// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
$affectedRows = $result ? mysql_affected_rows($connection) : 0;
// get the number of rows that were modified (or return 0 if an error occurred)
if ($affectedRows == 0) {
// we'll file this additional error element here so that the 'errors' session variable isn't empty causing 'duplicate_manager.php' to re-load the form data that were submitted by the user
$errors["ignoredRecords"] = "all";
// return an appropriate error message:
$HeaderString = returnMsg("Nothing was changed by your query!", "warning", "strong", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
// Write back session variables:
saveSessionVariable("errors", $errors);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("formVars", $formVars);
// Relocate back to the 'Flag Duplicates' form (script 'duplicate_manager.php'):
header("Location: " . $referer);
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// Build correct header message:
$HeaderString = returnMsg("The records below have been successfully flagged as original/duplicate records:", "", "", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
// Merge all given record serial numbers:
$allRecordSerialsString = $origRecordSerial . "," . implode(",", $dupRecordSerialsArray);
// (4) Call 'show.php' which will display all affected records along with the header message
// (routing feedback output to a different script page will avoid any reload problems effectively!)
header("Location: show.php?records=" . $allRecordSerialsString);
// --------------------------------------------------------------------
// (5) CLOSE CONNECTION
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
// --------------------------------------------------------------------
function fieldError($fieldName, $errors)
{
if (isset($errors[$fieldName])) {
return returnMsg($errors[$fieldName], "warning2", "strong", "", "", "<br>");
}
// function 'returnMsg()' is defined in 'include.inc.php'
}
// --------------------------------------------------------------------
// START A SESSION:
// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:
start_session(true);
// --------------------------------------------------------------------
// Initialize preferred display language:
// (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)
include 'includes/locales.inc.php';
// include the locales
// --------------------------------------------------------------------
// First of all, check if this script was called by something else than 'record.php' (via 'modify.php'):
// Notes: - although 'receipt.php' gets actually called by 'modify.php', the referrer will be still set to 'record.php'
// - if a user clicks on Login/Logout while viewing a 'receipt.php' page she should get directed back to this receipt page (which is why 'receipt.php' must be also among the recognized referrers)
if (!preg_match("/.*(record|receipt)\\.php.*/", $referer)) {
// return an appropriate error message:
$HeaderString = returnMsg($loc["Warning_InvalidCallToScript"] . " '" . scriptURL() . "'!", "warning", "strong", "HeaderString");
// functions 'returnMsg()' and 'scriptURL()' are defined in 'include.inc.php'
header("Location: " . $referer);
// redirect to calling page
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// [ Extract form variables sent through POST/GET by use of the '$_REQUEST' variable ]
// [ !! NOTE !!: for details see <http://www.php.net/release_4_2_1.php> & <http://www.php.net/manual/en/language.variables.predefined.php> ]
// Extract the type of action requested by the user (either 'add', 'edit', 'delet' or ''):
// ('' will be treated equal to 'add')
$recordAction = $_REQUEST['recordAction'];
if ("{$recordAction}" == "") {
$recordAction = "add";
}
// '' will be treated equal to 'add'
function extractFormElementsQueryResults($displayType, $originalDisplayType, $sqlQuery, $recordSerialsArray)
{
global $tableUsers;
// defined in 'db.inc.php'
$userGroupActionRadio = $_REQUEST['userGroupActionRadio'];
// extract user option whether we're supposed to process an existing group name or any custom/new group name that was specified by the user
