function do_search()
{
global $lang_global, $lang_game_object, $output, $world_db, $realm_id, $go_datasite, $sql_search_limit, $go_type;
wowhead_tt();
require_once "./scripts/get_lib.php";
$deplang = get_lang_id();
if ((!isset($_POST['entry']) || $_POST['entry'] === '') && (!isset($_POST['name']) || $_POST['name'] === '') && (!isset($_POST['ScriptName']) || $_POST['ScriptName'] === '') && (!isset($_POST['displayId']) || $_POST['displayId'] === '') && (!isset($_POST['faction']) || $_POST['faction'] === '') && (!isset($_POST['flags']) || $_POST['flags'] === '') && (!isset($_POST['custom_search']) || $_POST['custom_search'] === '') && $_POST['type'] == -1) {
redirect("game_object.php?error=1");
}
$sql = new SQL();
$sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
if ($_POST['entry'] != '') {
$entry = $sql->quote_smart($_POST['entry']);
}
if ($_POST['name'] != '') {
$name = $sql->quote_smart($_POST['name']);
}
if ($_POST['type'] != -1) {
$type = $sql->quote_smart($_POST['type']);
}
if ($_POST['ScriptName'] != '') {
$ScriptName = $sql->quote_smart($_POST['ScriptName']);
}
if ($_POST['displayId'] != '') {
$displayId = $sql->quote_smart($_POST['displayId']);
}
if ($_POST['faction'] != '') {
$faction = $sql->quote_smart($_POST['faction']);
}
if ($_POST['flags'] != '') {
$flags = $sql->quote_smart($_POST['flags']);
}
if ($_POST['custom_search'] != '') {
$custom_search = $sql->quote_smart($_POST['custom_search']);
} else {
$custom_search = "";
}
$where = "WHERE gameobject_template.entry > 0 ";
if ($custom_search != "") {
$where .= " {$custom_search} ";
}
if (isset($entry)) {
$where .= "AND gameobject_template.entry = '{$entry}' ";
}
if (isset($name)) {
$where .= "AND IFNULL(" . ($deplang != 0 ? "name_loc{$deplang}" : "NULL") . ",`name`) LIKE '%{$name}%' ";
}
if (isset($type)) {
$where .= "AND type = '{$type}' ";
}
if (isset($ScriptName)) {
$where .= "AND ScriptName LIKE '%{$ScriptName}%' ";
}
if (isset($displayId)) {
$where .= "AND displayId = '{$displayId}' ";
}
if (isset($faction)) {
$where .= "AND faction = '{$faction}' ";
}
if (isset($flags)) {
$where .= "AND flags = '{$flags}' ";
}
if ($where == "WHERE gameobject_template.entry > 0 ") {
redirect("game_object.php?error=1");
}
$result = $sql->query("SELECT gameobject_template.entry, type, displayId, IFNULL(" . ($deplang != 0 ? "name_loc{$deplang}" : "NULL") . ",`name`) as name, faction FROM gameobject_template LEFT JOIN locales_gameobject ON gameobject_template.entry = locales_gameobject.entry {$where} ORDER BY gameobject_template.entry LIMIT {$sql_search_limit}");
$total_found = $sql->num_rows($result);
$output .= "<center>\r\n <table class=\"top_hidden\"></td>\r\n <tr><td>";
makebutton($lang_game_object['new_search'], "game_object.php", 160);
$output .= "</td>\r\n <td align=\"right\">{$lang_game_object['tot_found']} : {$total_found} : {$lang_global['limit']} {$sql_search_limit}</td>\r\n </tr></table>";
$output .= "<table class=\"lined\">\r\n <tr>\r\n <th width=\"10%\">{$lang_game_object['entry']}</th>\r\n <th width=\"40%\">{$lang_game_object['name']}</th>\r\n <th width=\"20%\">{$lang_game_object['type']}</th>\r\n <th width=\"15%\">{$lang_game_object['displayId']}</th>\r\n <th width=\"15%\">{$lang_game_object['faction']}</th>\r\n </tr>";
for ($i = 1; $i <= $total_found; $i++) {
