Public/infopump
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security and functional improvements to results.php

Browse Source
This commit is contained in:
Daniel Messer
2025-10-08 15:40:14 -05:00
parent e83fb53d02
commit e85c7fd578
2 changed files with 602 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

381
archive/results-old.php Normal file
View File

@@ -0,0 +1,381 @@
<?php
include_once "settings.php";
// Get and use a basic title search for pulling records.
$keywordsearch = htmlspecialchars($_GET["kw"]);
$authorsearch = htmlspecialchars($_GET["au"]);
$typesearch = htmlspecialchars($_GET["ty"]);
$subtypesearch = htmlspecialchars($_GET["st"]);
$seriessearch = htmlspecialchars($_GET["se"]);
$subjectsearch = htmlspecialchars($_GET["su"]);
$socialkw = mb_convert_case($keywordsearch, MB_CASE_TITLE, "UTF-8");
$socialau = mb_convert_case($authorsearch, MB_CASE_TITLE, "UTF-8");
$socialty = mb_convert_case($typesearch, MB_CASE_TITLE, "UTF-8");
$socialst = mb_convert_case($subtypesearch, MB_CASE_TITLE, "UTF-8");
$socialse = mb_convert_case($seriessearch, MB_CASE_TITLE, "UTF-8");
$socialsu = mb_convert_case($subjectsearch, MB_CASE_TITLE, "UTF-8");
if (!empty($keywordsearch)) {
$searchtopic = 'Keyword: '.$socialkw;
} elseif (!empty($authorsearch)) {
$searchtopic = 'Author: '.$socialau;
} elseif (!empty($typesearch)) {
$searchtopic = 'Type: '.$socialty;
} elseif (!empty($seriessearch)) {
$searchtopic = 'Series: '.$socialse;
} elseif (!empty($subjectsearch)) {
$searchtopic = 'Subject: '.$socialsu;
} else {
$searchtopic = 'Subtype: '.$socialst;
}
// -------------------- BEGIN DATABASE QUERIES --------------------
// Establish atabase connection
$db = new SQLite3('metadata.sqlite');
$keywordquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_tags_link ON books_tags_link.book = books.id
INNER JOIN
tags ON tags.id = books_tags_link.tag
WHERE books.title LIKE '%$keywordsearch%'
OR books.author_sort LIKE '%$keywordsearch%'
OR comments.text LIKE '%$keywordsearch%'
OR tags.name LIKE '%$keywordsearch%'
ORDER BY books.title ASC");
$authorquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_tags_link ON books_tags_link.book = books.id
WHERE books.author_sort LIKE '%$authorsearch%'
ORDER BY books.title ASC");
$typequery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_custom_column_1_link ON books_custom_column_1_link.book = books.id
INNER JOIN
custom_column_1 ON custom_column_1.id = books_custom_column_1_link.value
WHERE
custom_column_1.value = '$typesearch'
ORDER BY books.title ASC");
$subtypequery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_custom_column_3_link ON books_custom_column_3_link.book = books.id
INNER JOIN
custom_column_3 ON custom_column_3.id = books_custom_column_3_link.value
WHERE
custom_column_3.value = '$subtypesearch'
ORDER BY books.title ASC");
$seriesquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_series_link ON books_series_link.book = books.id
INNER JOIN
series ON series.id = books_series_link.series
WHERE series.name = '$seriessearch'
ORDER BY books.series_index ASC");
$subjectquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_tags_link on books_tags_link.book = books.id
INNER JOIN
tags on tags.id = books_tags_link.tag
WHERE tags.name = '$subjectsearch'
ORDER BY books.title ASC");
$types = $db->query("SELECT
value
FROM custom_column_1
ORDER BY value ASC");
$subtypes = $db->query("SELECT
value
FROM custom_column_3
ORDER BY value ASC");
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Infopump - Search results - <?php echo $searchtopic; ?></title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Free HTML5 Template by FREEHTML5.CO" />
<meta name="keywords" content="free html5, free template, free bootstrap, html5, css3, mobile first, responsive" />
<meta name="author" content="FREEHTML5.CO" />
<!--
//////////////////////////////////////////////////////
FREE HTML5 TEMPLATE
DESIGNED & DEVELOPED by FREEHTML5.CO