// Extract the chosen user group from the request:
// first, we need to check whether the user did choose an existing group name from the popup menu
// -OR- if he/she did enter a custom group name in the text entry field:
if ($userGroupActionRadio == "1") {
if (isset($_REQUEST['userGroupSelector'])) {
$userGroup = $_REQUEST['userGroupSelector'];
} else {
$userGroup = "";
}
} else {
if (isset($_REQUEST['userGroupName'])) {
$userGroup = $_REQUEST['userGroupName'];
} else {
$userGroup = "";
}
}
// extract the specified permission setting:
if (isset($_REQUEST['userPermissionSelector'])) {
$userPermission = $_REQUEST['userPermissionSelector'];
} else {
$userPermission = "";
}
if (!empty($recordSerialsArray)) {
if (preg_match("/^(Add|Remove)\$/", $displayType)) {
modifyUserGroups($tableUsers, $displayType, $recordSerialsArray, "", $userGroup);
// add (remove) selected records to (from) the specified user group (function 'modifyUserGroups()' is defined in 'include.inc.php')
} elseif (preg_match("/^(Allow|Disallow)\$/", $displayType)) {
if ($displayType == "Allow") {
$userPermissionsArray = array("{$userPermission}" => "yes");
} else {
// ($displayType == "Disallow")
$userPermissionsArray = array("{$userPermission}" => "no");
}
// Update the specified user permission for the current user:
$updateSucceeded = updateUserPermissions($recordSerialsArray, $userPermissionsArray);
// function 'updateUserPermissions()' is defined in 'include.inc.php'
if ($updateSucceeded) {
// save an informative message:
$HeaderString = returnMsg("User permission <code>{$userPermission}</code> was updated successfully!", "", "", "HeaderString");
} else {
// return an appropriate error message:
$HeaderString = returnMsg("User permission <code>{$userPermission}</code> could not be updated!", "warning", "strong", "HeaderString");
}
}
}
// re-assign the correct display type if the user clicked the 'Add', 'Remove', 'Allow' or 'Disallow' button of the 'queryResults' form:
$displayType = $originalDisplayType;
// re-apply the current sqlQuery:
$query = preg_replace("/ FROM {$tableUsers}/i", ", user_id FROM {$tableUsers}", $sqlQuery);
// add 'user_id' column (which is required in order to obtain unique checkbox names)
return array($query, $displayType);
}
function extractFormElementsExtract($showLinks, $citeOrder, $userID)
{
global $tableRefs, $tableUserData;
// defined in 'db.inc.php'
global $loc;
// '$loc' is made globally available in 'core.php'
// Extract form elements (that are unique to the 'extract.php' form):
$sourceText = $_REQUEST['sourceText'];
// get the source text that contains the record serial numbers/cite keys
$startDelim = $_REQUEST['startDelim'];
// get the start delimiter that precedes record serial numbers/cite keys
$endDelim = $_REQUEST['endDelim'];
// get the end delimiter that follows record serial numbers/cite keys
$startDelim = preg_quote($startDelim);
// escape any potential meta-characters
$endDelim = preg_quote($endDelim);
// escape any potential meta-characters
// Extract record serial numbers/cite keys from source text:
$sourceText = "_" . $sourceText;
// Note: by adding a character at the beginning of '$sourceText' we circumvent a problem with the regex pattern below which will strip everything up to the 2nd serial number/cite key if '$sourceText' starts with '$startDelim'
$recordSerialsKeysString = preg_replace("/^.*?(?={$startDelim}.+?{$endDelim}|\$)/s", "", $sourceText);
// remove any text preceeding the first serial number/cite key
$recordSerialsKeysString = preg_replace("/{$startDelim}(.+?){$endDelim}.*?(?={$startDelim}.+?{$endDelim}|\$)/s", "\\1_#_�_~_", $recordSerialsKeysString);
// replace any text between serial numbers/cite keys (or between a serial number/cite key and the end of the text) with "_#_�_~_"; additionally, remove the delimiters enclosing the serial numbers/cite keys
// Note: we do a quick'n dirty approach here, by inserting the string "_#_�_~_" as string delimiter between serial numbers/cite keys. Of course, this will only work as long the string "_#_�_~_" doesn't occur within '$sourceText'.
