From 862b38e720d5533c855019d0b29ee3446e5f19fd Mon Sep 17 00:00:00 2001
From: grt1st <jintianlu@qq.com>
Date: Tue, 7 Mar 2017 16:46:26 +0800
Subject: [PATCH] Update search.php

---
 search.php | 327 ++++++++++++++++++++++++++++++++---------------------
 1 file changed, 196 insertions(+), 131 deletions(-)
diff --git a/search.php b/search.php
index 7ffe624..9379878 100644
--- a/search.php
+++ b/search.php
@@ -1,180 +1,245 @@
 <!DOCTYPE html>
 <html>
 <head>
-	<meta http-equiv="content-type" content="text/html; charset=UTF-8">
-	<meta charset="utf-8">
+	<meta http-equiv="content-type" content="text/html;charset=utf-8">
 	<title>乌云搜索|搜索结果</title>
-	<link href="./bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css">
-	<script type="text/javascript" src="./bootstrap/js/jquery-3.1.0.min.js"></script>
-	<script type="text/javascript" src="./bootstrap/js/bootstrap.min.js"></script>
-	<link rel="stylesheet" type="text/css" href="./bootstrap/search.css">
+	<link href="//lib.baomitu.com/twitter-bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" type="text/css">
+	<script type="text/javascript" src="//lib.baomitu.com/jquery/3.1.0/jquery.min.js"></script>
+	<script type="text/javascript" src="//lib.baomitu.com/twitter-bootstrap/3.3.7/js/bootstrap.min.js"></script>
+	<style type="text/css">
+		.container{
+            width: auto;
+			max-width: 1500px;
+			margin: 0 auto;
+			position: relative;
+			top: 50px;
+            padding-bottom: 50px;
+		}
+	</style>
 </head>
 <body>
-<div id="my-container">
-<div id="my-header">
-	<strong class="my-words">search from wooyun.org</strong>
-	<ul class="my-menu">
-		<li class="my-item"><a class="lia" href="#">about</a></li>
-		<li class="my-item"><a class="lia" href="index.html">home</a></li>
-	</ul>
-</div>
-<div id="my-mainbody">
+
+	<nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
+		<div class="navbar-left">
+			<a class="navbar-brand" href="#">search from wooyun.org</a>
+		</div>
+		<div class="navbar-right">
+			<ul class="nav navbar-nav">
+				<li><a href="./index.html">home</a></li>
+				<li><a href="#">about</a></li>
+				<li><a href=""></a></li>
+			</ul>
+		</div>
+	</nav>
+
+<div class="container">
+
 <?php
+
+require './config.php';
+
 #接受参数
-if(!isset($_GET['keywords'])){
+if (!isset($_GET['keywords']))
+{
 	header("Location: index.html"); 
 	exit;
 }
-else{
-	$keywords=preg_replace("/[^a-zA-Z0-9\x{4e00}-\x{9fff}]+/u","",$_GET['keywords']);
-	}
-if(!isset($_GET['page'])){
- 	$page=1;
-}else{
-	$page=intval($_GET['page']);
+else
+{
+	$keywords = preg_replace("/[^a-zA-Z0-9\x{4e00}-\x{9fff}]+/u", "", $_GET['keywords']);
 }
-if(!isset($_GET['kind'])){
-	$kind='bugs';
+
+if (!isset($_GET['page']))
+{
+ 	$page = 1;
 }
-else{
-	if($_GET['kind']==='bugs'||$_GET['kind']==='drops'||$_GET['kind']==='author'){
-		$kind=$_GET['kind'];
+else
+{
+	$page = intval($_GET['page']);
+}
+
+if (!isset($_GET['kind']))
+{
+	$kind = 'bugs';
+}
+else
+{
