phpldapadmin/htdocs/search.php

363 lines
10 KiB
PHP
Raw Normal View History

2009-06-30 09:22:30 +00:00
<?php
2009-06-30 10:27:56 +00:00
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/search.php,v 1.72.2.12 2006/04/29 05:45:34 wurley Exp $
2009-06-30 08:05:37 +00:00
2009-06-30 09:29:51 +00:00
/**
2009-06-30 08:05:37 +00:00
* Perform LDAP searches and draw the advanced/simple search forms
*
* Variables that come in as GET vars:
2009-06-30 09:29:51 +00:00
* - server_id (handled in common.php)
2009-06-30 08:05:37 +00:00
* - search (true if performing a search, empty to just draw form)
* For simple searches:
* - attribute, criterion, filter
* For advanced searches:
* - base_dn, scope, filter
2009-06-30 09:29:51 +00:00
*
* @package phpLDAPadmin
* @todo Search is probably broken, since base_dn is now an array
*/
/**
2009-06-30 08:05:37 +00:00
*/
2009-06-30 10:26:08 +00:00
define('SIZE_LIMIT_EXCEEDED',4);
2009-06-30 09:22:30 +00:00
require './common.php';
2009-06-30 10:26:08 +00:00
if (isset($ldapserver) && ! $ldapserver->haveAuthInfo())
pla_error(_('Not enough information to login to server. Please check your configuration.'));
2009-06-30 08:09:20 +00:00
2009-06-30 10:26:08 +00:00
# Output format, table or list?
$result_formats = array('list','table');
$format = isset($_GET['format']) ? $_GET['format'] : $config->GetValue('search','display');
2009-06-30 09:22:30 +00:00
2009-06-30 10:26:08 +00:00
if (! in_array($format,$result_formats))
2009-06-30 09:29:51 +00:00
$format = 'list';
2009-06-30 08:05:37 +00:00
2009-06-30 10:26:08 +00:00
# build the server drop-down html and JavaScript array (for base_dns)
2009-06-30 09:29:51 +00:00
$js_on_change_string = '';
2009-06-30 10:26:08 +00:00
if (isset($_GET['form']) && $_GET['form'] == 'advanced')
2009-06-30 09:29:51 +00:00
$js_on_change_string =
'onChange="document.forms[0].base_dn.value=servers[document.forms[0].server_id.value].base_dn"';
if (isset($ldapserver)) {
2009-06-30 10:26:08 +00:00
$server_menu_html = server_select_list($ldapserver->server_id,true,'server_id',$js_on_change_string);
$server_info_list = server_info_list();
2009-06-30 08:05:37 +00:00
}
2009-06-30 08:07:14 +00:00
2009-06-30 10:26:08 +00:00
$filter = isset($_GET['filter']) ? clean_search_vals($_GET['filter']) : null;
$attr = isset($_GET['attribute']) ? $_GET['attribute'] : null;
2009-06-30 08:05:37 +00:00
2009-06-30 10:26:08 +00:00
# grab the base dn for the search
if (isset($_GET['base_dn']) && $_GET['base_dn']) {
2009-06-30 08:05:37 +00:00
$base_dn = $_GET['base_dn'];
2009-06-30 09:29:51 +00:00
$base_dn_is_invalid = false;
$base_dn_does_not_exist = false;
2009-06-30 10:26:08 +00:00
if (trim($base_dn))
if (! is_dn_string($base_dn))
2009-06-30 09:29:51 +00:00
$base_dn_is_invalid = true;
2009-06-30 10:26:08 +00:00
elseif (! $ldapserver->dnExists($base_dn))
2009-06-30 09:29:51 +00:00
$base_dn_does_not_exist = true;
$base_dns = array($base_dn);
2009-06-30 10:26:08 +00:00
2009-06-30 09:29:51 +00:00
} else
if (isset($ldapserver))
$base_dns = $ldapserver->getBaseDN();
2009-06-30 10:26:08 +00:00
$criterion = isset($_GET['criterion']) ? $_GET['criterion'] : null;
2009-06-30 09:29:51 +00:00
if (isset($_GET['form']))
$_SESSION['form'] = $_GET['form'];
2009-06-30 10:26:08 +00:00
$form = isset($_SESSION['form']) ? $_SESSION['form'] : null;
$scope = isset($_GET['scope']) ? $_GET['scope'] : 'sub';
2009-06-30 08:09:20 +00:00
2009-06-30 09:29:51 +00:00
include './header.php';
2009-06-30 08:05:37 +00:00
2009-06-30 10:26:08 +00:00
echo '<body><center>';
2009-06-30 08:05:37 +00:00
2009-06-30 10:26:08 +00:00
if ($form == 'advanced')
2009-06-30 09:29:51 +00:00
require LIBDIR.'search_form_advanced.php';