$go = $sql->fetch_row($result);
$output .= "<tr>\r\n <td><a href=\"{$go_datasite}{$go['0']}\" target=\"_blank\">{$go['0']}</a></td>\r\n <td><a href=\"game_object.php?action=edit&entry={$go['0']}&error=4\">" . htmlentities($go[3]) . "</a></td>\r\n <td>" . get_go_type($go[1]) . "</td>\r\n <td>{$go['2']}</td>\r\n <td>{$go['4']}</td>\r\n </tr>";
}
$output .= "</table></center><br />";
$sql->close();
}
function search()
{
global $output, $world_db, $realm_id, $base_datasite, $go_datasite, $sql_search_limit, $locales_search_option, $itemperpage, $go_types, $sql, $core;
//-------------------SQL Injection Prevention--------------------------------
$start = isset($_GET["start"]) ? $sql["logon"]->quote_smart($_GET["start"]) : 0;
if (!is_numeric($start)) {
$start = 0;
}
$order_by = isset($_GET["order_by"]) ? $sql["logon"]->quote_smart($_GET["order_by"]) : "acct";
if (!preg_match('/^[_[:lower:]]{1,15}$/', $order_by)) {
$order_by = "acct";
}
$dir = isset($_GET["dir"]) ? $sql["logon"]->quote_smart($_GET["dir"]) : 1;
if (!preg_match('/^[01]{1}$/', $dir)) {
$dir = 1;
}
$order_dir = $dir ? "ASC" : "DESC";
$dir = $dir ? 0 : 1;
if ((!isset($_GET["entry"]) || $_GET["entry"] === "") && (!isset($_GET["name"]) || $_GET["name"] === "") && (!isset($_GET["displayId"]) || $_GET["displayId"] === "") && (!isset($_GET["faction"]) || $_GET["faction"] === "") && (!isset($_GET["flags"]) || $_GET["flags"] === "") && $_GET["type"] == -1) {
redirect("object.php?error=1");
}
if ($_GET["entry"] != "") {
$entry = $sql["world"]->quote_smart($_GET["entry"]);
}
if ($_GET["name"] != "") {
$name = $sql["world"]->quote_smart($_GET["name"]);
}
if ($_GET["type"] != "" && $_GET["type"] != -1) {
$type = $sql["world"]->quote_smart($_GET["type"]);
}
if ($_GET["displayid"] != "") {
$displayId = $sql["world"]->quote_smart($_GET["displayid"]);
}
if ($_GET["faction"] != "") {
$faction = $sql["world"]->quote_smart($_GET["faction"]);
}
if ($_GET["flags"] != "") {
$flags = $sql["world"]->quote_smart($_GET["flags"]);
}
// a little XSS prevention
if (htmlspecialchars($entry) != $entry) {
$entry = "";
}
if (htmlspecialchars($name, ENT_COMPAT, $site_encoding) != $name) {
$name = "";
}
if (htmlspecialchars($type) != $type) {
$type = -1;
}
if (htmlspecialchars($displayid) != $displayid) {
$displayid = "";
}
if (htmlspecialchars($faction) != $faction) {
$faction = "";
}
if (htmlspecialchars($flags) != $flags) {
$flags = "";
}
//wowhead_tt();
//require_once("./libs/get_lib.php");
//$deplang = get_lang_id();
// Filters
if ($core == 1) {
$query = "SELECT COUNT(*) FROM gameobject_names";
} else {
$query = "SELECT COUNT(*) FROM gameobject_template";
}
$result = $sql["world"]->query($query);
$tot_go = $sql["world"]->result($result, 0);
// we need $type to be set so the <select> will show correctly
if (!isset($type)) {
$type = -1;
}
$output .= '
<div class="fieldset_border">
<span class="legend">' . lang("game_object", "search_template") . '</span>
<br />
<form action="object.php" method="get" id="form">
<div>
<!-- input type="hidden" name="action" value="do_search" / -->
<input type="hidden" name="error" value="2" />
</div>
<table class="hidden center">
<tr>
<td>' . lang("game_object", "entry") . ':</td>
<td>
<input type="text" size="14" maxlength="11" name="entry" value="' . $entry . '" />
