DedeBIZ
/
DedeV6
Beobachten 2
Favorisieren 0
Fork 0
Code Pull-Requests 0 Releases 25 Aktivität
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
210 Commits
3 Branches
354MB
Struktur: 3c3422f32d
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „3c3422f32d“
${ noResults }
DedeV6/src/plus/advancedsearch.php

258 Zeilen
8.8KB
Originalformat Blame Verlauf 

  1. <?php

  2. /**

  3.  *

  4.  * 高级搜索

  5.  *

  6.  * @version        $Id: advancedsearch.php 1 15:38 2010年7月8日Z tianya $

  7.  * @package        DedeCMS.Site

  8.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. require_once(dirname(__FILE__)."/../include/common.inc.php");

  13. require_once(DEDEINC."/datalistcp.class.php");

  14. $timestamp = time();

  15. @session_start();

  16. 

  17. //限制同时搜索数量

  18. $timelock = '../data/time.lock';

  19. if($cfg_allsearch_limit < 1)

  20. {

  21.     $cfg_allsearch_limit = 1;

  22. }

  23. if(file_exists($timelock))

  24. {

  25.     if($timestamp - filemtime($timelock) < $cfg_allsearch_limit)

  26.     {

  27.         showmsg('服务器忙,请稍后搜索','-1');

  28.         exit();

  29.     }

  30. }

  31. @touch($timelock,$timestamp);

  32. $mid = isset($mid) && is_numeric($mid) ? $mid : 0;

  33. $sqlhash = isset($sqlhash) && preg_match("/^[A-Za-z0-9]+$/", $sqlhash) ? $sqlhash : '';

  34. 

  35. if($mid == 0)

  36. {

  37.     showmsg('参数不正确,高级自定义搜索必须指定模型id', 'javascript');

  38.     exit();

  39. }

  40. 

  41. $query = "SELECT maintable, mainfields, addontable, addonfields, template FROM #@__advancedsearch WHERE mid='$mid'";

  42. $searchinfo = $dsql->GetOne($query);

  43. if(!is_array($searchinfo))

  44. {

  45.     showmsg('自定义搜索模型不存在','-1');

  46.     exit();

  47. }

  48. $template = $searchinfo['template'] != '' ?  $searchinfo['template'] : 'advancedsearch.htm';

  49. $sql = empty($_SESSION[$sqlhash])? '' : $_SESSION[$sqlhash];

  50. 

  51. if(empty($sql))

  52. {

  53.     //主表字段处理

  54.     $q = stripslashes($q);

  55.     $q = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", " ", trim($q));

  56.     if( ($cfg_notallowstr!='' && preg_match("#".$cfg_notallowstr."#i", $q)) || ($cfg_replacestr!='' && preg_match("#".$cfg_replacestr."#i", $q)) )

  57.     {

  58.         echo "你的信息中存在非法内容,被系统禁止!<a href='javascript:history.go(-1)'>[返回]</a>"; exit();

  59.     }

  60.     $q = addslashes($q);

  61.     $iscommend = isset($iscommend) && is_numeric($iscommend) ? $iscommend : 0;

  62.     $typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;

  63.     $typeid = max($typeid, 0);

  64.     $includesons = isset($includesons) ? 1 : 0;

  65.     $writer = isset($writer) ? trim($writer) : '';

  66.     $source = isset($source) ? trim($source) : '';

  67.     $startdate = isset($startdate) ? trim($startdate) : '';

  68.     $enddate = isset($enddate) ? trim($enddate) : '';

  69.     if($startdate != '') $starttime = strtotime($startdate);

  70.     else $starttime = 0;

  71.         

  72.     if($enddate != '') $endtime = strtotime($enddate);

  73.     else $endtime = 0;

  74.     $where = ' WHERE main.arcrank>-1 ';

  75. 

  76.     if($q != '') $where .= " AND main.title LIKE '%$q%' ";

  77.     if($iscommend == 1) $where .= " AND FIND_IN_SET('c', main.flag)>0 ";

  78.     if(!empty($typeid))

  79.     {

  80.         if($includesons == 1)

  81.         {

  82.             $tids =  TypeGetSunID($typeid, $dsql, '', $mid, TRUE);

  83.             $where .= " AND main.typeid IN ($tids) ";

  84.         }

  85.         else

  86.         {

  87.             $where .= " AND main.typeid=$typeid ";

  88.         }

  89.     }

  90.     else

  91.     {

  92.         $where .= " AND main.channel = $mid ";

  93.     }

  94.     if($writer != '')

  95.     {

  96.         $writer = stripslashes($writer);

  97.         $writer = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim($writer));

  98.         $writer = addslashes($writer);

  99.         $where .= " AND main.writer='$writer' ";

  100.     }

  101.     if($source != '')

  102.     {

  103.         $source = stripslashes($source);

  104.         $source = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim($source));

  105.         $source = addslashes($source);

  106.         $where .= " AND main.source='$source' ";

  107.     }

  108.     if($starttime > 0) $where .= " AND main.senddate>$starttime ";

  109.     if($endtime > 0) $where .= " AND main.senddate<$endtime";

  110.     $maintable = $searchinfo['maintable'];

  111.     $addontable = $searchinfo['addontable'];

  112.     $mainfields = $searchinfo['mainfields'];

  113.     $addonfields = $searchinfo['addonfields'];

  114.     $mainfieldsarr = explode(',', $mainfields);

  115.     $addonfieldsarr = explode(',', $addonfields);

  116.     array_pop($addonfieldsarr);//弹出

  117. 