2009-06-30 08:05:37 +00:00
2009-06-30 10:26:08 +00:00
elseif ($form == 'predefined')
2009-06-30 09:29:51 +00:00
require LIBDIR.'search_form_predefined.php';
2009-06-30 09:22:30 +00:00
2009-06-30 10:26:08 +00:00
# Draw simple search form
else
2009-06-30 09:29:51 +00:00
require LIBDIR.'search_form_simple.php';
2009-06-30 08:05:37 +00:00
2009-06-30 10:26:08 +00:00
echo '</center>';
2009-06-30 08:05:37 +00:00
2009-06-30 09:22:30 +00:00
flush();
2009-06-30 10:26:08 +00:00
if (isset($_GET['search'])) {
if ($form == 'advanced') {
if (isset($_GET['display_attrs']))
2009-06-30 09:41:11 +00:00
$search_result_attributes = explode(',',rawurldecode(preg_replace('/\s+/','',rawurldecode($_GET['display_attrs']))));
2009-06-30 10:26:08 +00:00
else
2009-06-30 09:29:51 +00:00
$search_result_attributes = $config->GetValue('search','result_attributes');
} else {
$search_result_attributes = $config->GetValue('search','result_attributes');
}
2009-06-30 08:05:37 +00:00
2009-06-30 10:26:08 +00:00
# do we have enough authentication information for the specified server_id
if (! $ldapserver->haveAuthInfo()) {
2009-06-30 09:29:51 +00:00
$login_url = sprintf('login_form.php?server_id=%s&amp;redirect=%s',
2009-06-30 10:26:08 +00:00
$ldapserver->server_id,rawurlencode($_SERVER['REQUEST_URI']));
printf('<center><br />%s <br /><a href="%s">%s</a>.</center>',
_('You have not logged into the selected server yet, so you cannot perform searches on it.'),$login_url,_('Click here to go to the login form'));
2009-06-30 08:05:37 +00:00
exit;
}
2009-06-30 10:26:08 +00:00
if (isset($_GET['predefined'])) {
2009-06-30 09:22:30 +00:00
$predefined = $_GET['predefined'];
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
if (is_numeric($predefined)) {
$query = get_cleaned_up_predefined_search($predefined);
2009-06-30 09:22:30 +00:00
2009-06-30 09:29:51 +00:00
$search_result_attributes = explode(', ',$query['attributes']);
2009-06-30 09:22:30 +00:00
$search_attributes_display = $search_result_attributes;
$search_attributes = $search_result_attributes;
$filter = $query['filter'];
$scope = $query['scope'];
2009-06-30 10:26:08 +00:00
if (! trim($query['base']))
$query['base'] = $ldapserver->getBaseDN();
elseif (is_array($query['base']))
2009-06-30 09:29:51 +00:00
$base_dns = $query['base'];
2009-06-30 10:26:08 +00:00
2009-06-30 09:29:51 +00:00
else
$base_dns = array($query['base']);
}
} else {
$predefined = '';
2009-06-30 09:22:30 +00:00
}
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
if ($filter) {
# if they are using the simple search form, build an LDAP search filter from their input
if ($form == 'simple' & ! is_numeric($predefined)) {
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
switch ($criterion) {
2009-06-30 08:05:37 +00:00
case 'starts with':
2009-06-30 10:26:08 +00:00
if ($filter == '*')
$filter = '';
2009-06-30 09:29:51 +00:00
2009-06-30 08:05:37 +00:00
$filter = "($attr=$filter*)";
break;
2009-06-30 09:29:51 +00:00
2009-06-30 08:05:37 +00:00
case 'contains':
2009-06-30 10:26:08 +00:00
if ($filter == '*')
2009-06-30 08:07:14 +00:00
$filter = "($attr=*)";
else
$filter = "($attr=*$filter*)";
2009-06-30 09:29:51 +00:00
2009-06-30 08:05:37 +00:00
break;
2009-06-30 09:29:51 +00:00
2009-06-30 08:05:37 +00:00
case 'ends with':
2009-06-30 10:26:08 +00:00
if ($filter == '*')
$filter = '';
2009-06-30 09:29:51 +00:00
2009-06-30 08:05:37 +00:00
$filter = "($attr=*$filter)";
break;
2009-06-30 09:29:51 +00:00
2009-06-30 08:05:37 +00:00
case 'equals':
$filter = "($attr=$filter)";
break;
2009-06-30 09:29:51 +00:00
2009-06-30 08:05:37 +00:00
case 'sounds like':
$filter = "($attr~=$filter)";
break;
2009-06-30 09:29:51 +00:00
2009-06-30 08:05:37 +00:00
