{sysword word="Search results" type="Search"}:

{php} $keelevalik = $this->get_template_vars('lang'); global $site; //XSS attacki vastane fix. SQL päringud olid escapetud, aga lingid, mis kasutasid _GET muutujaid ei olnud. Mindworksil vist oli jäänud see kahe silma vahele. Peeter @ Mekaia @ 30.04.2010 foreach($_GET as $k=>$v){ $_GET[$k]=htmlspecialchars(xss_clean($v)); } $my_lang['ee'] = array( 'Subjects' => 'Järelvalvesubjektid', 'Sections' => 'Rubriigid', 'Articles' => 'Artiklid', 'Links' => 'Lingid', 'Keyword' => 'Võtmesõna', 'Results' => 'Tulemusi', ); $my_lang['en'] = array( 'Subjects' => 'Supervised Entities', 'Sections' => 'Sections', 'Articles' => 'Articles', 'Links' => 'Links', 'Keyword' => 'Keywords', 'Results' => 'Results', ); $_GET['tyyp_id'] = (!$_GET['tyyp_id']?2:(int)$_GET['tyyp_id']); /*$hostname = "localhost"; $dbUser = "finants_user"; $dbPass = "hjrt45"; $dbName = "finants_temp"; */ $hostname = "localhost"; $dbUser = "fisk"; $dbPass = "b2NUSn7k4rx3!5b"; $dbName = "fisb"; mysql_connect($hostname, $dbUser, $dbPass); mysql_select_db($dbName); $page_map_est = array( 287 => 'estcreditcompanies', 537 => 'forcreditbranches', 1972 => 'cbbsproviders', 464 => 'estlifeinsurers', 1768 => 'estdamageinsurers', 2275 => 'forinsurersbranches', 1973 => 'forlifeinsurers', 1974 => 'fordamageinsurers', 466 => 'insbroker', 2218 => 'forinsbrokers', 2230 => 'forinsagents', 335 => 'estfundmanagers', 2251 => 'forfundmanagers', 2397 => 'invfirms', 2668 => 'forinvfirms', 1975 => 'cbisproviders', 2275 => 'forinsurersbranches', 1473 => 'invfundcontracted', 1447 => 'penfondobl', 1448 => 'penfondfree', 1808 => 'penfondfor', 370 => 'regprosp', 2371 => 'fiprosp', 14925 => 'localprosp', 14926 => 'localprosp_rahmin', 14927 => 'localprosp_old', 2672 => 'forregprosp', 2753 => 'sharesystemorganizer', 1722 => 'takeoverbids', 2673 => 'estemoneyproviders', 2253 => 'foremoneyproviders', 2752 => 'stockorganizer', 2751 => 'marketorganizer', 16005 => 'marketmakerfirm', 12501 => 'estpayingauthority', 12500 => 'forepayingauthority', 14635 => 'cbisproviders_new', #2751 => 'finc' ); $page_map_est_ = array_flip($page_map_est); $page_map_eng = array( 821 => 'estcreditcompanies', // en 1774 => 'forcreditbranches', // en 2223 => 'cbbsproviders', // en 1776 => 'estlifeinsurers', // en 1778 => 'estdamageinsurers', // en 2276 => 'forinsurersbranches', // en 2224 => 'forlifeinsurers', // en 2225 => 'fordamageinsurers', // en 1779 => 'insbroker', // en 2226 => 'forinsbrokers', // en 2229 => 'forinsagents', // en 1784 => 'estfundmanagers', // en 2254 => 'forfundmanagers', // en 2233 => 'invfirms', // en 2674 => 'forinvfirms', // en 2276 => 'forinsurersbranches', // en 2228 => 'cbisproviders', // en 1786 => 'invfundcontracted', // en 1787 => 'penfondobl', // en 1788 => 'penfondfree', // en 1809 => 'penfondfor', // en 2675 => 'localprosp', // en 14929 => 'localprosp_old', //en 14928 => 'localprosp_rahmin', //en 2527 => 'fiprosp', // en?? 2678 => 'forregprosp', // en 1790 => 'takeoverbids', // en 2679 => 'estemoneyproviders', // en 16012 => 'marketmakerfirm',//en 13581 => 'estpayingauthority', //en 12635 => 'forepayingauthority', // en 2256 => 'foremoneyproviders', // en ); //$page_map_eng_ = array_flip($page_map_eng,true); $page_map_eng_ = array_flip($page_map_eng); $nbr = 0; $numresults = 0; $paginate = 20; $lk = ($_GET['lk']>0?(int)$_GET['lk']:0); $result_html = ''; $paginate_html = ''; if($_GET['tyyp_id'] == 1){ $sql = "SELECT count(o.objekt_id) as count FROM `objekt` o LEFT JOIN objekt_objekt oo ON oo.objekt_id = o.objekt_id WHERE o.tyyp_id = 1 AND o.on_avaldatud = 1 AND o.is_hided_in_menu = '0' AND o.keel = " . $site->keel . " AND ( o.pealkiri_strip LIKE '%".mysql_escape_string($_GET['squery'])."%' OR o.sisu_strip LIKE '%".mysql_escape_string($_GET['squery'])."%') AND oo.parent_id not in (0,13)"; $results = mysql_query($sql); $row = mysql_fetch_object($results); $numresults = $row->count; if($numresults > 0){ $sql = "SELECT o.objekt_id, o.pealkiri_strip FROM `objekt` o LEFT JOIN objekt_objekt oo ON oo.objekt_id = o.objekt_id WHERE o.tyyp_id = 1 AND o.on_avaldatud = 1 AND o.is_hided_in_menu = '0' AND o.keel = " . $site->keel . " AND ( o.pealkiri_strip LIKE '%".mysql_escape_string($_GET['squery'])."%' OR o.sisu_strip LIKE '%".mysql_escape_string($_GET['squery'])."%') AND oo.parent_id not in (0,13) limit ".($lk*$paginate).", ".$paginate; $results = mysql_query($sql); while($row = mysql_fetch_object($results)){ $result_html .= '

