0ct0pu5/wiby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add files via upload

Browse source
This commit is contained in:
wibyweb 2023-03-08 21:16:03 -05:00 committed by GitHub
parent 49949739bb
commit c0c8541b47
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 355 additions and 196 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

551
html/json/index.php
View file

@ -1,13 +1,13 @@
<?php
session_start();
if (htmlspecialchars($_COOKIE['ws']) == "0")
if (isset($_COOKIE['ws']) && htmlspecialchars($_COOKIE['ws']) == "0")
{
$worksafe = false;
}else{
$worksafe = true;
}
if (htmlspecialchars($_COOKIE['hs']) == "1")
if (isset($_COOKIE['hs']) && htmlspecialchars($_COOKIE['hs']) == "1")
{
$filterHTTPS = true;
}else{
@ -15,15 +15,11 @@ if (htmlspecialchars($_COOKIE['hs']) == "1")
}
if (!isset($_REQUEST['q']))
{
include 'form.html.php';
}
else
else
{
$link = mysqli_connect('localhost', 'guest', 'qwer');
@ -40,6 +36,7 @@ else
$worksafe = false;
}
$page=0;
if (!isset($_REQUEST['p']))
{
$offset=0;
@ -47,12 +44,20 @@ else
else
{
$page = mysqli_real_escape_string($link, $_GET['p']);
if($page > 0)
$offset = $page;
if($offset > 0)
{
$page--;
$offset--;
}
$offset = $page * $lim;
$offset = $offset * $lim;
}
//check if doing a more general search
$general=false;
if (isset($_REQUEST['g']))
{
$general=true;
}
if (!$link)
{
@ -95,6 +100,10 @@ else
if(strlen($query) < 3 || $query == "cia" || $query == "CIA"){
$query = " ".$query." *";
}
if($query == "c++" || $query == "C++"){//shitty but works
$query = "c++ programming";
}
$queryNoQuotes = $query;
//Are there quotes in the query?
@ -102,7 +111,6 @@ else
if(strpos($queryNoQuotes,'"') !== false)
{
$exactMatch = true;
$queryNoQuotes = $query;
}
//alright then lets remove the quotes
@ -116,7 +124,8 @@ else
//first remove any flags inside queryNoQuotes, also grab any required words (+ prefix)
$queryNoQuotesOrFlags = '';
$requiredword = '';
$requiredword = '';
$flags = '';
if(strpos($queryNoQuotes,'+') !== false || strpos($queryNoQuotes,'-') !== false){
$words = explode(' ', $queryNoQuotes);
$i = 0;
@ -129,6 +138,9 @@ else
}
if ($word[0] == '+' && strlen($word) > 1){
$requiredword = substr($word,1);
}
if ($word[0] == '-' && $word[0] == '+'){
$flags .= " $word";
}
$i++;
}
@ -140,6 +152,7 @@ else
}
$queryNoQuotes_SQLsafe = mysqli_real_escape_string($link, $queryNoQuotes);
$flags = mysqli_real_escape_string($link, $flags);
if($exactMatch == false)
{
@ -159,220 +172,366 @@ else
}
}
//Check if query contains a hyphenated word. MySQL is finicky about them. We will wrap quotes around hyphenated words that aren't part of a string which is already wraped in quotes.
