首頁 探索 說明
註冊 登入
chenhao
/
leyu_admin
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
分支: master
分支列表 標籤列表
leyu_admin
/
plus
/
advancedsearch.php

advancedsearch.php 8.5 KB
永久連結 文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258 
  1. <?php
    2. 

  2. /**
    3. 

  3.  *
    4. 

  4.  * 高级搜索
    5. 

  5.  *
    6. 

  6.  * @version        $Id: advancedsearch.php 1 15:38 2010年7月8日Z tianya $
    7. 

  7.  * @package        DedeCMS.Site
    8. 

  8.  * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
    9. 

  9.  * @license        http://help.dedecms.com/usersguide/license.html
    10. 

  10.  * @link           http://www.dedecms.com
    11. 

  11.  */
    12. 

  12. require_once(dirname(__FILE__)."/../include/common.inc.php");
    13. 

  13. require_once(DEDEINC."/datalistcp.class.php");
    14. 

  14. $timestamp = time();
    15. 

  15. @session_start();
    16. 

  16. 

  17. //限制同时搜索数量
    18. 

  18. $timelock = '../data/time.lock';
    19. 

  19. if($cfg_allsearch_limit < 1)
    20. 

  20. {
    21. 

  21.     $cfg_allsearch_limit = 1;
    22. 

  22. }
    23. 

  23. if(file_exists($timelock))
    24. 

  24. {
    25. 

  25.     if($timestamp - filemtime($timelock) < $cfg_allsearch_limit)
    26. 

  26.     {
    27. 

  27.         showmsg('服务器忙,请稍后搜索','-1');
    28. 

  28.         exit();
    29. 

  29.     }
    30. 

  30. }
    31. 

  31. @touch($timelock,$timestamp);
    32. 

  32. $mid = isset($mid) && is_numeric($mid) ? $mid : 0;
    33. 

  33. $sqlhash = isset($sqlhash) && preg_match("/^[A-Za-z0-9]+$/", $sqlhash) ? $sqlhash : '';
    34. 

  34. 

  35. if($mid == 0)
    36. 

  36. {
    37. 

  37.     showmsg('参数不正确,高级自定义搜索必须指定模型id', 'javascript');
    38. 

  38.     exit();
    39. 

  39. }
    40. 

  40. 

  41. $query = "SELECT maintable, mainfields, addontable, addonfields, template FROM #@__advancedsearch WHERE mid='$mid'";
    42. 

  42. $searchinfo = $dsql->GetOne($query);
    43. 

  43. if(!is_array($searchinfo))
    44. 

  44. {
    45. 

  45.     showmsg('自定义搜索模型不存在','-1');
    46. 

  46.     exit();
    47. 

  47. }
    48. 

  48. $template = $searchinfo['template'] != '' ?  $searchinfo['template'] : 'advancedsearch.htm';
    49. 

  49. $sql = empty($_SESSION[$sqlhash])? '' : $_SESSION[$sqlhash];
    50. 

  50. 

  51. if(empty($sql))
    52. 

  52. {
    53. 

  53.     //主表字段处理
    54. 

  54.     $q = stripslashes($q);
    55. 

  55.     $q = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", " ", trim($q));
    56. 

  56.     if( ($cfg_notallowstr!='' && preg_match("#".$cfg_notallowstr."#i", $q)) || ($cfg_replacestr!='' && preg_match("#".$cfg_replacestr."#i", $q)) )
    57. 

  57.     {
    58. 

  58.         echo "你的信息中存在非法内容,被系统禁止!<a href='javascript:history.go(-1)'>[返回]</a>"; exit();
    59. 

  59.     }
    60. 

  60.     $q = addslashes($q);
    61. 

  61.     $iscommend = isset($iscommend) && is_numeric($iscommend) ? $iscommend : 0;
    62. 

  62.     $typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;
    63. 

  63.     $typeid = max($typeid, 0);
    64. 

  64.     $includesons = isset($includesons) ? 1 : 0;
    65. 

  65.     $writer = isset($writer) ? trim($writer) : '';
    66. 

  66.     $source = isset($source) ? trim($source) : '';
    67. 

  67.     $startdate = isset($startdate) ? trim($startdate) : '';
    68. 

  68.     $enddate = isset($enddate) ? trim($enddate) : '';
    69. 

  69.     if($startdate != '') $starttime = strtotime($startdate);
    70. 

  70.     else $starttime = 0;
    71. 

  71.         
    72. 

  72.     if($enddate != '') $endtime = strtotime($enddate);
    73. 

  73.     else $endtime = 0;
    74. 

  74.     $where = ' WHERE main.arcrank>-1 ';
    75. 

  75. 

  76.     if($q != '') $where .= " AND main.title LIKE '%$q%' ";
    77. 

  77.     if($iscommend == 1) $where .= " AND FIND_IN_SET('c', main.flag)>0 ";
    78. 