+	if ($_GET['kind'] === 'bugs' || $_GET['kind'] === 'drops' || $_GET['kind'] === 'author')
+	{
+		$kind = $_GET['kind'];
 	}
-	else{
-		$kind='bugs';
+	else
+	{
+		$kind = 'bugs';
 	}
 }
 
-echo "<h3 style=\"display:inline-block;\">关键词【".$keywords."】的搜索结果：</h3>";
-#$sql="select * from bugs where title like ";   
-#$res=$pdo->query($sql);  
-#SELECT count(*) FROM `bugs` WHERE `title` LIKE \'%腾讯%\' 
-#SELECT* FROM `bugs` WHERE `title` LIKE '%腾讯%' LIMIT 0,4
-#title,datas,author,doc,type 
+echo "<h3 style=\"display:inline-block;\">关键词<strong>【{$keywords}】</strong>的搜索结果：</h3>";
 
-//mysql建立连接 
-$db=new mysqli('localhost','root','','wooyun'); 
-//sql对象错误检查 
-if(mysqli_connect_errno()){ 
-	echo '<br>Error:Please try again later.'; 
-	exit(); 
+//pdo连接mysql
+try
+{
+    $conn = new PDO("mysql:host={$config['host']};dbname={$config['database']};port={$config['port']};charset=utf8", $config['user'], $config['passwd']);
+    //echo "mysql:host={$config['host']};dbname={$config['database']}";
 }
-// 建立查询 
-$db->set_charset("utf8");
-#drops
-//分页处理
-if($kind==='author'){
-	$query0="SELECT count(*) FROM `bugs` WHERE author LIKE '%".$keywords."%'";
-	$query1="SELECT count(*) FROM `drops` WHERE author LIKE '%".$keywords."%'";
-}
-else{
-	$query0="SELECT count(*) FROM `".$kind."` WHERE `title` LIKE '%".$keywords."%'";
+catch (PDOException $pe)
+{
+    die("Could not connect to the database $dbname :" . $pe->getMessage());
 }
 
-$num=$db->query($query0);
-$row=$num->fetch_row();
-if($kind==="author"){
-	$num1=$db->query($query1);
-	$rows=$num1->fetch_row();
-	$row[0]+=$rows[0];
+//查询数目
+if ($kind === 'author')
+{
+    $query0 = "SELECT count(*) FROM `bugs` WHERE author LIKE '%{$keywords}%'";
+    $query1 = "SELECT count(*) FROM `drops` WHERE author LIKE '%{$keywords}%'";
+    $res0 = $conn->query($query0);
+    $res1 = $conn->query($query1);
+    $row = $res0->fetch(PDO::FETCH_NUM)[0] + $res1->fetch(PDO::FETCH_NUM)[0];
 }
+else
+{
+    $query0="SELECT count(*) FROM `{$kind}` WHERE `title` LIKE '%{$keywords}%'";
+    $res0 = $conn->query($query0);
+    $row = $res0->fetch(PDO::FETCH_NUM)[0];
+}
+
 //得到总页数 $p
-if($row[0]%15!=0){
-	$p=intval($row[0]/15)+1;	
+if ($row % 15 != 0)
+{
+    $p = intval($row / 15) + 1;
 }
-else{
-	$p=$row[0]/15;
+else
+{
+    $p = $row / 15;
 }
-if($row[0]==0) $p=1;
-if($page>$p || $page<1){
-	$page=1;
+if ($row == 0) $p = 1;
+if ($page > $p || $page <1 ) $page = 1;
+
+echo "<h4 style=\"display:inline-block;\">共 {$row} 条记录</h4>";
+
+$start = ($page - 1) * 15;
+
+if ($kind === 'author')
+{
+    $query = "(SELECT doc,dates,title,type,author FROM `bugs` WHERE `author` LIKE '%{$keywords}%') UNION ALL (SELECT doc,dates,title,type,author FROM `drops` WHERE `author` LIKE '%{$keywords}%')ORDER BY dates DESC LIMIT {$start},15";
 }
-echo "<h4 style=\"display:inline-block;\">共 ".$row[0]." 条记录</h4>";
-$start=($page-1)*15;
-if($kind==='author'){