if((strpos($queryNoQuotes,'-') !== false || strpos($queryNoQuotes,'+') !== false) && $urlDetected == false){
if($query == "c++" || $query == "C++"){//shitty but works
$query = "c++ programming";
}
$hyphenwords = explode(' ',$query);
$query = '';
$quotes = 0;
$i = 0;
foreach ($hyphenwords as $word) {
if(strpos($queryNoQuotes,'"') !== false){
$quotes++;
}
if(((strpos($queryNoQuotes,'-') !== false && $word[0] != '-') || (strpos($queryNoQuotes,'+') !== false && $word[0] != '+')) && $quotes%2 == 0){//if hyphen exists, not a flag, not wrapped in quotes already
$word = '"' . $word . '"';
}
if($i > 0){
$query .= ' ';
}
$query .= $word;
$i++;
}
}
$additions = '';
if($filterHTTPS == true){
$additions = $additions."AND http = '1' ";
}
if($worksafe == true){
$additions = $additions."AND worksafe = '1' ";
}
//perform full text search FOR InnoDB or MyISAM STORAGE ENGINE
$outputFTS = mysqli_query($link, "SELECT id, url, title, description, body FROM windex WHERE Match(tags, body, description, title, url) Against('$query' IN BOOLEAN MODE) AND enable = '1' $additions ORDER BY CASE WHEN LOCATE('$queryNoQuotes_SQLsafe', tags)>0 THEN 30 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 AND Match(title) AGAINST('$query' IN BOOLEAN MODE) THEN 20 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 THEN 16 WHEN LOCATE('$queryNoQuotes_SQLsafe', body)>0 THEN 15 WHEN Match(title) AGAINST('$query' IN BOOLEAN MODE) THEN Match(title) AGAINST('$query' IN BOOLEAN MODE) END DESC, id DESC LIMIT $lim OFFSET $offset");
/*if(!$outputFTS)//dont error out yet, will give another try below
{
$error = 'Error ' . mysqli_error($link);
include 'error.html.php';
exit();
}*/
if($urlDetected == 1)
{
$query = $queryOriginal;
}
//perform full text search with * appended
if(mysqli_num_rows($outputFTS) == 0 && $offset == 0 && $urlDetected == 0 && $exactMatch == false)
{
$starappend = 1;
$querystar = $query;
//innodb will get fussy over some things if put in like '''' or ****, uncomment below lines if using innoDB
$querystar = str_replace('*', "",$querystar);
$querystar = str_replace('"', "",$querystar);
$querystar = str_replace('"', "",$querystar);
$querystar = str_replace('\'', "",$querystar);
//-----------------------------------------------
$querystar = $querystar . '*';
$count = 0;
if(!$general){
$queryWithQuotesAndFlags = '"'. $queryNoQuotes_SQLsafe.'"'.$flags.'';
//perform full text search FOR InnoDB or MyISAM STORAGE ENGINE
$outputFTS = mysqli_query($link, "SELECT id, url, title, description, body FROM windex WHERE Match(tags, body, description, title, url) Against('$querystar' IN BOOLEAN MODE) AND enable = '1' $additions ORDER BY CASE WHEN LOCATE('$queryNoQuotes_SQLsafe', tags)>0 THEN 30 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 AND Match(title) AGAINST('$querystar' IN BOOLEAN MODE) THEN 20 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 THEN 16 WHEN LOCATE('$queryNoQuotes_SQLsafe', body)>0 THEN 15 WHEN Match(title) AGAINST('$querystar' IN BOOLEAN MODE) THEN Match(title) AGAINST('$querystar' IN BOOLEAN MODE) END DESC, id DESC LIMIT $lim OFFSET $offset");
$outputFTS = mysqli_query($link, "SELECT id, url, title, description, body FROM windex WHERE Match(tags, body, description, title, url) Against('$queryWithQuotesAndFlags' IN BOOLEAN MODE) AND enable = '1' $additions ORDER BY CASE WHEN LOCATE('$queryNoQuotes_SQLsafe', tags)>0 THEN 30 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 AND Match(title) AGAINST('$queryWithQuotesAndFlags' IN BOOLEAN MODE) THEN 20 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 THEN 16 WHEN Match(title) AGAINST('$queryWithQuotesAndFlags' IN BOOLEAN MODE) THEN Match(title) AGAINST('$queryWithQuotesAndFlags' IN BOOLEAN MODE) END DESC, id DESC LIMIT $lim OFFSET $offset");
if(!$outputFTS)
/*if(!$outputFTS)//dont error out yet, will give another try below
{
$error = 'Error ' . mysqli_error($link);
include 'error.html.php';
exit();
}
}
$count = 0;
//it was made safe for sql, now put it back to the way it was and use htmlspecialchars on results page
$query = $_GET['q'];
//this will get set if position of longest word of query is found within body
$pos = -1;
//lets put contents of the full text search into the array
while($row = mysqli_fetch_array($outputFTS))
{