  78.     if(!empty($typeid))
    79. 

  79.     {
    80. 

  80.         if($includesons == 1)
    81. 

  81.         {
    82. 

  82.             $tids =  TypeGetSunID($typeid, $dsql, '', $mid, TRUE);
    83. 

  83.             $where .= " AND main.typeid IN ($tids) ";
    84. 

  84.         }
    85. 

  85.         else
    86. 

  86.         {
    87. 

  87.             $where .= " AND main.typeid=$typeid ";
    88. 

  88.         }
    89. 

  89.     }
    90. 

  90.     else
    91. 

  91.     {
    92. 

  92.         $where .= " AND main.channel = $mid ";
    93. 

  93.     }
    94. 

  94.     if($writer != '')
    95. 

  95.     {
    96. 

  96.         $writer = stripslashes($writer);
    97. 

  97.         $writer = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim($writer));
    98. 

  98.         $writer = addslashes($writer);
    99. 

  99.         $where .= " AND main.writer='$writer' ";
    100. 

  100.     }
    101. 

  101.     if($source != '')
    102. 

  102.     {
    103. 

  103.         $source = stripslashes($source);
    104. 

  104.         $source = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim($source));
    105. 

  105.         $source = addslashes($source);
    106. 

  106.         $where .= " AND main.source='$source' ";
    107. 

  107.     }
    108. 

  108.     if($starttime > 0) $where .= " AND main.senddate>$starttime ";
    109. 

  109.     if($endtime > 0) $where .= " AND main.senddate<$endtime";
    110. 

  110.     $maintable = $searchinfo['maintable'];
    111. 

  111.     $addontable = $searchinfo['addontable'];
    112. 

  112.     $mainfields = $searchinfo['mainfields'];
    113. 

  113.     $addonfields = $searchinfo['addonfields'];
    114. 

  114.     $mainfieldsarr = explode(',', $mainfields);
    115. 

  115.     $addonfieldsarr = explode(',', $addonfields);
    116. 

  116.     array_pop($addonfieldsarr);//弹出
    117. 

  117. 

  118.     $intarr = array('int','float');
    119. 

  119.     $textarr = array('textdata','textchar','text','htmltext','multitext');
    120. 

  120.     foreach($addonfieldsarr as $addonfield)
    121. 

  121.     {
    122. 

  122.         $addonfieldarr = explode(':', $addonfield);
    123. 

  123.         $var = $addonfieldarr[0];
    124. 

  124.         $type = $addonfieldarr[1];
    125. 

  125.         if(in_array($type, $intarr))
    126. 

  126.         {
    127. 

  127.             if(isset(${'start'.$var}) && trim(${'start'.$var})!='')
    128. 

  128.             {
    129. 

  129.                 ${'start'.$var} = trim(${'start'.$var});
    130. 

  130.                 ${'start'.$var} = intval(${'start'.$var});
    131. 

  131.                 $where .= " AND addon.$var>${'start'.$var} ";
    132. 

  132.             }
    133. 

  133.             if(isset(${'end'.$var}) && trim(${'end'.$var})!='')
    134. 

  134.             {
    135. 

  135.                 ${'end'.$var} = trim(${'end'.$var});
    136. 

  136.                 ${'end'.$var} = intval(${'end'.$var});
    137. 

  137.                 $where .= " AND addon.$var<${'end'.$var} ";
    138. 

  138.             }
    139. 

  139.         }
    140. 

  140.         elseif(in_array($type, $textarr))
    141. 

  141.         {
    142. 

  142.             if(isset(${$var}) && trim(${$var})!='')
    143. 

  143.             {
    144. 

  144.                 ${$var} = stripslashes(${$var});
    145. 

  145.                 ${$var} = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim(${$var}));
    146. 

  146.                 ${$var} = addslashes(${$var});
    147. 

  147.                 $where .= " AND addon.$var LIKE '%${$var}%'";
    148. 

  148.             }
    149. 

  149.         }
    150. 

  150.         elseif($type == 'select')
    151. 

  151.         {
    152. 

  152.             ${$var} = stripslashes(${$var});
    153. 

  153.             ${$var} = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim(${$var}));
    154. 

  154.             ${$var} = addslashes(${$var});
    155. 

  155.             if(${$var} != '')
    156. 

  156.             {
    157. 

  157.                 $where .= " AND addon.$var LIKE '${$var}'";
    158. 

  158.             }
    159. 

  159.         }
    160. 

  160.         elseif($type == 'radio')
    161. 

  161.         {
    162. 

  162.             ${$var} = stripslashes(${$var});
    163. 

  163.             ${$var} = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim(${$var}));
    164. 

  164.             ${$var} = addslashes(${$var});
    165. 

  165.             if(${$var} != '')
    166. 

  166.             {
    167. 

  167.                 $where .= " AND addon.$var LIKE '${$var}'";
    168. 