'.(++$nbr+($lk*$paginate)).'. '.$row->pealkiri_strip.'

'; } } }elseif($_GET['tyyp_id'] == 2){ $sql = "SELECT count(o.objekt_id) as count FROM `objekt` o LEFT JOIN objekt_objekt oo ON oo.objekt_id = o.objekt_id WHERE o.tyyp_id = 2 AND o.on_avaldatud = 1 AND o.is_hided_in_menu = '0' AND o.keel = " . $site->keel . " AND ( o.pealkiri_strip LIKE '%".mysql_escape_string($_GET['squery'])."%' OR o.sisu_strip LIKE '%".mysql_escape_string($_GET['squery'])."%') AND o.kesk = 0 AND oo.parent_id not in (0,13)"; $results = mysql_query($sql); $row = mysql_fetch_object($results); $numresults = $row->count; if($numresults > 0){ $sql = "SELECT o.objekt_id, o.pealkiri_strip, LEFT(o.sisu_strip,125) as sisu_strip FROM `objekt` o LEFT JOIN objekt_objekt oo ON oo.objekt_id = o.objekt_id WHERE o.tyyp_id = 2 AND o.on_avaldatud = 1 AND o.is_hided_in_menu = '0' AND o.keel = " . $site->keel . " AND ( o.pealkiri_strip LIKE '%".mysql_escape_string($_GET['squery'])."%' OR o.sisu_strip LIKE '%".mysql_escape_string($_GET['squery'])."%') AND o.kesk = 0 AND oo.parent_id not in (0,13) ORDER BY o.objekt_id DESC limit ".($lk*$paginate).", ".$paginate; $results = mysql_query($sql); while($row = mysql_fetch_object($results)){ $result_html .= '

'.(++$nbr+($lk*$paginate)).'. '.(strlen($row->pealkiri_strip)==0?'-':$row->pealkiri_strip).'

'.$row->sisu_strip.(strlen($row->sisu_strip)==125?'...':'').'