Website: http://freehtml5.co/
Email: info@freehtml5.co
Twitter: http://twitter.com/fh5co
Facebook: https://www.facebook.com/fh5co
//////////////////////////////////////////////////////
-->
<!-- Facebook and Twitter integration -->
<meta property="og:title" content=<?php echo '"'.$SiteName.' - Search - '.$searchtopic.'" />';?>
<meta property="og:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?>
<?php
if (!empty($keywordsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?kw='.$socialkw.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?kw='.$socialkw.'" />';
} elseif (!empty($authorsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?au='.$socialau.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?au='.$socialau.'" />';
} elseif (!empty($typesearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialty.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialty.'" />';
} elseif (!empty($seriessearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialse.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialse.'" />';
} elseif (!empty($subjectsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialsu.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialsu.'" />';
} else {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialst.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialst.'" />';
}
?>
<meta property="og:site_name" content=<?php echo '"'.$SiteName.' - Search Results" />';?>
<meta property="og:description" content=<?php echo '"'.$SubName.'" />';?>
<meta name="twitter:title" content=<?php echo '"'.$SiteName.' - Search - '.$searchtopic.'" />';?>
<meta name="twitter:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?>
<meta name="twitter:card" content="summary" />
<!-- Place favicon.ico and apple-touch-icon.png in the root directory -->
<link rel="shortcut icon" href="favicon.ico">
<!-- Google Fonts -->
<link href='http://fonts.googleapis.com/css?family=Playfair+Display:400,700,400italic|Roboto:400,300,700' rel='stylesheet' type='text/css'>
<!-- Animate -->
<link rel="stylesheet" href="css/animate.css">
<!-- Icomoon -->
<link rel="stylesheet" href="css/icomoon.css">
<!-- Bootstrap -->
<link rel="stylesheet" href="css/bootstrap.css">
<link rel="stylesheet" href="css/style.css">
<!-- Modernizr JS -->
<script src="js/modernizr-2.6.2.min.js"></script>
<!-- FOR IE9 below -->
<!--[if lt IE 9]>
<script src="js/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div id="fh5co-offcanvas">
<a href="#" class="fh5co-close-offcanvas js-fh5co-close-offcanvas"><span><i class="icon-cross3"></i> <span>Close</span></span></a>
<div class="fh5co-bio">
<figure>
<a href="index.php"><img src="images/avatar.jpg" alt="Infopump Avatar" class="img-responsive"></a>
</figure>
<h3 class="heading">About the Project</h3>
<a href="index.php"><h2>Infopump</h2></a>
<p>A bibliographic management and display system.</p>
<hr>
<p>A free, open source project from:<br />
<a href="https://rss.com/podcasts/l0wl1f3podcast/">The L0WL1F3 Podcast</a><br />
<a href="https://www.neondystopia.com/">Neon Dystopia</a><br />
<a href="https://cyberpunklibrarian.com">Cyberpunk Librarian</a>
</p>
<ul class="fh5co-social">
<!--<li><a href="#"><i class="icon-twitter"></i></a></li>-->
<!--<li><a href="#"><i class="icon-facebook"></i></a></li>
<li><a href="#"><i class="icon-instagram"></i></a></li>-->
</ul>
</div>
<div class="fh5co-menu">
<div class="fh5co-box">
<h3 class="heading">Recent Additions</h3>
<ul>
<?php
while ($row = $types->fetchArray()) {
$row_value = $row['value'];
$row_titlecase = mb_convert_case($row_value, MB_CASE_TITLE, "UTF-8");
echo '<li><a href="recent.php?ty='.$row_value.'">'.$row_titlecase.'</a></li>';
//echo '<li>'.$row_value.'</li>';
}
?>
</ul>
</div>
<div class="fh5co-box">
<h3 class="heading">Search</h3>
<form action="results.php" method="get">
<div class="form-group">
<input type="text" class="form-control" name="kw" placeholder="Keyword search">
</div>
</form>
</div>
</div>
</div>
