}
$i = 0;
while($split_term[$i]){
$sites_sql .= "$tb_links.SiteURL like '%$split_term[$i]%'";
if($split_term[$i+1]){
$sites_sql .= " or ";
}
$i++;
}
$sites_sql .= ") or (";
$i = 0;
while($split_term[$i]){
$sites_sql .= "$tb_links.Description like '%$split_term[$i]%'";
if($split_term[$i+1]){
$sites_sql .= " or ";
}
$i++;
}
$sites_sql .= ") or (";
$i = 0;
while($split_term[$i]){
$sites_sql .= "$tb_links.SiteName like '%$split_term[$i]%'";
if($split_term[$i+1]){
$sites_sql .= " or ";
}
$i++;
}
$sites_sql .= ") ";
if(isset($search_cat) && $search_cat != 0){
$sites_sql .= ") and ($tb_links.Category = '$search_cat') ";
}
$total_sql = $sites_sql . "group by site_id";
$sites_sql .= "group by site_id limit $sr, $pp";
} else {
$sites_sql = "
select
$tb_links.ID as site_id,
$tb_links.SiteName as site_name,
$tb_links.SiteURL as site_url,
$tb_categories.Category as category_name,
$tb_categories.ID as cat_id,
$tb_links.Added as added,
$tb_links.LastUpdate as last_update,
$tb_links.Description as site_description,
$tb_links.HitsIn as hits_in,
$tb_links.HitsOut as hits_out,
count($tb_reviews.ID) as total_reviews
from
$tb_links
left join
$tb_categories
on
$tb_links.Category=$tb_categories.ID
left join
$tb_reviews
on
$tb_links.ID=$tb_reviews.SiteID
where (";
$i = 0;
while($split_term[$i]){
$sites_sql .= "$tb_links.SiteURL like '%$split_term[$i]%'";
if($split_term[$i+1]){
$sites_sql .= " and ";
}
$i++;
}
$sites_sql .= ") or (";
$i = 0;
while($split_term[$i]){
$sites_sql .= "$tb_links.Description like '%$split_term[$i]%'";
if($split_term[$i+1]){
$sites_sql .= " and ";
}
$i++;
}
$sites_sql .= ") or (";
$i = 0;
while($split_term[$i]){
$sites_sql .= "$tb_links.SiteName like '%$split_term[$i]%'";
if($split_term[$i+1]){
$sites_sql .= " and ";
}
$i++;
}
$sites_sql .= ") ";
$total_sql = $sites_sql . "group by site_id";
$sites_sql .= "group by site_id limit $sr, $pp";
}
if(isset($term) && strlen($term)>0){
if($logic == "or"){
$cats_sql = "
select
$tb_categories.ID as category_id,
$tb_categories.Category as category_name,
$tb_categories.PID as category_pid
from
$tb_categories
where (";
$i = 0;
while($split_term[$i]){
$cats_sql .= "$tb_categories.Category like '%$split_term[$i]%'";
if($split_term[$i+1]){
$cats_sql .= " or ";
}
$i++;
}
$cats_sql .= ") ";
} else {
$cats_sql = "
select
$tb_categories.Category as category_name,
$tb_categories.ID as category_id,
$tb_categories.PID as category_pid
from
$tb_categories
where (";
$i = 0;
while($split_term[$i]){
$cats_sql .= "$tb_categories.Category
like '%$split_term[$i]%'";
if($split_term[$i+1]){
$cats_sql .= " and ";
}
$i++;
}
$cats_sql .= ") ";
}
}
$mtime1 = getmicrotime();
$site_results = sql_query($sites_sql);
$cat_results = sql_query($cats_sql);
$total_results = sql_query($total_sql);
$total = sql_num_rows($total_results);
$mtime2 = getmicrotime();
$search_time = $mtime2 - $mtime1;
$htmlsrc .= $table2 . "<tr>";
$htmlsrc .= "\r\n\t<td width=\"100%\" class=\"whatText\">" . $results_2;
$htmlsrc .= "<font class=\"searchEngines\">" . $removed_html;
$htmlsrc .= "</font> " . $results_3;
$htmlsrc .= "<font class=\"searchEngines\">" . substr($search_time, 0, 6);
$htmlsrc .= "</font>" . $results_4 . "...<br />";
$htmlsrc .= "</td>\r\n</tr>\r\n</table>\r\n";
echo whattable("100%","center","",$htmlsrc);
unset($htmlsrc);
$htmlsrc = $table2 . "<tr><td width=\"100%\" ";
$htmlsrc .= "class=\"whatText\">" . $results_5 . "</td></tr></table>";;
echo whattable("100%","center","",$htmlsrc);
unset($htmlsrc);
$x=0;
$htmlsrc = $table2;
while($x<25){
$htmlsrc .= "<tr>";
$pop_terms = sql_query("
select
Term,
count(*) as Count
from
$tb_terms
group by
Term
order by
Count desc
limit
$x,5
");
while($pt_rows = sql_fetch_array($pop_terms)){
$htmlsrc .= "<td class=\"searchEngines\"> <a class=\"searchEngines\"";
$htmlsrc .= "href=\"index.php?" . session_name() . "=" . session_id() . "&ns=1&logic=or&maximum=10&term=";
$htmlsrc .= $pt_rows[Term] . "\">" . $pt_rows[Term] . "</a>(";
$htmlsrc .= $pt_rows[Count] . ") </td>";
}
$htmlsrc .= "</tr>";
$x=$x+5;
}
$htmlsrc .= "</table>";
echo table("99%","center","",$htmlsrc);
unset($htmlsrc);
if($cp<=1){
echo draw_search_categories($cat_results, $split_term);
}
echo draw_search_sites($total, $site_results, $split_term);
$htmlsrc = $table2 . "<tr><td class=\"whatText\">" . $results_6 . "</td></tr></table>";
echo whattable("100%","center","",$htmlsrc);
unset($htmlsrc);
$htmlsrc = $table2 . "<tr><td class=\"searchEngineText\"> <a class=\"searchEngines\" ";
$htmlsrc .= "target=\"_blank\" href=\"index.php?" . session_name() . "=";
$htmlsrc .= session_id() . "&logic=or&maximum=10&term=";
$htmlsrc .= $sterm . "\">" . "RAHS Card Catalog" . "</a> - ";
$htmlsrc .= "<a class=\"searchEngines\" target=\"_blank\" ";
$htmlsrc .= "href=\"http://www.google.com/search?hl=en&ie=ISO-8859-1&q=";
$htmlsrc .= $sterm . "\">Google</a> - <a class=\"searchEngines\" target=\"_blank\" ";
$htmlsrc .= "href=\"http://search.yahoo.com/bin/search?p=" . $sterm;
$htmlsrc .= "\">Yahoo</a></td></tr></table>";
echo table("99%","center","",$htmlsrc);
unset($htmlsrc);
} else {
$htmlsrc = $table2 . "<tr><td class=\"errorText\" align=\"center\"><br /><br />" . $results_7;
$htmlsrc .= "<br /><br /></td></tr></table>";
echo table("100%","center","",$htmlsrc);
unset($htmlsrc);
}
?>