-	$query="(SELECT doc,dates,title,type,author FROM `bugs` WHERE `author` LIKE '%".$keywords."%') UNION ALL (SELECT doc,dates,title,type,author FROM `drops` WHERE `author` LIKE '%".$keywords."%')ORDER BY dates DESC LIMIT ".$start.",15";
+else
+{
+    $query = "SELECT * FROM `{$kind}` WHERE `title` LIKE '%{$keywords}%' ORDER BY dates DESC LIMIT {$start},15";
 }
-else{
-	$query="SELECT * FROM `".$kind."` WHERE `title` LIKE '%".$keywords."%' ORDER BY dates DESC LIMIT ".$start.",15";
+
+$res = $conn->query($query);
+$resulte = $res->fetchAll(PDO::FETCH_ASSOC);
+//var_dump($resulte);
+
+//输出结果
+echo '<div><table class="table table-striped table-hover">';
+echo '<tr><td>提交时间</td><td>标题</td><td>漏洞类型</td><td>提交者</td><tr>';
+
+foreach ($resulte as $rrr){
+    if ($kind != "author")
+    {
+        echo "<tr onclick=\"window.open('./{$kind}/{$rrr['doc']}');\" style=\"cursor:pointer;\">";
+    }
+    else
+    {
+        if (array_key_exists($rrr['type'], $drops))
+        {
+            echo "<tr onclick=\"window.open('./drops/{$rrr['doc']}');\" style=\"cursor:pointer;\">";
+        }
+        else
+        {
+            echo "<tr onclick=\"window.open('./bugs/{$rrr['doc']}');\" style=\"cursor:pointer;\">";
+        }
+    }
+
+    $time0 = str_split($rrr['dates'], 10);
+    echo "<td>{$time0[0]}</td>";
+    echo "<td style=\"color:#01a8ff;\">{$rrr['title']}</td>";
+	if (array_key_exists($rrr['type'], $drops))
+	{
+		echo "<td style=\"color:#01a8ff;\">{$drops[$rrr['type']]}</td>";
+	}
+    else
+	{
+		echo "<td style=\"color:#01a8ff;\">{$rrr['type']}</td>";
+	}
+    echo "<td>{$rrr['author']}</td>";
+    echo "</tr>";
 }
-//执行查询 
-$result=$db->query($query); 
-//逐行分解result
-#echo "<div>"; 
-echo "<div><table class=\"table table-striped table-hover\">";
-echo "<tr><td>提交时间</td><td>标题</td><td>漏洞类型</td><td>提交者</td><tr>";
- for($i=0;$i<$result->num_rows;$i++){ 
- 	$row_result=$result->fetch_object(); 
- 	if($kind!="author"){
- 		echo "<tr onclick=\"window.open('./".$kind."/".$row_result->doc."');\" style=\"cursor:pointer;\">";
- 	}
- 	else{
- 		if($row_result->type=="binary" || $row_result->type=="mobile" || $row_result->type=="mobiledev" || $row_result->type=="database" || $row_result->type=="news" || $row_result->type=="papers" || $row_result->type=="pentesting" || $row_result->type=="tips" || $row_result->type=="tools" || $row_result->type=="web" || $row_result->type=="wireless" || $row_result->type=="safe"){
- 			echo "<tr onclick=\"window.open('./drops/".$row_result->doc."');\" style=\"cursor:pointer;\">";
- 		}
- 		else{
- 			echo "<tr onclick=\"window.open('./bugs/".$row_result->doc."');\" style=\"cursor:pointer;\">";
- 		}
- 	} 	
- 	$time0=str_split($row_result->dates,10);
- 	echo '<td>'.$time0[0].'</td>';
- 	echo '<td style="color:#01a8ff;">'.$row_result->title.'</td>'; 
-	echo '<td style="color:#01a8ff;">'.$row_result->type.'</td>';
- 	echo '<td>'.$row_result->author.'</td>';
- 	echo '</tr>'; 
- }
 echo "</table></div>";
-// 显示result 
-// 释放连接,关闭sql. 