//put the contents of the URL column within the DB into an array
$id[] = $row[0];
$url[] = $row[1];
$title[] = JSONRealEscapeString(substr($row[2],0,150));
$description[] = JSONRealEscapeString(substr($row[3],0,180));
$body = JSONRealEscapeString($row[4]);
$count++;
$lastID = $row[0];
if($exactMatch == false)
{
//remove the '*' at the end of the longest word if present
if(strpos($longestWord,'*') == true)
{
$longestWord = str_replace('*', "",$longestWord);
}
//first find an exact
if(strlen($requiredword) > 0){
$pos = stripos($body, $requiredword);
}else{
$pos = stripos($body, $queryNoQuotes);
}
//search within body for position of longest query word. If not found, try another word
if($pos == false){
$pos = stripos($body, $longestWord);
if($pos == false && $wordcount > 1)
{
if($longestwordelementnum > 0)
{
if(strpos($words[0],'*') == true)//remove the '*' at the end of the query if present
$words[0] = str_replace('*', "",$words[0]);
$pos = stripos($body, $words[0]);
}
else if($longestwordelementnum == 0)
{
if(strpos($words[1],'*') == true)//remove the '*' at the end of the query if present
$words[1] = str_replace('*', "",$words[1]);
$pos = stripos($body, $words[1]);
}
}
}
}
else
{
$pos = stripos($body, $queryNoQuotes);
}
//still not found?, set position to 0
if($pos == false){
$pos = 0;
}
//get all positions of all keywords in body
/* $lastPos = 0;
$positions = array();
foreach($words as $word)
{
while (($lastPos = mb_strpos($body, $word, $lastPos))!== false) {
$positions[$word][] = $lastPos;
$lastPos = $lastPos + strlen($word);
}
}*/
//figure out how much preceding text to use
if($pos < 32)
$starttext = 0;
else if($pos > 25)
$starttext = $pos - 25;
else if($pos > 20)
$starttext = $pos - 15;
//else $starttext = 0;
//total length of the ballpark
$textlength = 180;
//populate the ballpark
if($pos >= 0)
if($urlDetected == 1)
{
$ballparktext = substr($body,$starttext,$textlength);
$query = $queryOriginal;
}
else $ballpark = '0';
//this will get set if position of longest word of query is found within body
$pos = -1;
//lets put contents of the full text search into the array
while($row = mysqli_fetch_array($outputFTS))
{
//put the contents of the URL column within the DB into an array
$id[] = $row[0];
$url[] = $row[1];
$title[] = substr($row[2],0,150);
$description[] = substr($row[3],0,180);
$body = $row[4];
$count++;
$lastID = $row[0];
if($exactMatch == false)
{
//remove the '*' at the end of the longest word if present
if(strpos($longestWord,'*') == true)
{
$longestWord = str_replace('*', "",$longestWord);
}
//first find an exact
if(strlen($requiredword) > 0){
$pos = stripos($body, $requiredword);
}else{
$pos = stripos($body, $queryNoQuotes);
}
//find position of nearest Period
$foundPeriod = true;
$posPeriod = stripos($ballparktext, '. ') + $starttext +1;
//search within body for position of longest query word. If not found, try another word
if($pos == false){
$pos = stripos($body, $longestWord);
if($pos == false && $wordcount > 1)
{
if($longestwordelementnum > 0)
{
if(strpos($words[0],'*') == true)//remove the '*' at the end of the query if present
$words[0] = str_replace('*', "",$words[0]);
$pos = stripos($body, $words[0]);
}
else if($longestwordelementnum == 0)
{
if(strpos($words[1],'*') == true)//remove the '*' at the end of the query if present
$words[1] = str_replace('*', "",$words[1]);
$pos = stripos($body, $words[1]);
}
}
}
}
else
{
$pos = stripos($body, $queryNoQuotes);
}
//still not found?, set position to 0
if($pos == false){
$pos = 0;
}
//find position of nearest Space
$foundSpace = true;
$posSpace = stripos($ballparktext, ' ') + $starttext;
//get all positions of all keywords in body
/* $lastPos = 0;
$positions = array();
foreach($words as $word)
{
while (($lastPos = mb_strpos($body, $word, $lastPos))!== false) {
$positions[$word][] = $lastPos;
$lastPos = $lastPos + strlen($word);
}
}*/
//figure out how much preceding text to use
if($pos < 32)
$starttext = 0;
else if($pos > 25)
$starttext = $pos - 25;
else if($pos > 20)
$starttext = $pos - 15;
//else $starttext = 0;
//total length of the ballpark
$textlength = 180;
//populate the ballpark
if($pos >= 0)
{
$ballparktext = substr($body,$starttext,$textlength);
}
else $ballpark = '0';
//find position of nearest Period