</td>
<td>' . lang("game_object", "name") . ':</td>
<td colspan="3">
<input type="text" size="45" maxlength="100" name="name" value="' . $name . '" />
</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>' . lang("game_object", "type") . ':</td>
<td colspan="3" align="left">
<select name="type">
<option value="-1"' . ($type == -1 ? ' selected="selected" ' : '') . '>' . lang("game_object", "select") . '</option>';
foreach ($go_types as $row) {
$output .= '
<option value="' . $row[0] . '"' . ($type == $row[0] ? ' selected="selected" ' : '') . '>' . $row[0] . ' ' . $row[1] . '</option>';
}
$output .= '
</select>
</td>
</tr>
<tr>
<td>' . lang("game_object", "displayId") . ':</td>
<td>
<input type="text" size="14" maxlength="11" name="displayid" value="' . $displayid . '" />
</td>';
$output .= '
<td>' . lang("game_object", "flags") . ':</td>
<td align="left">
<input type="text" size="15" maxlength="11" name="flags" value="' . $flags . '" />
</td>';
if ($core != 1) {
$output .= '
<td>' . lang("game_object", "faction") . ':</td>
<td align="left">
<input type="text" size="14" maxlength="11" name="faction" value="' . $faction . '" />
</td>';
} else {
$output .= '
<td colspan="2"> </td>';
}
$output .= '
</tr>
<tr>
<td colspan="3">';
makebutton(lang("game_object", "search"), "javascript:do_submit()", 150);
$output .= '
</td>
<td colspan="3">' . lang("game_object", "tot_go_templ") . ': ' . $tot_go . '</td>
</tr>
</table>
</form>
</div>
<br />
<br />';
// now we only want $type if it has REAL content
if ($type == -1) {
unset($type);
}
// Show filtered game object list
if ($core == 1) {
$where = "gameobject_names.entry>0 ";
} else {
$where = "gameobject_template.entry>0 ";
}
$base_where = $where;
if (isset($entry)) {
if ($core == 1) {
$where .= "AND gameobject_names.entry='" . $entry . "' ";
} else {
$where .= "AND gameobject_template.entry='" . $entry . "' ";
}
}
if (isset($name)) {
$where .= "AND `name` LIKE '%" . $name . "%' ";
}
if (isset($type)) {
$where .= "AND type='" . $type . "' ";
}
if (isset($displayId)) {
$where .= "AND displayId='" . $displayId . "' ";
}
if (isset($faction)) {
$where .= "AND gameobject_template.faction='" . $faction . "' ";
}
if (isset($flags)) {
$where .= "AND flags='" . $flags . "' ";
}
//if ( $where == $base_where )
//redirect("object.php?error=1");
if ($core == 1) {
$query = "SELECT *, Type AS type, DisplayID AS displayId, gameobject_names.Name AS name1" . ($locales_search_option != 0 ? ", gameobject_names_localized.name AS name" : "") . "\r\n FROM gameobject_names " . ($locales_search_option != 0 ? "LEFT JOIN gameobject_names_localized ON gameobject_names.entry=gameobject_names_localized.entry AND language_code='" . $locales_search_option . "') " : " ") . "WHERE " . $where . "\r\n ORDER BY gameobject_names.entry\r\n LIMIT " . $start . ", " . $itemperpage;
$query1 = "SELECT COUNT(*) FROM gameobject_names WHERE " . $where;
} else {
$query = "SELECT *\r\n FROM gameobject_template " . ($locales_search_option != 0 ? "LEFT JOIN locales_gameobject ON gameobject_template.entry=locales_gameobject.entry " : "") . "WHERE " . $where . "\r\n ORDER BY gameobject_template.entry\r\n LIMIT " . $start . ", " . $itemperpage;
$query1 = "SELECT COUNT(*) FROM gameobject_template WHERE " . $where;
}
$result = $sql["world"]->query($query);