  118.     $intarr = array('int','float');

  119.     $textarr = array('textdata','textchar','text','htmltext','multitext');

  120.     foreach($addonfieldsarr as $addonfield)

  121.     {

  122.         $addonfieldarr = explode(':', $addonfield);

  123.         $var = $addonfieldarr[0];

  124.         $type = $addonfieldarr[1];

  125.         if(in_array($type, $intarr))

  126.         {

  127.             if(isset(${'start'.$var}) && trim(${'start'.$var})!='')

  128.             {

  129.                 ${'start'.$var} = trim(${'start'.$var});

  130.                 ${'start'.$var} = intval(${'start'.$var});

  131.                 $where .= " AND addon.$var>${'start'.$var} ";

  132.             }

  133.             if(isset(${'end'.$var}) && trim(${'end'.$var})!='')

  134.             {

  135.                 ${'end'.$var} = trim(${'end'.$var});

  136.                 ${'end'.$var} = intval(${'end'.$var});

  137.                 $where .= " AND addon.$var<${'end'.$var} ";

  138.             }

  139.         }

  140.         elseif(in_array($type, $textarr))

  141.         {

  142.             if(isset(${$var}) && trim(${$var})!='')

  143.             {

  144.                 ${$var} = stripslashes(${$var});

  145.                 ${$var} = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim(${$var}));

  146.                 ${$var} = addslashes(${$var});

  147.                 $where .= " AND addon.$var LIKE '%${$var}%'";

  148.             }

  149.         }

  150.         elseif($type == 'select')

  151.         {

  152.             ${$var} = stripslashes(${$var});

  153.             ${$var} = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim(${$var}));

  154.             ${$var} = addslashes(${$var});

  155.             if(${$var} != '')

  156.             {

  157.                 $where .= " AND addon.$var LIKE '${$var}'";

  158.             }

  159.         }

  160.         elseif($type == 'radio')

  161.         {

  162.             ${$var} = stripslashes(${$var});

  163.             ${$var} = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim(${$var}));

  164.             ${$var} = addslashes(${$var});

  165.             if(${$var} != '')

  166.             {

  167.                 $where .= " AND addon.$var LIKE '${$var}'";

  168.             }

  169.         }

  170.         elseif($type == 'checkbox')

  171.         {

  172.             if(is_array(${$var}) && !empty(${$var}))

  173.             {

  174.                 foreach(${$var} as $tmpvar)

  175.                 {

  176.                     $tmpvar = trim($tmpvar);

  177.                     if($tmpvar != '')

  178.                     {

  179.                         $tmpvar = stripslashes($tmpvar);

  180.                         $tmpvar = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim($tmpvar));

  181.                         $tmpvar = addslashes($tmpvar);

  182.                         $where .= " AND CONCAT(',',addon.$var, ',') LIKE '%,$tmpvar,%' ";

  183.                     }

  184.                 }

  185.             }

  186.         }

  187.         elseif($type == 'datetime')

  188.         {

  189.             ${'start'.$var} = trim(${'start'.$var});

  190.             if(${'start'.$var} != '')

  191.             {

  192.                 ${'start'.$var} = strtotime(${'start'.$var});

  193.             }

  194.             else

  195.             {

  196.                 ${'start'.$var} = 0;

  197.             }

  198.             ${'end'.$var} = trim(${'end'.$var});

  199.             if(${'end'.$var} != '')

  200.             {

  201.                 ${'end'.$var} = strtotime(${'end'.$var});

  202.             }

  203.             else

  204.             {

  205.                 ${'end'.$var} = 0;

  206.             }

  207.         }

  208.     }

  209.     $orderby = ' order by main.senddate desc ';

  210.     if($mid < -1)

  211.     {

  212.         $where = str_replace('main.', 'addon.', $where);

  213.         $orderby = str_replace('main.', 'addon.', $orderby);

  214.         $query = "SELECT addon.*, arctype.* FROM $addontable addon 

  215.         LEFT JOIN #@__arctype arctype ON arctype.id = addon.typeid

  216.         $where $orderby";

  217.     } else {

  218.         $query = "SELECT main.id AS aid,main.*,main.description AS description1, type.* 

  219.     FROM $maintable main 

  220.     LEFT JOIN #@__arctype type ON type.id = main.typeid 

  221.     LEFT JOIN $addontable addon ON addon.aid = main.id 

  222.     $where  $orderby";

  223.     }

  224.     $sql = $query;

  225. }

  226. else

  227. {

  228.     $sql = urldecode($sql);

  229.     $query = $sql;

  230. }

  231. 

  232. $sql = urlencode($sql);

  233. //生成sql的唯一序列化字符串,并将sql语句记录到session中去

  234. $sqlhash = md5($sql);

  235. $_SESSION[$sqlhash] = $sql;

  236. 

  237. $dlist = new DataListCP();

  238. $dlist->pageSize = 20;

  239. $dlist->SetParameter("hash", $sqlhash);

  240. $dlist->SetParameter("mid", $mid);

  241. if(file_exists(DEDEROOT."/templets/default/$template"))

  242. {

  243.     $templatefile = DEDEROOT."/templets/default/$template";

  244. }

  245. else

  246. {

  247.     $templatefile = DEDEROOT."/templets/default/advancedsearch.htm";

  248. }

  249. $dlist->SetTemplate($templatefile);

  250. $dlist->SetSource($query);

  251. require_once(DEDEINC."/channelunit.class.php");

  252. 

  253. //获得一个指定档案的链接

  254. function GetArcUrl($aid,$typeid,$timetag,$title,$ismake=0,$rank=0,$namerule='',$artdir='',$money=0)

  255. {

  256.     return GetFileUrl($aid,$typeid,$timetag,$title,$ismake,$rank,$namerule,$artdir,$money);

  257. }

  258. $dlist->Display();