<!-- END #fh5co-offcanvas -->
<header id="fh5co-header">
<div class="container-fluid">
<div class="row">
<a href="#" class="js-fh5co-nav-toggle fh5co-nav-toggle"><i></i></a>
<!-- <ul class="fh5co-social">
<li><a href="#"><i class="icon-twitter"></i></a></li>
<li><a href="#"><i class="icon-facebook"></i></a></li>
<li><a href="#"><i class="icon-instagram"></i></a></li>
</ul> -->
<div class="col-lg-12 col-md-12 text-center">
<h1 id="fh5co-logo"><a href="index.php">Search Results<br /><br /><?php echo $searchtopic; ?></a></h1>
</div>
</div>
</div>
</header>
<!-- END #fh5co-header -->
<div class="container-fluid">
<div class="row fh5co-post-entry single-entry">
<article class="col-lg-8 col-lg-offset-2 col-md-8 col-md-offset-2 col-sm-8 col-sm-offset-2 col-xs-12 col-xs-offset-0">
<div class="col-lg-12 col-lg-offset-0 col-md-12 col-md-offset-0 col-sm-12 col-sm-offset-0 col-xs-12 col-xs-offset-0 text-left content-article">
<div class="row rp-b">
<div class="col-md-12 animate-box">
<?php
if ($keywordsearch != '') {
while ($row = $keywordquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($typesearch != '') {
while ($row = $typequery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($authorsearch != '') {
while ($row = $authorquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($seriessearch != '') {
while ($row = $seriesquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($subjectsearch != '') {
while ($row = $subjectquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} else {
while ($row = $subtypequery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
}
?>
</div>
</div>
</div>
</article>
</div>
</div>
<footer id="fh5co-footer">
<p><small>&copy; Creative Commons By-NC-SA<br> Design by <a href="http://freehtml5.co" target="_blank">FREEHTML5.co</a></small></p>
</footer>
<!-- jQuery -->
<script src="js/jquery.min.js"></script>
<!-- jQuery Easing -->
<script src="js/jquery.easing.1.3.js"></script>
<!-- Bootstrap -->
<script src="js/bootstrap.min.js"></script>
<!-- Waypoints -->
<script src="js/jquery.waypoints.min.js"></script>
<!-- Main JS -->
<script src="js/main.js"></script>
</body>
</html>

371
results.php
View File

@@ -2,140 +2,200 @@
include_once "settings.php"; include_once "settings.php";
// Get and use a basic title search for pulling records. // Initialize variables
$keywordsearch = htmlspecialchars($_GET["kw"]); $keywordsearch = '';
$authorsearch = htmlspecialchars($_GET["au"]); $authorsearch = '';
$typesearch = htmlspecialchars($_GET["ty"]); $typesearch = '';
$subtypesearch = htmlspecialchars($_GET["st"]); $subtypesearch = '';
$seriessearch = htmlspecialchars($_GET["se"]); $seriessearch = '';
$subjectsearch = htmlspecialchars($_GET["su"]); $subjectsearch = '';
$searchtopic = '';
$searchtype = '';
$socialkw = mb_convert_case($keywordsearch, MB_CASE_TITLE, "UTF-8"); // Sanitize and validate input
$socialau = mb_convert_case($authorsearch, MB_CASE_TITLE, "UTF-8"); if (!empty($_GET["kw"])) {
$socialty = mb_convert_case($typesearch, MB_CASE_TITLE, "UTF-8"); $keywordsearch = trim($_GET["kw"]);
$socialst = mb_convert_case($subtypesearch, MB_CASE_TITLE, "UTF-8"); $searchtopic = 'Keyword: ' . htmlspecialchars($keywordsearch, ENT_QUOTES, 'UTF-8');
$socialse = mb_convert_case($seriessearch, MB_CASE_TITLE, "UTF-8"); $searchtype = 'keyword';
$socialsu = mb_convert_case($subjectsearch, MB_CASE_TITLE, "UTF-8"); } elseif (!empty($_GET["au"])) {
$authorsearch = trim($_GET["au"]);
$searchtopic = 'Author: ' . htmlspecialchars($authorsearch, ENT_QUOTES, 'UTF-8');
$searchtype = 'author';
} elseif (!empty($_GET["ty"])) {
$typesearch = trim($_GET["ty"]);
$searchtopic = 'Type: ' . htmlspecialchars(mb_convert_case($typesearch, MB_CASE_TITLE, "UTF-8"), ENT_QUOTES, 'UTF-8');
$searchtype = 'type';
} elseif (!empty($_GET["st"])) {
$subtypesearch = trim($_GET["st"]);
$searchtopic = 'Subtype: ' . htmlspecialchars(mb_convert_case($subtypesearch, MB_CASE_TITLE, "UTF-8"), ENT_QUOTES, 'UTF-8');
