/** * Process search results from a form submission or via the url. */ public function processSearch() { if (isset($_POST['submit']) && $_POST['submit']) { if (piaForm::isValidTokens(piaSearch::TOKEN_PREFIX)) { $this->searchstr = piaDB::cleanInput($_REQUEST['searchtext']); header("Location: search_results.php?searchstr=" . urlencode($this->searchstr)); } } if (isset($_REQUEST['searchstr'])) { $this->searchstr = piaDB::cleanInput($_REQUEST['searchstr']); } $this->showForm(); $this->showSearchResults(); }
/** * Add a log entry to the database activity table. * @param string $activityType The activity type, must match an entry in the std.activity_type table. * @param string $description A descriptive comment associated with the activity. * @param string $username Optional username, if not specified uses the current user. */ public static function logActivity($activityType, $description, $username = '') { if (strlen($username) > 0) { $cleanUsername = piaDB::cleanInput($username); } else { $cleanUsername = piaDB::cleanInput('guest'); } $cleanActivityType = piaDB::cleanInput($activityType); $cleanDescription = piaDB::cleanInput($description); $cleanIP = piaDB::cleanInput($_SERVER['REMOTE_ADDR']); $query = "INSERT INTO core.activity (user_rowid_fk, activity_type_rowid_fk, remote_ip, description) VALUES (\n\t\t\t\t(SELECT rowid FROM core.user WHERE username = \$1),\n\t\t\t\t(SELECT rowid FROM ref.activity_type WHERE name = \$2), \$3, \$4)"; piaDB::executeQuery($query, array($cleanUsername, $cleanActivityType, $cleanIP, $cleanDescription), '', null, False); }