$foundPeriod = true;
$posPeriod = stripos($ballparktext, '. ') + $starttext +1;
//find position of nearest Space
$foundSpace = true;
$posSpace = stripos($ballparktext, ' ') + $starttext;
//if longest word in query is after a period+space within ballpark, reset $starttext to that point
if($pos-$starttext > $posPeriod)
{
$starttext = $posPeriod;
//populate the bodymatch
if($pos-$starttext >= 0)
{
$bodymatch[] = substr($body,$starttext,$textlength);
}
else $bodymatch[] = '';
}
//else if($pos-starttext > $posSpace)//else if longest word in query is after a space within ballpark, reset $starttext to that point
else if($pos > $posSpace)//else if longest word in query is after a space within ballpark, reset $starttext to that point
{
$starttext = $posSpace;
//populate the bodymatch
if($pos-$starttext >= 0)
{
$bodymatch[] = substr($body,$starttext,$textlength);
}
else $bodymatch[] = '';
}
else //else just set the bodymatch to the ballparktext
{
//populate the bodymatch
if($pos-$starttext >= 0)
{
$bodymatch[] = $ballparktext;
}
else $bodymatch[] = '';
}
//if longest word in query is after a period+space within ballpark, reset $starttext to that point
if($pos-$starttext > $posPeriod)
{
$starttext = $posPeriod;
//populate the bodymatch
if($pos-$starttext >= 0)
{
$bodymatch[] = substr($body,$starttext,$textlength);
}
else $bodymatch[] = '';
}
//else if($pos-starttext > $posSpace)//else if longest word in query is after a space within ballpark, reset $starttext to that point
else if($pos > $posSpace)//else if longest word in query is after a space within ballpark, reset $starttext to that point
{
$starttext = $posSpace;
//populate the bodymatch
if($pos-$starttext >= 0)
{
$bodymatch[] = substr($body,$starttext,$textlength);
}
else $bodymatch[] = '';
}
$outputFTSrows=$count;
//do a general search if exact results peter off
if($outputFTSrows < 8 && $exactMatch == false){
$count = 0;
$general = true;
//Check if query contains a hyphenated word. MySQL is finicky about them. We will wrap quotes around hyphenated words that aren't part of a string which is already wraped in quotes.
if((strpos($queryNoQuotes,'-') !== false || strpos($queryNoQuotes,'+') !== false) && $urlDetected == false){
$hyphenwords = explode(' ',$query);
$query = '';
$quotes = 0;
$i = 0;
foreach ($hyphenwords as $word) {
if(strpos($queryNoQuotes,'"') !== false){
$quotes++;
}
if(((strpos($queryNoQuotes,'-') !== false && $word[0] != '-') || (strpos($queryNoQuotes,'+') !== false && $word[0] != '+')) && $quotes%2 == 0){//if hyphen exists, not a flag, not wrapped in quotes already
$word = '"' . $word . '"';
}
if($i > 0){
$query .= ' ';
}
$query .= $word;
$i++;
}
}
else //else just set the bodymatch to the ballparktext
//perform full text search FOR InnoDB or MyISAM STORAGE ENGINE
$outputFTSgeneral = mysqli_query($link, "SELECT id, url, title, description, body FROM windex WHERE Match(tags, body, description, title, url) Against('$query' IN BOOLEAN MODE) AND enable = '1' $additions ORDER BY CASE WHEN LOCATE('$queryNoQuotes_SQLsafe', tags)>0 THEN 30 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 AND Match(title) AGAINST('$query' IN BOOLEAN MODE) THEN 20 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 THEN 16 WHEN Match(title) AGAINST('$query' IN BOOLEAN MODE) THEN Match(title) AGAINST('$query' IN BOOLEAN MODE) END DESC, id DESC LIMIT $lim OFFSET $offset");
//if all else fails, try a full text search with * appended (better to get something than nothing I suppose)
if(mysqli_num_rows($outputFTSgeneral) == 0 && $offset == 0 && $urlDetected == 0)
{
//populate the bodymatch
if($pos-$starttext >= 0)
$starappend = 1;
$querystar = $query;
//innodb will get fussy over some things if put in like '''' or ****, uncomment below lines if using innoDB
$querystar = str_replace('*', "",$querystar);
$querystar = str_replace('"', "",$querystar);
$querystar = str_replace('"', "",$querystar);
$querystar = str_replace('\'', "",$querystar);
//-----------------------------------------------
$querystar = $querystar . '*';
//perform full text search FOR InnoDB or MyISAM STORAGE ENGINE