'; } } }elseif($_GET['tyyp_id'] == 3){ $sql = "SELECT count(o.objekt_id) as count FROM `objekt` o LEFT JOIN objekt_objekt oo ON oo.objekt_id = o.objekt_id LEFT JOIN obj_link ol ON ol.objekt_id = o.objekt_id WHERE o.tyyp_id =3 AND o.on_avaldatud =1 AND o.is_hided_in_menu = '0' AND o.keel = " . $site->keel . " AND o.pealkiri_strip LIKE '%".mysql_escape_string($_GET['squery'])."%' AND oo.parent_id NOT IN ( 0, 13 )"; $results = mysql_query($sql); $row = mysql_fetch_object($results); $numresults = $row->count; if($numresults > 0){ $sql = "SELECT o.objekt_id, o.pealkiri_strip, ol.url, ol.on_uusaken FROM `objekt` o LEFT JOIN objekt_objekt oo ON oo.objekt_id = o.objekt_id LEFT JOIN obj_link ol ON ol.objekt_id = o.objekt_id WHERE o.tyyp_id =3 AND o.on_avaldatud =1 AND o.is_hided_in_menu = '0' AND o.keel = " . $site->keel . " AND o.pealkiri_strip LIKE '%".mysql_escape_string($_GET['squery'])."%' AND oo.parent_id NOT IN ( 0, 13 ) ORDER BY o.objekt_id DESC limit ".($lk*$paginate).", ".$paginate; $results = mysql_query($sql); while($row = mysql_fetch_object($results)){ $result_html .= '

'.(++$nbr+($lk*$paginate)).'. on_uusaken==1?'target="_blank"':'').'>'.$row->pealkiri_strip.'

'; } } }elseif($_GET['tyyp_id'] == 4){ $sql = "SELECT count(o.objekt_id) as count FROM `objekt` o LEFT JOIN objekt_objekt oo ON oo.objekt_id = o.objekt_id WHERE o.tyyp_id = 14 AND o.on_avaldatud = 1 AND o.is_hided_in_menu = '0' AND o.keel = " . $site->keel . " AND ( o.pealkiri_strip LIKE '%".mysql_escape_string($_GET['squery'])."%' OR o.sisu_strip LIKE '%".mysql_escape_string($_GET['squery'])."%') AND o.kesk = 0 AND oo.parent_id not in (0,13)"; $results = mysql_query($sql); $row = mysql_fetch_object($results); $numresults = $row->count; if($numresults > 0){ $sql = "SELECT o.objekt_id, o.pealkiri_strip, LEFT(o.sisu_strip,125) as sisu_strip, oo.parent_id FROM `objekt` o LEFT JOIN objekt_objekt oo ON oo.objekt_id = o.objekt_id WHERE o.tyyp_id = 14 AND o.on_avaldatud = 1 AND o.is_hided_in_menu = '0' AND o.keel = " . $site->keel . " AND ( o.pealkiri_strip LIKE '%".mysql_escape_string($_GET['squery'])."%' OR o.sisu_strip LIKE '%".mysql_escape_string($_GET['squery'])."%') AND o.kesk = 0 AND oo.parent_id not in (0,13) ORDER BY o.objekt_id DESC limit ".($lk*$paginate).", ".$paginate; $results = mysql_query($sql); while($row = mysql_fetch_object($results)){ $result_html .= '

'.(++$nbr+($lk*$paginate)).'. '.(strlen($row->pealkiri_strip)==0?'-':$row->pealkiri_strip).'

'.$row->sisu_strip.(strlen($row->sisu_strip)==125?'...':'').'

