function DataRows2sql($field, $cnt, $data_encode, &$s_sql, $conn_aux)
{
$tmp2 = "";
//print "cnt para $field: $cnt<br>";
for ($i = 0; $i < $cnt; $i++) {
$tmp = "";
if ($field[$i][2] != "" && $field[$i][1] != " ") {
//$tmp = $field[$i][0]." data_payload ".$field[$i][1]." '%".FormatPayload($field[$i][2], $data_encode).
// "%' ".$field[$i][3]."".$field[$i][4]." ".$field[$i][5];
$data_encode1 = array("ascii", "hex");
/*
* Prepare search string:
* - html_entity_decode() The string here is with htmlentities, chars like " must be "
* - escape_sql()
*/
$search_str = FormatPayload($field[$i][2], $data_encode);
$search_str = html_entity_decode($search_str, ENT_QUOTES, 'ISO-8859-1');
$search_str = escape_sql($search_str, $conn_aux);
$and_str = preg_split("/\\s+AND\\s+/", $search_str);
$ands = array();
foreach ($and_str as $and) {
// apply AND logic
$or_str = preg_split("/\\s+OR\\s+/", $and);
$ors = array();
foreach ($or_str as $or) {
// apply ! and OR operators
if (preg_match("/^\\!(.*)/", $or, $fnd)) {
// Negated as AND
//$encoded = FormatPayload($fnd[1], $data_encode1);
//$ors[] = "(data_payload NOT LIKE '%".$fnd[1]."%' AND data_payload NOT LIKE '%".$encoded."%')";
$ors[] = "(data_payload NOT LIKE '%" . $fnd[1] . "%')";
} elseif ($field[$i][1] == "NOT LIKE") {
// Negated as AND
//$encoded = FormatPayload($or, $data_encode1);
//$ors[] = "(data_payload NOT LIKE '%".$or."%' AND data_payload NOT LIKE '%".$encoded."%')";
$ors[] = "(data_payload NOT LIKE '%" . $or . "%')";
} else {
//$encoded = FormatPayload($or, $data_encode1);
//$ors[] = "(data_payload LIKE '%".$or."%' OR data_payload LIKE '%".$encoded."%')";
$ors[] = "(data_payload LIKE '%" . $or . "%')";
}
}
$ands[] = "(" . implode(" OR ", $ors) . ")";
}
$tmp = " acid_event.id=extra_data.event_id AND (" . implode(" AND ", $ands) . ")";
} else {
if ($field[$i][2] != "" && $field[$i][1] == " ") {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("A payload value of") . " '" . $field[$i][2] . "' " . gettext("was entered for a payload criteria field, but an operator (e.g. has, has not) was not specified."));
}
// Warning message commented to be the same as signature
//if (($field[$i][1] != " " && $field[$i][1] != "") && $field[$i][2] == "") ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An operator of") . " '" . $field[$i][1] . "' " . gettext("was selected indicating that payload should be a criteria, but no value on which to match was specified."));
}
$union = $i > 0 ? $field[$i - 1][4] == "AND" || $field[$i - 1][4] == "OR" ? " " . $field[$i - 1][4] . " " : " OR " : "";
if ($tmp != '') {
$tmp2 = $tmp2 . $union . $tmp;
}
if ($i > 0 && ($field[$i - 1][4] == ' ' || $field[$i - 1][4] == '')) {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Multiple Data payload criteria entered without a boolean operator (e.g. AND, OR) between them."));
}
}
if ($tmp2 != "") {
$s_sql = $s_sql . " AND ( " . $tmp2 . " )";
return 1;
}
return 0;
}
function DataRows2sql($field, $cnt, $data_encode, &$s_sql)
{
$tmp2 = "";
//print "cnt para $field: $cnt<br>";
for ($i = 0; $i < $cnt; $i++) {
$tmp = "";
if ($field[$i][2] != "" && $field[$i][1] != " ") {
//$tmp = $field[$i][0]." data_payload ".$field[$i][1]." '%".FormatPayload($field[$i][2], $data_encode).
// "%' ".$field[$i][3]."".$field[$i][4]." ".$field[$i][5];
$data_encode1 = array("ascii", "hex");
$tmp = " acid_event.sid=extra_data.sid AND acid_event.cid=extra_data.cid AND (MATCH(data_payload) AGAINST ('" . FormatPayload($field[$i][2], $data_encode) . "' IN BOOLEAN MODE) OR data_payload LIKE '%" . FormatPayload($field[$i][2], $data_encode1) . "%')";
//$tmp = " acid_event.sid=extra_.sid AND acid_event.cid=extra_.cid AND data_payload LIKE '%".FormatPayload($field[$i][2], $data_encode)."%'";
} else {
if ($field[$i][2] != "" && $field[$i][1] == " ") {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("A payload value of") . " '" . $field[$i][2] . "' " . gettext("was entered for a payload criteria field, but an operator (e.g. has, has not) was not specified."));
}
if ($field[$i][1] != " " && $field[$i][1] != "" && $field[$i][2] == "") {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An operator of") . " '" . $field[$i][1] . "' " . gettext("was selected indicating that payload should be a criteria, but no value on which to match was specified."));
}
}
$tmp2 = $tmp2 . $tmp;
if ($i > 0 && $field[$i - 1][4] == ' ') {
ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Multiple Data payload criteria entered without a boolean operator (e.g. AND, OR) between them."));
}
}
if ($tmp2 != "") {
$s_sql = $s_sql . " AND ( " . $tmp2 . " )";
return 1;
}
return 0;
}