-$result->free(); 
-$db->close();
+
+$conn = null;
+
 //分页
-echo "<div class=\"pagination pagination-large my-page\">";
-echo "<ul>";
+echo '<ul class="pagination pagination-lg">';
 //首
-if($page==1){
-	echo "<li class=\"disabled\"><a href=\"#\">&laquo;</a></li>";
+if ($page==1)
+{
+	echo '<li class="disabled"><a href="#">&laquo;</a></li>';
 }
-else{
-	echo "<li><a href=\"search.php?kind=".$kind."&keywords=".$keywords."&page=".($page-1)."\">&laquo;</a></li>";
+else
+{
+	echo "<li><a href=\"search.php?kind={$kind}&keywords={$keywords}&page={($page-1)}\">&laquo;</a></li>";
 }
 //中间处理
-if($p>17){
-	if($page<9){
+if ($p > 17)
+{
+	if ($page < 9)
+	{
 		$i=1;
 	}
-	elseif($page>=9 && $page+8<$p){
-		$i=$page-8;
+	elseif ($page >= 9 && $page + 8 < $p)
+    {
+		$i = $page-8;
 	}
-	elseif($page+8>=$p){
-		$i=$p-8;
+	elseif ($page + 8 >= $p)
+    {
+		$i = $p-8;
 	}
-	$j=$i+17;
+	$j = $i + 17;
 }
-else{
-	$i=1;
-	$j=$p;
+else
+{
+	$i = 1;
+	$j = $p;
 }
 //echo $p;
-for(;$i<=$j;$i++){ 
-	if($page==$i){
-		echo "<li class=\"disabled\"><a href=\"search.php?kind=".$kind."&keywords=".$keywords."&page=".$i."\">".$i."</a></li>";	
+for (;$i <= $j;$i++)
+{
+	if ($page == $i)
+	{
+		echo "<li class=\"disabled\"><a href=\"search.php?kind={$kind}&keywords={$keywords}&page={$i}\">{$i}</a></li>";
 	}
-	else{
-		echo "<li><a href=\"search.php?kind=".$kind."&keywords=".$keywords."&page=".$i."\">".$i."</a></li>";	
+	else
+    {
+		echo "<li><a href=\"search.php?kind={$kind}&keywords={$keywords}&page={$i}\">{$i}</a></li>";
 	}
 }
 //尾
-if($page==$p || $p==0){
-		echo "<li class=\"disabled\"><a href=\"#\">&raquo;</a></li>";
-	}
-	else{
-		echo "<li><a href=\"search.php?kind=".$kind."&keywords=".$keywords."&page=".($page+1)."\">&raquo;</a></li>";
-	}
-echo "</ul></div>";
+if ($page == $p || $p ==0)
+{
+    echo '<li class="disabled"><a href="#">&raquo;</a></li>';
+}
+else
+{
+    echo "<li><a href=\"search.php?kind={$kind}&keywords={$keywords}&page={($page+1)}\">&raquo;</a></li>";
+}
+echo "</ul>";
+
+
 ?>
-<div><h5>数据来源于wooyun.org</h5></div>
-</div>
+
+
+
 </div>
+
+
+	<nav class="navbar navbar-default navbar-fixed-bottom" role="navigation">
+		<p class="navbar-text navbar-left">公开漏洞、知识库等数据来自于wooyun.org</p>
+		<!--<p class="navbar-text navbar-right">written by grt1st</p> -->
+	</nav>
+
 </body>
 </html>
+

提交时间	标题	漏洞类型	提交者
{$time0[0]}	{$rrr['title']}	{$drops[$rrr['type']]}	{$rrr['type']}	{$rrr['author']}