$searchtype = 'subtype';
} elseif (!empty($_GET["se"])) {
$seriessearch = trim($_GET["se"]);
$searchtopic = 'Series: ' . htmlspecialchars($seriessearch, ENT_QUOTES, 'UTF-8');
$searchtype = 'series';
} elseif (!empty($_GET["su"])) {
$subjectsearch = trim($_GET["su"]);
$searchtopic = 'Subject: ' . htmlspecialchars($subjectsearch, ENT_QUOTES, 'UTF-8');
$searchtype = 'subject';
}
if (!empty($keywordsearch)) { // If no valid search parameter, redirect to index
$searchtopic = 'Keyword: '.$socialkw; if (empty($searchtype)) {
} elseif (!empty($authorsearch)) { header('Location: index.php');
$searchtopic = 'Author: '.$socialau; exit;
} elseif (!empty($typesearch)) {
$searchtopic = 'Type: '.$socialty;
} elseif (!empty($seriessearch)) {
$searchtopic = 'Series: '.$socialse;
} elseif (!empty($subjectsearch)) {
$searchtopic = 'Subject: '.$socialsu;
} else {
$searchtopic = 'Subtype: '.$socialst;
} }
// -------------------- BEGIN DATABASE QUERIES -------------------- // -------------------- BEGIN DATABASE QUERIES --------------------
// Establish atabase connection // Establish database connection
try {
$db = new SQLite3('metadata.sqlite'); $db = new SQLite3('metadata.sqlite');
$db->enableExceptions(true);
} catch (Exception $e) {
error_log("Database connection error: " . $e->getMessage());
die("Database connection failed");
}
$keywordquery = $db->query("SELECT // Prepare the appropriate query based on search type
$results = null;
switch ($searchtype) {
case 'keyword':
$searchPattern = '%' . $keywordsearch . '%';
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id, DISTINCT books.id AS id,
books.title AS title, books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt SUBSTR(comments.text, 0, 120) AS excerpt
FROM books FROM books
INNER JOIN INNER JOIN comments ON comments.book = books.id
comments ON comments.book = books.id INNER JOIN books_tags_link ON books_tags_link.book = books.id
INNER JOIN INNER JOIN tags ON tags.id = books_tags_link.tag
books_tags_link ON books_tags_link.book = books.id WHERE books.title LIKE :search
INNER JOIN OR books.author_sort LIKE :search
tags ON tags.id = books_tags_link.tag OR comments.text LIKE :search
WHERE books.title LIKE '%$keywordsearch%' OR tags.name LIKE :search
OR books.author_sort LIKE '%$keywordsearch%' ORDER BY books.title ASC
OR comments.text LIKE '%$keywordsearch%' LIMIT 100");
OR tags.name LIKE '%$keywordsearch%' $stmt->bindValue(':search', $searchPattern, SQLITE3_TEXT);
ORDER BY books.title ASC"); break;
$authorquery = $db->query("SELECT case 'author':
$searchPattern = '%' . $authorsearch . '%';
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id, DISTINCT books.id AS id,
books.title AS title, books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt SUBSTR(comments.text, 0, 120) AS excerpt
FROM books FROM books
INNER JOIN INNER JOIN comments ON comments.book = books.id
comments ON comments.book = books.id INNER JOIN books_tags_link ON books_tags_link.book = books.id
INNER JOIN WHERE books.author_sort LIKE :search
books_tags_link ON books_tags_link.book = books.id ORDER BY books.title ASC
WHERE books.author_sort LIKE '%$authorsearch%' LIMIT 100");
ORDER BY books.title ASC"); $stmt->bindValue(':search', $searchPattern, SQLITE3_TEXT);
break;
$typequery = $db->query("SELECT case 'type':
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id, DISTINCT books.id AS id,
books.title AS title, books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt SUBSTR(comments.text, 0, 120) AS excerpt
FROM books FROM books
INNER JOIN INNER JOIN comments ON comments.book = books.id
comments ON comments.book = books.id INNER JOIN books_custom_column_1_link ON books_custom_column_1_link.book = books.id
INNER JOIN INNER JOIN custom_column_1 ON custom_column_1.id = books_custom_column_1_link.value
books_custom_column_1_link ON books_custom_column_1_link.book = books.id WHERE custom_column_1.value = :search
INNER JOIN ORDER BY books.title ASC