default:
2009-06-30 10:26:08 +00:00
pla_error(_('Unrecognized criteria option: ').htmlspecialchars($criterion)._('If you want to add your own criteria to the list. Be sure to edit search.php to handle them. Quitting.'));
2009-06-30 08:05:37 +00:00
}
}
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
printf('<center>%s</center>',_('Searching...'));
2009-06-30 08:09:20 +00:00
flush();
2009-06-30 10:26:08 +00:00
# prevent script from bailing early on a long delete
@set_time_limit(0);
2009-06-30 08:09:20 +00:00
2009-06-30 09:29:51 +00:00
$size_limit = $config->GetValue('search','size_limit');
2009-06-30 10:26:08 +00:00
# Sanity check
if ($size_limit < 1)
2009-06-30 09:29:51 +00:00
$size_limit = 1;
2009-06-30 09:22:30 +00:00
2009-06-30 10:26:08 +00:00
$page = isset($_GET['page']) ? $_GET['page'] : 0;
2009-06-30 08:09:20 +00:00
2009-06-30 08:05:37 +00:00
$time_start = utime();
2009-06-30 09:29:51 +00:00
$time_elapsed = 0;
foreach ($base_dns as $base_dn) {
2009-06-30 10:26:08 +00:00
if (! $ldapserver->dnExists($base_dn)) {
if (DEBUG_ENABLED)
debug_log('BaseDN [%s] skipped as it doesnt exist in [%s].',64,
2009-06-30 09:40:37 +00:00
$base_dn,$ldapserver->server_id);
2009-06-30 09:29:51 +00:00
continue;
2009-06-30 10:26:08 +00:00
2009-06-30 09:29:51 +00:00
} else {
2009-06-30 10:26:08 +00:00
if (DEBUG_ENABLED)
debug_log('Search with base DN [%s]',64,$base_dn);
2009-06-30 09:29:51 +00:00
}
2009-06-30 10:26:08 +00:00
$results = $ldapserver->search(null,dn_escape($base_dn),$filter,$search_result_attributes,$scope,true,$config->GetValue('deref','search'));
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
if ((! $results) && $ldapserver->errno())
pla_error(_('Encountered an error while performing search.'),$ldapserver->error(),$ldapserver->errno());
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
$errno = $ldapserver->errno();
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
$time_end = utime();
$time_elapsed += round($time_end-$time_start,2);
$count = count($results);
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
$start_entry = $page * $size_limit;
$end_entry = min($start_entry+$size_limit+1,$count+1);
?>
2009-06-30 08:05:37 +00:00
2009-06-30 09:22:30 +00:00
<table class="search_header">
<tr>
<td style="vertical-align: top">
2009-06-30 10:26:08 +00:00
<nobr><?php echo _('Entries found: ') . ' &nbsp;<b>' . number_format($count) ?></b>&nbsp;</nobr>
<nobr><small>(<?php echo $time_elapsed; ?> <?php echo _('seconds'); ?>)</small></nobr>
2009-06-30 09:22:30 +00:00
</td>
<td style="text-align: right">
<nobr>
2009-06-30 10:26:08 +00:00
<small>
2009-06-30 09:29:51 +00:00
<?php
2009-06-30 10:27:56 +00:00
printf('[ <a href="export_form.php?server_id=%s&amp;scope=%s&amp;dn=%s&amp;filter=%s&amp;attributes=%s"><img src="images/save.png" alt="Save" /> %s</a> ]',
$ldapserver->server_id,htmlspecialchars($scope),urlencode($base_dn),urlencode($filter),
2009-06-30 10:26:08 +00:00
urlencode(join(', ',$search_result_attributes)),_('export results'));
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
printf('[ <img src="images/rename.png" /> %s:',_('Format'));
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
foreach ($result_formats as $f) {
echo '&nbsp;';
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
if ($format == $f) {
printf('<b>%s</b>',_($f));
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
} else {
$query_string = array_to_query_string($_GET,array('format'));
$query_string .= "&amp;format=$f";
printf('<a href="search.php?%s">%s</a>',$query_string,_($f));
}
2009-06-30 09:29:51 +00:00
}
2009-06-30 10:26:08 +00:00
?>
2009-06-30 09:29:51 +00:00
2009-06-30 09:22:30 +00:00
]