  168.             }
    169. 

  169.         }
    170. 

  170.         elseif($type == 'checkbox')
    171. 

  171.         {
    172. 

  172.             if(is_array(${$var}) && !empty(${$var}))
    173. 

  173.             {
    174. 

  174.                 foreach(${$var} as $tmpvar)
    175. 

  175.                 {
    176. 

  176.                     $tmpvar = trim($tmpvar);
    177. 

  177.                     if($tmpvar != '')
    178. 

  178.                     {
    179. 

  179.                         $tmpvar = stripslashes($tmpvar);
    180. 

  180.                         $tmpvar = preg_replace("#[\|\"\r\n\t%\*\?\(\)\$;,'%<>]#", "", trim($tmpvar));
    181. 

  181.                         $tmpvar = addslashes($tmpvar);
    182. 

  182.                         $where .= " AND CONCAT(',',addon.$var, ',') LIKE '%,$tmpvar,%' ";
    183. 

  183.                     }
    184. 

  184.                 }
    185. 

  185.             }
    186. 

  186.         }
    187. 

  187.         elseif($type == 'datetime')
    188. 

  188.         {
    189. 

  189.             ${'start'.$var} = trim(${'start'.$var});
    190. 

  190.             if(${'start'.$var} != '')
    191. 

  191.             {
    192. 

  192.                 ${'start'.$var} = strtotime(${'start'.$var});
    193. 

  193.             }
    194. 

  194.             else
    195. 

  195.             {
    196. 

  196.                 ${'start'.$var} = 0;
    197. 

  197.             }
    198. 

  198.             ${'end'.$var} = trim(${'end'.$var});
    199. 

  199.             if(${'end'.$var} != '')
    200. 

  200.             {
    201. 

  201.                 ${'end'.$var} = strtotime(${'end'.$var});
    202. 

  202.             }
    203. 

  203.             else
    204. 

  204.             {
    205. 

  205.                 ${'end'.$var} = 0;
    206. 

  206.             }
    207. 

  207.         }
    208. 

  208.     }
    209. 

  209.     $orderby = ' order by main.senddate desc ';
    210. 

  210.     if($mid < -1)
    211. 

  211.     {
    212. 

  212.         $where = str_replace('main.', 'addon.', $where);
    213. 

  213.         $orderby = str_replace('main.', 'addon.', $orderby);
    214. 

  214.         $query = "SELECT addon.*, arctype.* FROM $addontable addon 
    215. 

  215.         LEFT JOIN #@__arctype arctype ON arctype.id = addon.typeid
    216. 

  216.         $where $orderby";
    217. 

  217.     } else {
    218. 

  218.         $query = "SELECT main.id AS aid,main.*,main.description AS description1, type.* 
    219. 

  219.     FROM $maintable main 
    220. 

  220.     LEFT JOIN #@__arctype type ON type.id = main.typeid 
    221. 

  221.     LEFT JOIN $addontable addon ON addon.aid = main.id 
    222. 

  222.     $where  $orderby";
    223. 

  223.     }
    224. 

  224.     $sql = $query;
    225. 

  225. }
    226. 

  226. else
    227. 

  227. {
    228. 

  228.     $sql = urldecode($sql);
    229. 

  229.     $query = $sql;
    230. 

  230. }
    231. 

  231. 

  232. $sql = urlencode($sql);
    233. 

  233. //生成sql的唯一序列化字符串,并将sql语句记录到session中去
    234. 

  234. $sqlhash = md5($sql);
    235. 

  235. $_SESSION[$sqlhash] = $sql;
    236. 

  236. 

  237. $dlist = new DataListCP();
    238. 

  238. $dlist->pageSize = 20;
    239. 

  239. $dlist->SetParameter("hash", $sqlhash);
    240. 

  240. $dlist->SetParameter("mid", $mid);
    241. 

  241. if(file_exists(DEDEROOT."/templets/default/$template"))
    242. 

  242. {
    243. 

  243.     $templatefile = DEDEROOT."/templets/default/$template";
    244. 

  244. }
    245. 

  245. else
    246. 

  246. {
    247. 

  247.     $templatefile = DEDEROOT."/templets/default/advancedsearch.htm";
    248. 

  248. }
    249. 

  249. $dlist->SetTemplate($templatefile);
    250. 

  250. $dlist->SetSource($query);
    251. 

  251. require_once(DEDEINC."/channelunit.class.php");
    252. 

  252. 

  253. //获得一个指定档案的链接
    254. 

  254. function GetArcUrl($aid,$typeid,$timetag,$title,$ismake=0,$rank=0,$namerule='',$artdir='',$money=0)
    255. 

  255. {
    256. 

  256.     return GetFileUrl($aid,$typeid,$timetag,$title,$ismake,$rank,$namerule,$artdir,$money);
    257. 

  257. }
    258. 

  258. $dlist->Display();
    259.