custom_column_1 ON custom_column_1.id = books_custom_column_1_link.value LIMIT 100");
WHERE $stmt->bindValue(':search', $typesearch, SQLITE3_TEXT);
custom_column_1.value = '$typesearch' break;
ORDER BY books.title ASC");
$subtypequery = $db->query("SELECT case 'subtype':
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id, DISTINCT books.id AS id,
books.title AS title, books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt SUBSTR(comments.text, 0, 120) AS excerpt
FROM books FROM books
INNER JOIN INNER JOIN comments ON comments.book = books.id
comments ON comments.book = books.id INNER JOIN books_custom_column_3_link ON books_custom_column_3_link.book = books.id
INNER JOIN INNER JOIN custom_column_3 ON custom_column_3.id = books_custom_column_3_link.value
books_custom_column_3_link ON books_custom_column_3_link.book = books.id WHERE custom_column_3.value = :search
INNER JOIN ORDER BY books.title ASC
custom_column_3 ON custom_column_3.id = books_custom_column_3_link.value LIMIT 100");
WHERE $stmt->bindValue(':search', $subtypesearch, SQLITE3_TEXT);
custom_column_3.value = '$subtypesearch' break;
ORDER BY books.title ASC");
$seriesquery = $db->query("SELECT case 'series':
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id, DISTINCT books.id AS id,
books.title AS title, books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt SUBSTR(comments.text, 0, 120) AS excerpt
FROM books FROM books
INNER JOIN INNER JOIN comments ON comments.book = books.id
comments ON comments.book = books.id INNER JOIN books_series_link ON books_series_link.book = books.id
INNER JOIN INNER JOIN series ON series.id = books_series_link.series
books_series_link ON books_series_link.book = books.id WHERE series.name = :search
INNER JOIN ORDER BY books.series_index ASC
series ON series.id = books_series_link.series LIMIT 100");
WHERE series.name = '$seriessearch' $stmt->bindValue(':search', $seriessearch, SQLITE3_TEXT);
ORDER BY books.series_index ASC"); break;
$subjectquery = $db->query("SELECT case 'subject':
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id, DISTINCT books.id AS id,
books.title AS title, books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt SUBSTR(comments.text, 0, 120) AS excerpt
FROM books FROM books
INNER JOIN INNER JOIN comments ON comments.book = books.id
comments ON comments.book = books.id INNER JOIN books_tags_link ON books_tags_link.book = books.id
INNER JOIN INNER JOIN tags ON tags.id = books_tags_link.tag
books_tags_link on books_tags_link.book = books.id WHERE tags.name = :search
INNER JOIN ORDER BY books.title ASC
tags on tags.id = books_tags_link.tag LIMIT 100");
WHERE tags.name = '$subjectsearch' $stmt->bindValue(':search', $subjectsearch, SQLITE3_TEXT);
ORDER BY books.title ASC"); break;
}
$types = $db->query("SELECT // Execute query and handle errors
value try {
FROM custom_column_1 $results = $stmt->execute();
ORDER BY value ASC"); } catch (Exception $e) {
error_log("Query execution error: " . $e->getMessage());
$results = null;
}
$subtypes = $db->query("SELECT // Get types for menu
value try {
FROM custom_column_3 $types = $db->query("SELECT value FROM custom_column_1 ORDER BY value ASC");
ORDER BY value ASC"); } catch (Exception $e) {
error_log("Types query error: " . $e->getMessage());
$types = null;
}
// Build social media URLs safely
$socialUrl = '';
switch ($searchtype) {
case 'keyword':
$socialUrl = $SiteURL . '/results.php?kw=' . urlencode($keywordsearch);
break;
case 'author':
$socialUrl = $SiteURL . '/results.php?au=' . urlencode($authorsearch);
break;
case 'type':
$socialUrl = $SiteURL . '/results.php?ty=' . urlencode($typesearch);
break;
case 'subtype':
$socialUrl = $SiteURL . '/results.php?st=' . urlencode($subtypesearch);
break;
case 'series':
$socialUrl = $SiteURL . '/results.php?se=' . urlencode($seriessearch);
break;
case 'subject':
$socialUrl = $SiteURL . '/results.php?su=' . urlencode($subjectsearch);
break;
}