'; } } }elseif($_GET['tyyp_id'] == 5){ $getquery = mysql_escape_string($_GET['squery']); $a = array("Ä", "Ö", "Ü", "Õ"); $b = array("ä", "ö", "ü", "õ"); $c = array('amp;'); $getquery = str_replace($c, '%', $getquery); # GET LOW $getquery_low = str_replace($a, $b, $getquery); $getquery_low = strtolower($getquery_low); # GET UP $getquery_up = str_replace($b, $a, $getquery); $getquery_up = strtoupper($getquery_up); #$getquery_low = iconv("ISO-8859-1", "UTF-8", $getquery_low); #$getquery_low = iconv("UTF-8", "ISO-8859-1", $getquery_low); #$c = array('amp;'); #$getquery_low = str_replace($eestitahed, '%', $getquery_low); $sql = "SELECT vo.val_object_id, vo.object_value, sc2.class_name, sc2.sch_class_id FROM VAL_OBJECT vo INNER JOIN SCH_CLASS sc ON ( vo.sch_class_id = sc.sch_class_id AND sc.class_name IN ( 'finc', 'finc.person', 'finc.person.name', 'finc.auditor', 'finc.sholder', 'finc.cgroupc', 'finc.branch', 'finc.dcompany', 'finc.frepr', 'forbranch', 'oborder', 'fund', 'fund.manager', 'fund.auditor', 'ffund', 'prospect', 'prospect.issuer', 'prospect.offerer', 'prospect.cond', 'takeover', 'takeover.issuer', 'takeover.offerer', 'insfinc', 'finc.name', 'cbisproviders_new' ) ) LEFT JOIN SCH_ASSOCIATION sa on (sa.child_class_id = vo.sch_class_id) LEFT JOIN SCH_CLASS sc2 on (sc2.sch_class_id = sa.parent_class_id) WHERE (vo.object_value like '%".$getquery_low."%' AND vo.is_deleted = 0) OR (vo.object_value like '%".$getquery_up."%' AND vo.is_deleted = 0) GROUP BY object_value"; // and vo.object_value != '' group by vo.object_value #echo $sql; $results = mysql_query($sql); $numresults = mysql_num_rows($results); #cbisproviders_new exists OK ########################################################################################################## /* echo 'VAL_OBJECT & CLASS
--------------------------------------------------------'; $sqlx = "SELECT * FROM VAL_OBJECT AS vo LEFT JOIN SCH_CLASS AS sc ON vo.sch_class_id = sc.sch_class_id WHERE vo.object_value like '%".$getquery_low."%'"; $resultsx = mysql_query($sqlx); while($rowx = mysql_fetch_object($resultsx)){ printr($rowx); } */ ########################################################################################################## if($numresults > 0){ # ORIGINAAL SQL $sql = "SELECT vol2.local_value as grandparentname, va3.child_object_id, va3.parent_object_id as grandparent, vol.local_value as parent_title, va.parent_object_id, vo.val_object_id, vo.object_value, sc2.class_name, sc2.sch_class_id, sc3.class_name as class_name2, va2.parent_object_id as parent_object_id2, vol.lang_code FROM VAL_OBJECT vo INNER JOIN SCH_CLASS sc ON ( vo.sch_class_id = sc.sch_class_id AND sc.class_name IN ( 'finc', 'finc.person', 'finc.person.name', 'finc.auditor', 'finc.sholder', 'finc.cgroupc', 'finc.branch', 'finc.dcompany', 'finc.frepr', 'forbranch', 'oborder', 'fund', 'fund.manager', 'fund.auditor', 'ffund', 'prospect', 'prospect.issuer', 'prospect.offerer', 'prospect.cond', 'takeover', 'takeover.issuer', 'takeover.offerer', 'insfinc', 'finc.name', 'cbisproviders_new' ) ) LEFT JOIN SCH_ASSOCIATION sa on (sa.child_class_id = vo.sch_class_id) LEFT JOIN SCH_CLASS sc2 on (sc2.sch_class_id = sa.parent_class_id) LEFT JOIN VAL_ASSOCIATION va on (va.child_object_id = vo.val_object_id) LEFT JOIN VAL_ASSOCIATION va2 on (va2.child_object_id = va.parent_object_id) LEFT JOIN VAL_ASSOCIATION va3 on (va3.child_object_id = va.parent_object_id) LEFT JOIN VAL_OBJECT vo2 on (vo2.val_object_id = va2.parent_object_id) LEFT JOIN SCH_ASSOCIATION sa2 on (sa2.child_class_id = vo2.sch_class_id) LEFT JOIN VAL_OBJECT_LOCAL vol on (va.parent_object_id = vol.val_object_id) LEFT JOIN VAL_OBJECT_LOCAL vol2 on (vol2.val_object_id = va3.parent_object_id) LEFT JOIN SCH_CLASS sc3 on (sc3.sch_class_id = sa2.parent_class_id) WHERE (vo.object_value like '%".$getquery_low."%' AND vo.object_value != '' AND vo.is_deleted <> 1) OR (vo.object_value like '%".$getquery_up."%' AND vo.object_value != '' AND vo.is_deleted <> 1) GROUP BY vo.object_value ORDER BY va.parent_object_id ASC, vo.object_value ASC limit ".($lk*$paginate).", ".