$recordSerialsKeysString = preg_replace("/(_#_�_~_)?\n?\$/s", "", $recordSerialsKeysString);
// remove any trailing chars (like \n or "_#_�_~_") at end of line
$recordSerialsKeysArray = preg_split("/_#_�_~_/", $recordSerialsKeysString, -1, PREG_SPLIT_NO_EMPTY);
// split string containing the serial numbers/cite keys on the string delimiter "_#_�_~_" (the 'PREG_SPLIT_NO_EMPTY' flag causes only non-empty pieces to be returned)
$recordSerialsKeysArray = array_unique($recordSerialsKeysArray);
// remove any duplicate serial numbers/cite keys from the list of extracted record identifiers
$recordSerialsArray = array();
$escapedRecordKeysArray = array();
$foundRecordSerialsKeysArray = array();
$missingRecordSerialsKeysArray = array();
foreach ($recordSerialsKeysArray as $recordSerialKey) {
if (preg_match("/^\\d+\$/", $recordSerialKey)) {
// every identifier which only contains digits is treated as a serial number! (In other words: cite keys must contain at least one non-digit character)
$recordSerialsArray[] = $recordSerialKey;
} elseif (!empty($recordSerialKey)) {
$escapedRecordKey = preg_quote($recordSerialKey);
// escape any potential meta-characters within cite key
$escapedRecordKeysArray[] = $escapedRecordKey;
}
}
$recordSerialsString = implode("|", $recordSerialsArray);
// merge array of serial numbers again into a string, using "|" as delimiter
$escapedRecordKeysString = implode("|", $escapedRecordKeysArray);
// merge array of cite keys again into a string, using "|" as delimiter
// Construct the SQL query:
// TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
// for the selected records, select all fields that are visible in Citation view:
$query = buildSELECTclause("Cite", $showLinks);
// function 'buildSELECTclause()' is defined in 'include.inc.php'
$query .= " FROM {$tableRefs}";
// add FROM clause
if (isset($_SESSION['loginEmail'])) {
// if a user is logged in...
$query .= " LEFT JOIN {$tableUserData} ON serial = record_id AND user_id = " . quote_smart($userID);
}
// add LEFT JOIN part to FROM clause
// add WHERE clause:
$query .= " WHERE";
if (!empty($recordSerialsArray) or empty($recordSerialsArray) and empty($escapedRecordKeysArray) or empty($recordSerialsArray) and !isset($_SESSION['loginEmail'])) {
// the second condition ensures a valid SQL query if no serial numbers or cite keys were found, same for the third condition if a user isn't logged in and '$sourceText' did only contain cite keys
$query .= " serial RLIKE " . quote_smart("^(" . $recordSerialsString . ")\$");
}
// add any serial numbers to WHERE clause
if (!empty($recordSerialsArray) and (!empty($escapedRecordKeysArray) and isset($_SESSION['loginEmail']))) {
$query .= " OR";
}
if (!empty($escapedRecordKeysArray) and isset($_SESSION['loginEmail'])) {
$query .= " cite_key RLIKE " . quote_smart("^(" . $escapedRecordKeysString . ")\$");
}
// add any cite keys to WHERE clause
// add ORDER BY clause:
if ($citeOrder == "year") {
// sort records first by year (descending), then in the usual way:
$query .= " ORDER BY year DESC, first_author, author_count, author, title";
} elseif ($citeOrder == "type") {
// sort records first by record type (and thesis type), then in the usual way:
$query .= " ORDER BY type DESC, thesis DESC, first_author, author_count, author, year, title";
} elseif ($citeOrder == "type-year") {
// sort records first by record type (and thesis type), then by year (descending), then in the usual way:
$query .= " ORDER BY type DESC, thesis DESC, year DESC, first_author, author_count, author, title";
} elseif ($citeOrder == "creation-date") {
// sort records such that newly added/edited records get listed top of the list:
$query .= " ORDER BY created_date DESC, created_time DESC, modified_date DESC, modified_time DESC, serial DESC";
} else {
// if any other or no '$citeOrder' parameter is specified, we supply the default ORDER BY pattern (which is suitable for citation in a journal etc.):
$query .= " ORDER BY first_author, author_count, author, year, title";
}
// Check whether the extracted serial numbers and cite keys exist in the database:
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
if (@mysql_num_rows($result) > 0) {
// Loop over each row in the result set:
for ($rowCounter = 0; $row = @mysql_fetch_array($result); $rowCounter++) {
if (!in_array($row["serial"], $foundRecordSerialsKeysArray) or !empty($row["cite_key"]) and !in_array($row["cite_key"], $foundRecordSerialsKeysArray)) {
// add this record's serial number and cite key to the array of found record serials and cite keys:
$foundRecordSerialsKeysArray[] = $row["serial"];