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]--> <!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]--> <!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
@@ -144,9 +204,9 @@ ORDER BY value ASC");
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Infopump - Search results - <?php echo $searchtopic; ?></title> <title>Infopump - Search results - <?php echo htmlspecialchars($searchtopic, ENT_QUOTES, 'UTF-8'); ?></title>
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Free HTML5 Template by FREEHTML5.CO" /> <meta name="description" content="Search results for <?php echo htmlspecialchars($searchtopic, ENT_QUOTES, 'UTF-8'); ?>" />
<meta name="keywords" content="free html5, free template, free bootstrap, html5, css3, mobile first, responsive" /> <meta name="keywords" content="free html5, free template, free bootstrap, html5, css3, mobile first, responsive" />
<meta name="author" content="FREEHTML5.CO" /> <meta name="author" content="FREEHTML5.CO" />
@@ -165,42 +225,14 @@ ORDER BY value ASC");
--> -->
<!-- Facebook and Twitter integration --> <!-- Facebook and Twitter integration -->
<meta property="og:title" content=<?php echo '"'.$SiteName.' - Search - '.$searchtopic.'" />';?> <meta property="og:title" content="<?php echo htmlspecialchars($SiteName . ' - Search - ' . $searchtopic, ENT_QUOTES, 'UTF-8'); ?>" />
<meta property="og:image" content="<?php echo htmlspecialchars($SiteURL, ENT_QUOTES, 'UTF-8'); ?>/images/og-site-avatar.jpg" />
<meta property="og:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?> <meta property="og:url" content="<?php echo htmlspecialchars($socialUrl, ENT_QUOTES, 'UTF-8'); ?>" />
<meta property="og:site_name" content="<?php echo htmlspecialchars($SiteName . ' - Search Results', ENT_QUOTES, 'UTF-8'); ?>" />
<?php <meta property="og:description" content="<?php echo htmlspecialchars($SubName, ENT_QUOTES, 'UTF-8'); ?>" />
if (!empty($keywordsearch)) { <meta name="twitter:title" content="<?php echo htmlspecialchars($SiteName . ' - Search - ' . $searchtopic, ENT_QUOTES, 'UTF-8'); ?>" />
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?kw='.$socialkw.'" />'; <meta name="twitter:image" content="<?php echo htmlspecialchars($SiteURL, ENT_QUOTES, 'UTF-8'); ?>/images/og-site-avatar.jpg" />
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?kw='.$socialkw.'" />'; <meta name="twitter:url" content="<?php echo htmlspecialchars($socialUrl, ENT_QUOTES, 'UTF-8'); ?>" />
} elseif (!empty($authorsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?au='.$socialau.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?au='.$socialau.'" />';
} elseif (!empty($typesearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialty.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialty.'" />';
} elseif (!empty($seriessearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialse.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialse.'" />';
} elseif (!empty($subjectsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialsu.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialsu.'" />';
} else {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialst.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialst.'" />';
}
?>
<meta property="og:site_name" content=<?php echo '"'.$SiteName.' - Search Results" />';?>
<meta property="og:description" content=<?php echo '"'.$SubName.'" />';?>
<meta name="twitter:title" content=<?php echo '"'.$SiteName.' - Search - '.$searchtopic.'" />';?>
<meta name="twitter:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?>
<meta name="twitter:card" content="summary" /> <meta name="twitter:card" content="summary" />
<!-- Place favicon.ico and apple-touch-icon.png in the root directory --> <!-- Place favicon.ico and apple-touch-icon.png in the root directory -->
@@ -213,10 +245,8 @@ ORDER BY value ASC");
<link rel="stylesheet" href="css/icomoon.css"> <link rel="stylesheet" href="css/icomoon.css">
<!-- Bootstrap --> <!-- Bootstrap -->