$paginate; # Muudetud by Bonefarm creations. # Originaalis kuvas valesid parent objekte # ERROR: ei leia inimest üles (ex. Sven Raba) $sql = " SELECT vol2.local_value AS grandparentname, vo.val_object_id, vo.sch_class_id, vo.object_value, sc.class_name, sc.is_public, val.sch_association_id, val.parent_object_id, sch.parent_class_id, sch.child_class_id, sc2.class_name, va2.parent_object_id AS parent_object_id2 FROM VAL_OBJECT AS vo LEFT JOIN SCH_CLASS AS sc ON (vo.sch_class_id = sc.sch_class_id AND sc.class_name IN ( 'finc', 'finc.person', 'finc.person.name', 'finc.auditor', 'finc.sholder', 'finc.cgroupc', 'finc.branch', 'finc.dcompany', 'finc.frepr', 'forbranch', 'oborder', 'fund', 'fund.manager', 'fund.auditor', 'ffund', 'prospect', 'prospect.issuer', 'prospect.offerer', 'prospect.cond', 'takeover', 'takeover.issuer', 'takeover.offerer', 'insfinc', 'finc.name', 'cbisproviders_new' )) LEFT JOIN VAL_ASSOCIATION AS val ON val.child_object_id = vo.val_object_id LEFT JOIN SCH_ASSOCIATION AS sch ON sch.sch_association_id = val.sch_association_id LEFT JOIN SCH_CLASS AS sc2 ON sc2.sch_class_id = sch.parent_class_id LEFT JOIN VAL_OBJECT_LOCAL AS vol2 ON vol2.val_object_id = val.parent_object_id LEFT JOIN VAL_ASSOCIATION va2 on va2.child_object_id = val.parent_object_id WHERE (vo.object_value like '%".$getquery_low."%' AND vo.object_value != '' AND vo.is_deleted <> 1) OR (vo.object_value like '%".$getquery_up."%' AND vo.object_value != '' AND vo.is_deleted <> 1) GROUP BY sc.class_name, vo.object_value ORDER BY val.parent_object_id ASC, vo.object_value ASC limit ".($lk*$paginate).", ".$paginate; # Inimese FIX (ex. Sven Raba) $sql = " SELECT vol2.local_value AS grandparentname, vo.val_object_id, vo.sch_class_id, vo.object_value, sc.class_name, sc.is_public, val.sch_association_id, val.parent_object_id, sch.parent_class_id, sch.child_class_id, sc2.class_name, va2.parent_object_id AS parent_object_id2, vo2.sch_class_id, sa2.parent_class_id, sc3.class_name as class_name2 FROM VAL_OBJECT AS vo LEFT JOIN SCH_CLASS AS sc ON (vo.sch_class_id = sc.sch_class_id AND sc.class_name IN ( 'finc', 'finc.person', 'finc.person.name', 'finc.auditor', 'finc.sholder', 'finc.cgroupc', 'finc.branch', 'finc.dcompany', 'finc.frepr', 'forbranch', 'oborder', 'fund', 'fund.manager', 'fund.auditor', 'ffund', 'prospect', 'prospect.issuer', 'prospect.offerer', 'prospect.cond', 'takeover', 'takeover.issuer', 'takeover.offerer', 'insfinc', 'finc.name', 'cbisproviders_new' )) LEFT JOIN VAL_ASSOCIATION AS val ON val.child_object_id = vo.val_object_id LEFT JOIN SCH_ASSOCIATION AS sch ON sch.sch_association_id = val.sch_association_id LEFT JOIN SCH_CLASS AS sc2 ON sc2.sch_class_id = sch.parent_class_id LEFT JOIN VAL_OBJECT_LOCAL AS vol2 ON vol2.val_object_id = val.parent_object_id LEFT JOIN VAL_ASSOCIATION va2 on va2.child_object_id = val.parent_object_id LEFT JOIN VAL_OBJECT vo2 on (vo2.val_object_id = va2.parent_object_id) LEFT JOIN SCH_ASSOCIATION sa2 on (sa2.child_class_id = vo2.sch_class_id) LEFT JOIN SCH_CLASS sc3 on (sc3.sch_class_id = sa2.parent_class_id) WHERE (vo.object_value like '%".$getquery_low."%' AND vo.object_value != '' AND vo.is_deleted <> 1) OR (vo.object_value like '%".$getquery_up."%' AND vo.object_value != '' AND vo.is_deleted <> 1) GROUP BY sc.class_name, vo.object_value ORDER BY val.parent_object_id ASC, vo.object_value ASC limit ".($lk*$paginate).", ".$paginate; #echo $sql; $results = mysql_query($sql); $closed = array(); while($row = mysql_fetch_object($results)){ #printr($row); if(in_array($row->class_name,$page_map_est)){ $row_val_object_id = $row->parent_object_id; $parent = $row->val_object_id; // PARENT $sql2 = "SELECT * FROM VAL_ASSOCIATION AS VA LEFT JOIN VAL_OBJECT AS VO ON VA.child_object_id = VO.val_object_id LEFT JOIN SCH_CLASS AS SC ON VO.sch_class_id = SC.sch_class_id WHERE VA.parent_object_id = '$parent'"; $results2 = mysql_query($sql2); while($row2 = mysql_fetch_object($results2)){ if(stristr($row2->class_name, "closed")){ if($row2->object_value == 1){ $closed[$row->val_object_id] = 1; } } } if($closed[$row->val_object_id] <> 1){ if($nextclass != $row->parent_object_id){ if($row->parent_title){ $result_html .= '