if (!empty($row["cite_key"])) {
$foundRecordSerialsKeysArray[] = $row["cite_key"];
}
}
}
}
$missingRecordSerialsKeysArray = array_diff($recordSerialsKeysArray, $foundRecordSerialsKeysArray);
// get all unique array elements of '$recordSerialsKeysArray' which are not in '$foundRecordSerialsKeysArray'
sort($missingRecordSerialsKeysArray);
if (!empty($escapedRecordKeysArray) and !isset($_SESSION['loginEmail'])) {
// a user can only use cite keys as record identifiers when he's logged in
$messageSuffix = "<br>" . $loc["Warning_LoginToUseCiteKeysAsIdentifiers"] . "!";
} else {
$messageSuffix = "";
}
if (!empty($missingRecordSerialsKeysArray) or !empty($escapedRecordKeysArray) and !isset($_SESSION['loginEmail'])) {
// if some record identifiers could not be found in the database -OR- if a user tries to use cite keys while not being logged in
// return an appropriate error message:
$HeaderString = returnMsg("Following record identifiers could not be found: " . implode(", ", $missingRecordSerialsKeysArray), "warning", "strong", "HeaderString", "", $messageSuffix);
}
// function 'returnMsg()' is defined in 'include.inc.php'
return $query;
}
} else {
$emailSubject = "New records added to the " . $officialDatabaseName;
$emailBodyIntro = $importedRecordsCount . " records have been added to the " . $officialDatabaseName . ":";
$detailsURL = $databaseBaseURL . "show.php?records=" . $recordSerialsQueryString;
}
$emailBody = $emailBodyIntro . "\n\n added by: " . $loginFirstName . " " . $loginLastName . "\n details: " . $detailsURL . "\n";
sendEmail($emailRecipient, $emailSubject, $emailBody);
// function 'sendEmail()' is defined in 'include.inc.php'
}
if ($importedRecordsCount == 1) {
$headerMessage = $importedRecordsCount . " " . $loc["RecordSuccessfullyImported"] . ":";
} else {
// $importedRecordsCount > 1
$headerMessage = $importedRecordsCount . " " . $loc["RecordsSuccessfullyImported"] . ":";
}
// DISPLAY all newly added records:
header("Location: show.php?records=" . $recordSerialsQueryString . "&headerMsg=" . rawurlencode($headerMessage));
} else {
// we'll file again this additional error element here so that the 'errors' session variable isn't empty causing 'import_csa.php' to re-load the form data that were submitted by the user
$errors["badRecords"] = "all";
// return an appropriate error message:
$HeaderString = returnMsg($loc["NoRecordsImported"] . "!", "warning", "strong", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
// Write back session variables:
saveSessionVariable("errors", $errors);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("formVars", $formVars);
header("Location: " . $referer);
// redirect to the calling page (normally, 'import_csa.php')
}
// --------------------------------------------------------------------
if (!empty($userID)) {
// the 'userID' parameter was specified -> we include user specific fields
$query .= " FROM {$tableRefs} LEFT JOIN {$tableUserData} ON serial = record_id AND user_id = " . quote_smart($userID);
} else {
$query .= " FROM {$tableRefs}";
}
// add FROM clause
// Build WHERE clause:
$query .= " WHERE";
$multipleParameters = false;
// serial/record:
if (!empty($serial)) {
// first, check if the user is allowed to display any record details:
if (preg_match("/^Display\$/i", $displayType) and isset($_SESSION['user_permissions']) and !preg_match("/allow_details_view/", $_SESSION['user_permissions'])) {
// return an appropriate error message:
$HeaderString = returnMsg($loc["NoPermission"] . $loc["NoPermission_ForDisplayDetails"] . "!", "warning", "strong", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
if (!preg_match("/^cli/i", $client)) {
header("Location: show.php");
}
// redirect back to 'show.php'
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
$query .= connectConditionals();
if ($recordConditionalSelector == "is equal to") {
$query .= " serial = " . quote_smart($serial);
} elseif ($recordConditionalSelector == "is within list") {
// replace any non-digit chars with "|":
$serial = preg_replace("/\\D+/", "|", $serial);
// strip "|" from beginning/end of string (if any):
// w.r.t. to '$_SERVER['HTTP_REFERER']' vs '$referer' see NOTE above
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
} elseif ($queryAction == "add") {
// Get the query id that was created:
$queryID = @mysql_insert_id($connection);
}
// find out the unique ID number of the newly created query (Note: this function should be called immediately after the
// SQL INSERT statement! After any subsequent query it won't be possible to retrieve the auto_increment identifier value for THIS record!)