<link rel="stylesheet" href="css/bootstrap.css"> <link rel="stylesheet" href="css/bootstrap.css">
<link rel="stylesheet" href="css/style.css"> <link rel="stylesheet" href="css/style.css">
<!-- Modernizr JS --> <!-- Modernizr JS -->
<script src="js/modernizr-2.6.2.min.js"></script> <script src="js/modernizr-2.6.2.min.js"></script>
<!-- FOR IE9 below --> <!-- FOR IE9 below -->
@@ -253,12 +283,12 @@ ORDER BY value ASC");
<h3 class="heading">Recent Additions</h3> <h3 class="heading">Recent Additions</h3>
<ul> <ul>
<?php <?php
while ($row = $types->fetchArray()) { if ($types) {
$row_value = $row['value']; while ($row = $types->fetchArray(SQLITE3_ASSOC)) {
$row_titlecase = mb_convert_case($row_value, MB_CASE_TITLE, "UTF-8"); $row_value = htmlspecialchars($row['value'], ENT_QUOTES, 'UTF-8');
echo '<li><a href="recent.php?ty='.$row_value.'">'.$row_titlecase.'</a></li>'; $row_titlecase = htmlspecialchars(mb_convert_case($row['value'], MB_CASE_TITLE, "UTF-8"), ENT_QUOTES, 'UTF-8');
//echo '<li>'.$row_value.'</li>'; echo '<li><a href="recent.php?ty=' . urlencode($row['value']) . '">' . $row_titlecase . '</a></li>';
}
} }
?> ?>
</ul> </ul>
@@ -267,7 +297,7 @@ ORDER BY value ASC");
<h3 class="heading">Search</h3> <h3 class="heading">Search</h3>
<form action="results.php" method="get"> <form action="results.php" method="get">
<div class="form-group"> <div class="form-group">
<input type="text" class="form-control" name="kw" placeholder="Keyword search"> <input type="text" class="form-control" name="kw" placeholder="Keyword search" maxlength="100">
</div> </div>
</form> </form>
</div> </div>
@@ -287,7 +317,7 @@ ORDER BY value ASC");
<li><a href="#"><i class="icon-instagram"></i></a></li> <li><a href="#"><i class="icon-instagram"></i></a></li>
</ul> --> </ul> -->
<div class="col-lg-12 col-md-12 text-center"> <div class="col-lg-12 col-md-12 text-center">
<h1 id="fh5co-logo"><a href="index.php">Search Results<br /><br /><?php echo $searchtopic; ?></a></h1> <h1 id="fh5co-logo"><a href="index.php">Search Results<br /><br /><?php echo htmlspecialchars($searchtopic, ENT_QUOTES, 'UTF-8'); ?></a></h1>
</div> </div>
</div> </div>
@@ -303,54 +333,25 @@ ORDER BY value ASC");
<div class="row rp-b"> <div class="row rp-b">
<div class="col-md-12 animate-box"> <div class="col-md-12 animate-box">
<?php <?php
if ($keywordsearch != '') { if ($results) {
while ($row = $keywordquery->fetchArray()) { $hasResults = false;
$row_id = $row['id']; while ($row = $results->fetchArray(SQLITE3_ASSOC)) {
$row_title = $row['title']; $hasResults = true;
$row_excerpt = $row['excerpt']; $row_id = (int)$row['id'];
$row_title = htmlspecialchars($row['title'], ENT_QUOTES, 'UTF-8');
$row_excerpt = htmlspecialchars(strip_tags($row['excerpt']), ENT_QUOTES, 'UTF-8');
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>'; echo '<p style="padding:25px 0 35px 0;">';
echo '<img style="float:left; max-height: 120px; padding: 10px 10px" src="images/' . $row_id . '.jpg" alt="' . $row_title . '">';
echo '<strong><em><a href="itemrecord.php?itemid=' . $row_id . '">' . $row_title . '</a></em> :</strong> ';
echo $row_excerpt . '...</p>';
} }
} elseif ($typesearch != '') {
while ($row = $typequery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>'; if (!$hasResults) {
} echo '<p>No results found for your search.</p>';
} elseif ($authorsearch != '') {
while ($row = $authorquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($seriessearch != '') {
while ($row = $seriesquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($subjectsearch != '') {
while ($row = $subjectquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
} }
} else { } else {
while ($row = $subtypequery->fetchArray()) { echo '<p>An error occurred while searching. Please try again.</p>';
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} }
?> ?>
</div> </div>
@@ -379,3 +380,7 @@ ORDER BY value ASC");
</body> </body>
</html> </html>
<?php
// Close database connection
$db->close();
?>