'.$row->parent_title.'

'; }else{ $result_html .= '

'.$row->grandparentname.'

'; } } //'.(++$nbr+($lk*$paginate)).'. $result_html .= ''; if($row->parent_title){ $result_html .= ' '; }else{ $result_html .= ' '; } // PARENT $sql3 = "SELECT * FROM VAL_ASSOCIATION AS VA LEFT JOIN VAL_OBJECT AS VO ON VA.child_object_id = VO.val_object_id LEFT JOIN SCH_CLASS AS SC ON VO.sch_class_id = SC.sch_class_id WHERE VA.parent_object_id = '$parent'"; $results31 = mysql_query($sql3); $results32 = mysql_query($sql3); $results33 = mysql_query($sql3); #$result_html .= ''; $result_html .= '

'.$row->object_value.' (class: '.$row->class_name.', parent: '.$row->parent_object_id.')

'.$row->object_value.'

'; while($row31 = mysql_fetch_object($results31)){ # Aadress if(stristr($row31->class_name, "address")){ $result_html .= ''; } } while($row32 = mysql_fetch_object($results32)){ # Telefon if(stristr($row32->class_name, "phone")){ $result_html .= ''; } } while($row33 = mysql_fetch_object($results33)){ # Email if(stristr($row33->class_name, "email")){ $result_html .= ''; } } #$result_html .= '

'.$row31->object_value.'

'.$row32->object_value.'

'.$row33->object_value.'

'; } $nextclass = $row->parent_object_id; }elseif(in_array($row->class_name2,$page_map_est) && $row->class_name == 'finc.person'){ $result_html .= '

'.$row->object_value.'

'; }else{ #$result_html .= '

'.$row->class_name.'/'.$row->sch_class_id.'

'; } } } } $suletud = count($closed); $kokku = $numresults - $suletud; if($numresults > 0){ // loop pagination $i = 0; $sep = false; $url = '?id='.(int)$_GET['id'].'&op=search&squery='.$_GET['squery'].'&tyyp_id='.$_GET['tyyp_id'].'&lk='; while(($i*$paginate) < $numresults){ if($sep) $paginate_html .= ' | '; $pag_start = ($i*$paginate+1); $pag_end = ($paginate+($i*$paginate)); if($pag_end > $numresults) $pag_end = $numresults; if($i == $lk) $paginate_html .= ''.$pag_start.' - '.$pag_end.''; else $paginate_html .= ''.$pag_start.' - '.$pag_end.''; if($i==0) $sep = true; $i++; } } function gimmiTab($id, $name, $link = false){ $url = '?id='.(int)$_GET['id'].'&op=search&squery='.$_GET['squery']; $selected = ( $id == $_GET['tyyp_id'] ); return ' '.$name.' '; } echo '

'.gimmiTab(5, $my_lang[$keelevalik]['Subjects'], false).' '.gimmiTab(2, $my_lang[$keelevalik]['Articles'], false).' '.gimmiTab(3, $my_lang[$keelevalik]['Links'], false).'

'; echo '

'.$my_lang[$keelevalik]['Keyword'].': "'.$_GET['squery'].'" '.$my_lang[$keelevalik]['Results'].': '.$kokku.'

'.$paginate_html.'

'; echo $result_html; {/php}