// update the 'userQueries' session variable:
getUserQueries($loginUserID);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Build correct header message:
if ($queryAction == "add") {
$HeaderString = $loc["SavedQueryAdded"];
} elseif ($queryAction == "edit") {
$HeaderString = $loc["SavedQueryEdited"];
} elseif ($queryAction == "delet") {
$HeaderString = $loc["SavedQueryDeleted"];
}
$HeaderString = returnMsg($HeaderString, "", "", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
// (4) Call 'index.php' which will display the header message
// (routing feedback output to a different script page will avoid any reload problems effectively!)
header("Location: index.php");
// --------------------------------------------------------------------
// (5) CLOSE CONNECTION
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
// --------------------------------------------------------------------
// Get the query URL of the formerly displayed results page:
if (isset($_SESSION['oldQuery'])) {
$oldQuery = $_SESSION['oldQuery'];
} else {
$oldQuery = array();
}
// Get any saved links to previous search results:
if (isset($_SESSION['queryHistory'])) {
$queryHistory = $_SESSION['queryHistory'];
} else {
$queryHistory = array();
}
// Check if there's any query history available:
if (empty($queryHistory)) {
// return an appropriate error message:
$HeaderString = returnMsg("No query history available!", "warning", "strong", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
header("Location: " . $referer);
// variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php'
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// --------------------------------------------------------------------
// (4) DISPLAY HEADER & RESULTS
// (NOTE: Since there's no need to query the database here, we won't perform any of the following: (1) OPEN CONNECTION, (2) SELECT DATABASE, (3) RUN QUERY, (5) CLOSE CONNECTION)
// Show the login status:
showLogin();
// (function 'showLogin()' is defined in 'include.inc.php')
// (4a) DISPLAY header:
// Call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
if ($wrapResults != "0") {
$rowOffset = $_REQUEST['startRecord'] - 1;
} else {
$rowOffset = "";
}
// if no value to the 'startRecord' parameter is given, we'll output records starting with the first record in the result set
if (isset($_REQUEST['recordSchema'])) {
// contains the desired response format; currently, 'rss.php' will only recognize 'rss' (outputs RSS 2.0), future versions may also allow for 'atom'
$recordSchema = $_REQUEST['recordSchema'];
} else {
$recordSchema = "rss";
}
// if no particular response format was requested we'll output found results as RSS 2.0
// Check the correct parameters have been passed:
if (empty($queryWhereClause)) {
// return an appropriate error message:
$HeaderString = returnMsg($loc["Warning_IncorrectOrMissingParams"] . " '" . scriptURL() . "'!", "warning", "strong", "HeaderString");
// functions 'returnMsg()' and 'scriptURL()' are defined in 'include.inc.php'
// Redirect the browser back to the calling page:
header("Location: " . $referer);
// variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php'
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
} else {
$sanitizedWhereClause = extractWHEREclause(" WHERE " . $queryWhereClause);
// attempt to sanitize custom WHERE clause from SQL injection attacks (function 'extractWHEREclause()' is defined in 'include.inc.php')
}
// --------------------------------------------------------------------
// If we made it here, then the script was called with all required parameters (which, currently, is just the 'where' parameter :)
// CONSTRUCT SQL QUERY:
// Note: the 'verifySQLQuery()' function that gets called below will add the user specific fields to the 'SELECT' clause and the
// 'LEFT JOIN...' part to the 'FROM' clause of the SQL query if a user is logged in. It will also add 'orig_record', 'serial', 'file', 'url', 'doi', 'isbn' & 'type' columns
function stripFieldFromSQLQuery($sqlQuery, $field, $issueWarning = true)
{
// note that, upon multiple warnings, only the last warning message will be displayed
// if the given '$field' is part of the SELECT or ORDER BY statement...