$outputFTSgeneral = mysqli_query($link, "SELECT id, url, title, description, body FROM windex WHERE Match(tags, body, description, title, url) Against('$querystar' IN BOOLEAN MODE) AND enable = '1' $additions ORDER BY CASE WHEN LOCATE('$queryNoQuotes_SQLsafe', tags)>0 THEN 30 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 AND Match(title) AGAINST('$querystar' IN BOOLEAN MODE) THEN 20 WHEN LOCATE('$queryNoQuotes_SQLsafe', title)>0 THEN 16 WHEN Match(title) AGAINST('$querystar' IN BOOLEAN MODE) THEN Match(title) AGAINST('$querystar' IN BOOLEAN MODE) END DESC, id DESC LIMIT $lim OFFSET $offset");
if(!$outputFTSgeneral)
{
$bodymatch[] = $ballparktext;
}
else $bodymatch[] = '';
$error = 'Error ' . mysqli_error($link);
include 'error.html.php';
exit();
}
}
//this will get set if position of longest word of query is found within body
$pos = -1;
//lets put contents of the full text search into the array
while($row = mysqli_fetch_array($outputFTSgeneral))
{
$count++;
//check for duplicates if appending general search matches on the same page where exact matches were found
$duplicate = false;
if($outputFTSrows < 8 && $outputFTSrows > 0){
foreach($id as $idtocheck){
if($idtocheck==$row[0]){
$duplicate=true;
break;
}
}
}
if($duplicate==false){
//put the contents of the URL column within the DB into an array
$id[] = $row[0];
$url[] = $row[1];
$title[] = substr($row[2],0,150);
$description[] = substr($row[3],0,180);
$body = $row[4];
$lastID = $row[0];
if($exactMatch == false)
{
//remove the '*' at the end of the longest word if present
if(strpos($longestWord,'*') == true)
{
$longestWord = str_replace('*', "",$longestWord);
}
//first find an exact
if(strlen($requiredword) > 0){
$pos = stripos($body, $requiredword);
}else{
$pos = stripos($body, $queryNoQuotes);
}
//search within body for position of longest query word. If not found, try another word
if($pos == false){
$pos = stripos($body, $longestWord);
if($pos == false && $wordcount > 1)
{
if($longestwordelementnum > 0)
{
if(strpos($words[0],'*') == true)//remove the '*' at the end of the query if present
$words[0] = str_replace('*', "",$words[0]);
$pos = stripos($body, $words[0]);
}
else if($longestwordelementnum == 0)
{
if(strpos($words[1],'*') == true)//remove the '*' at the end of the query if present
$words[1] = str_replace('*', "",$words[1]);
$pos = stripos($body, $words[1]);
}
}
}
}
else
{
$pos = stripos($body, $queryNoQuotes);
}
//still not found?, set position to 0
if($pos == false){
$pos = 0;
}
//get all positions of all keywords in body
/* $lastPos = 0;
$positions = array();
foreach($words as $word)
{
while (($lastPos = mb_strpos($body, $word, $lastPos))!== false) {
$positions[$word][] = $lastPos;
$lastPos = $lastPos + strlen($word);
}
}*/
//figure out how much preceding text to use
if($pos < 32)
$starttext = 0;
else if($pos > 25)
$starttext = $pos - 25;
else if($pos > 20)
$starttext = $pos - 15;
//else $starttext = 0;
//total length of the ballpark
$textlength = 180;
//populate the ballpark
if($pos >= 0)
{
$ballparktext = substr($body,$starttext,$textlength);
}
else $ballpark = '0';
//find position of nearest Period
$foundPeriod = true;
$posPeriod = stripos($ballparktext, '. ') + $starttext +1;
//find position of nearest Space
$foundSpace = true;
$posSpace = stripos($ballparktext, ' ') + $starttext;
//if longest word in query is after a period+space within ballpark, reset $starttext to that point
if($pos-$starttext > $posPeriod)
{
$starttext = $posPeriod;
//populate the bodymatch
if($pos-$starttext >= 0)
{
$bodymatch[] = substr($body,$starttext,$textlength);
}
else $bodymatch[] = '';
}
//else if($pos-starttext > $posSpace)//else if longest word in query is after a space within ballpark, reset $starttext to that point
else if($pos > $posSpace)//else if longest word in query is after a space within ballpark, reset $starttext to that point
{
$starttext = $posSpace;
//populate the bodymatch
if($pos-$starttext >= 0)
{
$bodymatch[] = substr($body,$starttext,$textlength);
}
else $bodymatch[] = '';
}
else //else just set the bodymatch to the ballparktext
{
//populate the bodymatch
if($pos-$starttext >= 0)
{
$bodymatch[] = $ballparktext;
}
else $bodymatch[] = '';
}
}
}
}
$row = null;
$totalcount = (($count + $offset)/$lim)+1;
//make safe for json
// replace := map[string]string{"\\":"\\\\", "\t":"\\t", "\b":"\\b", "\n":"\\n", "\r":"\\r", "\f":"\\f"/*, `"`:`\"`*/}
include 'results.json.php';
}