</small>
</nobr>
2009-06-30 10:26:08 +00:00
<?php if ($form == 'simple' || $form == 'predefined') { ?>
<br /><nobr><small><?php echo _('Base DN: '); ?>
<b><?php echo htmlspecialchars($base_dn); ?></b></small></nobr>
<br /><nobr><small><?php echo _('Filter performed: '); ?>
<b><?php echo htmlspecialchars($filter); ?></b></small></nobr>
<?php } ?>
2009-06-30 09:22:30 +00:00
</td>
</tr>
</table>
2009-06-30 09:29:51 +00:00
<?php
2009-06-30 09:22:30 +00:00
2009-06-30 10:26:08 +00:00
# The LDAP error code for the size limit exceeded error.
if ($errno && $errno == SIZE_LIMIT_EXCEEDED)
printf('<br /><center><small style="color:red; white-space: nowrap">%s</small></center><br />',_('Notice, search size limit exceeded.'));
2009-06-30 09:22:30 +00:00
2009-06-30 10:26:08 +00:00
# Draw the paging links
$pager_html = '';
$total_pages = $count / $size_limit;
$results_per_page = $size_limit;
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
if ($count > $size_limit) {
printf(_('Showing results %s through %s.').'<br />',
'<b>'.number_format($start_entry+1).'</b>','<b>'.number_format($end_entry-1).'</b>');
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
if ($page != 0) {
$query_string = array_to_query_string($_GET,array('page'));
$query_string .= '&page=' . ($page-1);
$pager_html .= sprintf('<a title="'._('Page %d').'" href="search.php?%s">&lsaquo;&lsaquo;</a>',$page,$query_string);
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
} else {
$pager_html .= "&lsaquo;&lsaquo;";
}
$pager_html .= '&nbsp;&nbsp;';
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
// for large search results where we page beyone the first 20 pages,
// print elipsis instead of making the pager be super wide.
$elipsis_printed = false;
for ($i=0;$i<$count;$i+=$size_limit) {
$page_num = $i/$size_limit;
2009-06-30 09:22:30 +00:00
2009-06-30 10:26:08 +00:00
if ($count > $size_limit * 20 && abs($page_num-$page) > 10) {
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
if (! $elipsis_printed) {
$pager_html .= '...&nbsp;&nbsp;';
$elipsis_printed = true;
}
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
} elseif ($page == $page_num) {
$pager_html .= '<b>' . ($page_num + 1) . '</b>';
$pager_html .= '&nbsp;&nbsp;';
$elipsis_printed = false;
} else {
$query_string = array_to_query_string($_GET,array('page'));
$query_string .= '&page=' . $page_num;
$pager_html .= "<a href=\"search.php?$query_string\">" . ($page_num+1) . "</a>";
$pager_html .= '&nbsp;&nbsp;';
$elipsis_printed = false;
2009-06-30 09:29:51 +00:00
}
2009-06-30 10:26:08 +00:00
}
2009-06-30 09:29:51 +00:00
2009-06-30 10:26:08 +00:00
if ($page+1 < $total_pages) {
$query_string = array_to_query_string($_GET,array('page'));
$query_string .= '&page=' . ($page+1);
$pager_html .= "<a title=\"" . sprintf(_('Page %d'),($page+2))."\" href=\"search.php?$query_string\">&rsaquo;&rsaquo;</a>";
2009-06-30 09:29:51 +00:00
2009-06-30 09:22:30 +00:00
} else {
2009-06-30 10:26:08 +00:00
$pager_html .= "&rsaquo;&rsaquo;";
2009-06-30 08:09:20 +00:00
}
2009-06-30 09:29:51 +00:00
2009-06-30 09:22:30 +00:00
}
2009-06-30 08:09:20 +00:00
2009-06-30 10:26:08 +00:00
if (0 == $count)
printf('<center><h2>%s</h2></center>',_('The search found no results.'));
else {
if (trim($pager_html))
printf('<center>%s</center>',$pager_html);
echo '<br />';
flush();
if ($format == 'list')
require LIBDIR.'search_results_list.php';
elseif ($format == 'table')
require LIBDIR.'search_results_table.php';
else
pla_error(sprintf(_('Unrecognized search result format: %s'),htmlspecialchars($format)));
echo '<br />';
if (trim($pager_html))
printf('<center>%s</center>',$pager_html);
}
2009-06-30 09:29:51 +00:00
}
2009-06-30 08:09:20 +00:00
2009-06-30 10:26:08 +00:00
printf('<br /><br /><div class="search_result"><center><small><span style="font-weight:normal;font-size:75%%;">%s <b>%s</b> %s.</span></small></center></div>',
_('Search performed by phpLDAPadmin in'),$time_elapsed,_('seconds'));
2009-06-30 08:05:37 +00:00
2009-06-30 10:26:08 +00:00
}
}
echo '</body></html>';
?>