if (preg_match("/(SELECT |ORDER BY |, *)" . $field . "/i", $sqlQuery)) {
// if the 'SELECT' clause contains '$field':
if ($issueWarning and preg_match("/SELECT(.(?!FROM))+?" . $field . "/i", $sqlQuery)) {
// return an appropriate error message:
// note: we don't write out any error message if the given '$field' does only occur within the 'ORDER' clause (but not within the 'SELECT' clause)
$HeaderString = returnMsg("Display of '" . $field . "' field was omitted!", "warning", "strong", "HeaderString");
}
$sqlQuery = preg_replace("/(SELECT|ORDER BY) " . $field . "( DESC)?/i", "\\1 ", $sqlQuery);
// ...delete '$field' from beginning of 'SELECT' or 'ORDER BY' clause
$sqlQuery = preg_replace("/, *" . $field . "( DESC)?/i", "", $sqlQuery);
// ...delete any other occurrences of '$field' from 'SELECT' or 'ORDER BY' clause
$sqlQuery = preg_replace("/(SELECT|ORDER BY) *, */i", "\\1 ", $sqlQuery);
// ...remove any field delimiters that directly follow the 'SELECT' or 'ORDER BY' terms
$sqlQuery = preg_replace("/SELECT *(?=FROM)/i", buildSELECTclause("", "", "", false, false) . " ", $sqlQuery);
// ...supply generic 'SELECT' clause if it did ONLY contain the given '$field'
$sqlQuery = preg_replace("/ORDER BY *(?=LIMIT|GROUP BY|HAVING|PROCEDURE|FOR UPDATE|LOCK IN|\$)/i", "ORDER BY author, year DESC, publication", $sqlQuery);
// ...supply generic 'ORDER BY' clause if it did ONLY contain the given '$field'
}
// if the given '$field' is part of the WHERE clause...
if (preg_match("/WHERE.+" . $field . "/i", $sqlQuery)) {
// Note: in the patterns below we'll attempt to account for parentheses but this won't catch all cases!
$sqlQuery = preg_replace("/WHERE( *\\( *?)* *" . $field . ".+?(?= (AND|OR)\\b| ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|\$)/i", "WHERE\\1", $sqlQuery);
// ...delete '$field' from 'WHERE' clause
$sqlQuery = preg_replace("/( *\\( *?)*( *(AND|OR)\\b)? *" . $field . ".+?(?=( *\\) *?)* +((AND|OR)\\b|ORDER BY|LIMIT|GROUP BY|HAVING|PROCEDURE|FOR UPDATE|LOCK IN|\$))/i", "\\1", $sqlQuery);
// ...delete '$field' from 'WHERE' clause
$sqlQuery = preg_replace("/WHERE( *\\( *?)* *(AND|OR)\\b/i", "WHERE\\1", $sqlQuery);
// ...delete any superfluous 'AND' that wasn't removed properly by the two regex patterns above
$sqlQuery = preg_replace("/WHERE( *\\( *?)*(?= ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|\$)/i", "WHERE serial RLIKE \".+\"", $sqlQuery);
// ...supply generic 'WHERE' clause if it did ONLY contain the given '$field'
if ($issueWarning) {
// return an appropriate error message:
$HeaderString = returnMsg("Querying of '" . $field . "' field was omitted!", "warning", "strong", "HeaderString");
}
}
return $sqlQuery;
}
$formVars = array();
}
// initialize variable (in order to prevent 'Undefined index/variable...' messages)
// The current values of the session variables 'errors' and 'formVars' get stored in '$errors' or '$formVars', respectively. (either automatically if
// register globals is ON, or explicitly if register globals is OFF [by uncommenting the code above]).
// We need to clear these session variables here, since they would otherwise be still there on a subsequent call of 'duplicate_manager.php'!
// Note: though we clear the session variables, the current error message (or form variables) is still available to this script via '$errors' (or '$formVars', respectively).
deleteSessionVariable("errors");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
deleteSessionVariable("formVars");
// --------------------------------------------------------------------
// TODO: enable checking for 'allow_flag_duplicates' permission
// CAUTION: Since there's not a 'allow_flag_duplicates' permission setting (yet), we currently just check whether a user is logged in!
if (!isset($_SESSION['loginEmail'])) {
// return an appropriate error message:
$HeaderString = returnMsg($loc["NoPermission"] . $loc["NoPermission_ForFlagDups"] . "!", "warning", "strong", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
// save the URL of the currently displayed page:
$referer = $_SERVER['HTTP_REFERER'];
// Write back session variables:
saveSessionVariable("referer", $referer);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
header("Location: index.php");
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// --------------------------------------------------------------------
// Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''):
// ('' will produce the default 'Web' output style)
if (isset($_REQUEST['viewType'])) {
$viewType = $_REQUEST['viewType'];
