forked from enwikipedia-acc/waca
/
search.php
149 lines (124 loc) · 4.84 KB
/
search.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
<?php
/**************************************************************************
********** English Wikipedia Account Request Interface **********
***************************************************************************
** Wikipedia Account Request Graphic Design by Charles Melbye, **
** which is licensed under a Creative Commons **
** Attribution-Noncommercial-Share Alike 3.0 United States License. **
** **
** All other code are released under the Public Domain **
** by the ACC Development Team. **
** **
** See CREDITS for the list of developers. **
***************************************************************************/
global $session;
// load the configuration
require_once 'config.inc.php';
// Initialize the session data.
session_start();
// Get all the classes.
require_once 'functions.php';
require_once 'includes/PdoDatabase.php';
require_once 'includes/SmartyInit.php';
// Check to see if the database is unavailable.
// Uses the false variable as its the internal interface.
if (Offline::isOffline()) {
echo Offline::getOfflineMessage(false);
die();
}
if (isset($_SESSION['user'])) {
$sessionuser = $_SESSION['user'];
}
else {
$sessionuser = "";
}
BootstrapSkin::displayInternalHeader();
// protect against logged out users
if (User::getCurrent()->isCommunityUser()) {
showlogin();
BootstrapSkin::displayInternalFooter();
die();
}
///////////////// Page code
$smarty->display("search/header.tpl");
BootstrapSkin::pushTagStack("</div>"); // span12
BootstrapSkin::pushTagStack("</div>"); // row
if (isset($_GET['term']) && isset($_GET['type'])) {
$term = $_GET['term'];
if ($term == "" || $term == "%") {
BootstrapSkin::displayAlertBox("No search term entered.", "alert-error", "", false);
$smarty->display("search/searchform.tpl");
BootstrapSkin::displayInternalFooter();
die();
}
if ($_GET['type'] == "email") {
if ($term == "@") {
BootstrapSkin::displayAlertBox("The search term '@' is not valid for email address searches!");
$smarty->display("search/searchform.tpl");
BootstrapSkin::displayInternalFooter();
die();
}
$qterm = '%' . $term . '%';
$statement = gGetDb()->prepare("SELECT * FROM request WHERE email LIKE :term;");
$statement->bindValue(":term", $qterm);
$statement->execute();
$requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request");
foreach ($requests as $r) {
$r->setDatabase(gGetDb());
}
$smarty->assign("term", $term);
$smarty->assign("requests", $requests);
$target = "email address";
$smarty->assign("target", $target);
$smarty->display("search/searchresult.tpl");
}
elseif ($_GET['type'] == 'IP') {
// move this to here, so non-admins can perform searches, but not on IP addresses or emails
if (!User::getCurrent()->isAdmin() && !User::getCurrent()->isCheckuser()) {
// Displays both the error message and the footer of the interface.
BootstrapSkin::displayAlertBox("IP address search is only available to tool admins and checkusers.", "alert-error", "Access Denied");
$smarty->display("search/searchform.tpl");
BootstrapSkin::displayInternalFooter();
die();
}
$qterm = '%' . $term . '%';
$statement = gGetDb()->prepare("SELECT * FROM request WHERE email <> 'acc@toolserver.org' and ip <> '127.0.0.1' and ip LIKE :term or forwardedip LIKE :term2;");
$statement->bindValue(":term", $qterm);
$statement->bindValue(":term2", $qterm);
$statement->execute();
$requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request");
foreach ($requests as $r) {
$r->setDatabase(gGetDb());
}
$smarty->assign("term", $term);
$smarty->assign("requests", $requests);
$target = "IP address";
$smarty->assign("target", $target);
$smarty->display("search/searchresult.tpl");
}
elseif ($_GET['type'] == 'Request') {
$qterm = '%' . $term . '%';
$statement = gGetDb()->prepare("SELECT * FROM request WHERE name LIKE :term;");
$statement->bindValue(":term", $qterm);
$statement->execute();
$requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request");
foreach ($requests as $r) {
$r->setDatabase(gGetDb());
}
$smarty->assign("term", $term);
$smarty->assign("requests", $requests);
$target = "requested name";
$smarty->assign("target", $target);
$smarty->display("search/searchresult.tpl");
}
else {
BootstrapSkin::displayAlertBox("Unknown search type", "alert-error", "Error");
$smarty->display("search/searchform.tpl");
BootstrapSkin::displayInternalFooter();
die();
}
}
else {
$smarty->display("search/searchform.tpl");
}
BootstrapSkin::displayInternalFooter();