$page_total = $sql["world"]->num_rows($result);
$total_result = $sql["world"]->query($query1);
$total_result = $sql["world"]->fetch_assoc($total_result);
$total_found = $total_result["COUNT(*)"];
$output .= '
<table class="top_hidden">
<tr>
<td>';
makebutton(lang("game_object", "new_search"), "object.php", 160);
$output .= '
</td>
<td align="right">' . lang("game_object", "tot_found") . ' : ' . $total_found . '</td>
</tr>
<tr>
<td> </td>
<td align="right">';
$output .= generate_pagination('object.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($name ? '&name=' . $name : '') . ($type ? '&type=' . $type : '') . ($displayid ? '&displayid=' . $displayid : '') . ($faction ? '&faction=' . $faction : '') . ($flags ? '&flags=' . $flags : ''), $total_found, $itemperpage, $start);
$output .= '
</td>
</tr>
</table>
<table class="lined">
<tr>
<th style="width: 10%;">' . lang("game_object", "entry") . '</th>
<th style="width: 40%;">' . lang("game_object", "name") . '</th>
<th style="width: 20%;">' . lang("game_object", "type") . '</th>
<th style="width: 15%;">' . lang("game_object", "displayId") . '</th>';
if ($core != 1) {
$output .= '
<th style="width: 15%;">' . lang("game_object", "faction") . '</th>';
}
$output .= '
<th>' . lang("game_object", "spawncount") . '</th>
</tr>';
for ($i = 1; $i <= $page_total; $i++) {
$go = $sql["world"]->fetch_assoc($result);
// localization
if ($core == 1) {
$go["name"] = $locales_search_option ? $go["name"] : $go["name1"];
} else {
$go["name"] = $locales_search_option ? $go["name_loc" . $locales_search_option] : $go["name"];
}
// individual spawn counts
if ($core == 1) {
$count_query = "SELECT COUNT(*) FROM gameobject_spawns WHERE Entry='" . $go["entry"] . "'";
} else {
$count_query = "SELECT COUNT(*) FROM gameobject WHERE id='" . $go["entry"] . "'";
}
$count_result = $sql["world"]->query($count_query);
$count_result = $sql["world"]->fetch_assoc($count_result);
$spawn_count = $count_result["COUNT(*)"];
$output .= '
<tr>
<td>
<a href="object.php?action=view&entry=' . $go["entry"] . ($name ? '&name=' . $name : '') . ($type ? '&type=' . $type : '') . ($displayid ? '&displayid=' . $displayid : '') . ($faction ? '&faction=' . $faction : '') . ($flags ? '&flags=' . $flags : '') . '&error=3">' . $go["entry"] . '</a>
</td>
<td>
<a href="object.php?action=view&entry=' . $go["entry"] . ($name ? '&name=' . $name : '') . ($type ? '&type=' . $type : '') . ($displayid ? '&displayid=' . $displayid : '') . ($faction ? '&faction=' . $faction : '') . ($flags ? '&flags=' . $flags : '') . '&error=3">' . htmlspecialchars($go["name"], ENT_COMPAT, $site_encoding) . '</a>
</td>
<td>' . get_go_type($go["type"]) . '</td>
<td>' . $go["displayId"] . '</td>';
if ($core != 1) {
$output .= '
<td>' . $go["faction"] . '</td>';
}
$output .= '
<td>' . $spawn_count . '</td>
</tr>';
}
$output .= '
</table>
<table class="top_hidden">
<tr>
<td align="right">';
$output .= generate_pagination('object.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($name ? '&name=' . $name : '') . ($type ? '&type=' . $type : '') . ($displayid ? '&displayid=' . $displayid : '') . ($faction ? '&faction=' . $faction : '') . ($flags ? '&flags=' . $flags : ''), $total_found, $itemperpage, $start);
$output .= '
</td>
</tr>
</table>
<br />';
}
