From 43eb0b41fd9322910b1b3a3904ab956b2dc22788 Mon Sep 17 00:00:00 2001 From: jimbob-1 <35390698+jimbob-1@users.noreply.github.com> Date: Thu, 30 Oct 2025 14:11:05 -0500 Subject: [PATCH] Update events.php Made search generally more user friendly. Added better search features to allow white spaces (" ") to be passed through search bar with as little modification to codebase. Date time stamps are loosely supported (text matching only, no timestamp conversion). Wild card support "*". Ran into issues with % matching escaped characters eg: %2607% matches &07. Added additional operators where users may want to search for >= or <=. Changes to conditional SQL operator (allowed OR for certain search operations). --- json/events.php | 64 ++++++++++++++++++++++++++++++++++++------------- 1 file changed, 48 insertions(+), 16 deletions(-) diff --git a/json/events.php b/json/events.php index d804e23..a2f571a 100644 --- a/json/events.php +++ b/json/events.php @@ -5,6 +5,7 @@ $query = "SELECT *, LEFT(Message, 120) AS SmallMessage FROM SystemEvents "; $wherestring = ""; + $conditional = "AND"; if (isset($_GET[ "search" ])){ $searchstring = $_GET[ "search" ]; }else{ @@ -15,8 +16,28 @@ if( $searchstring != "" ) { + if (!strpbrk($searchstring,'=<>')){ + //Skip processing statements by excluding expected operators + $conditional = "OR"; + if (preg_match('/^\"{0,1}\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1]) (2[0-3]|[01][0-9]):[0-5][0-9]:[0-5][0-9]\"{0,1}$/', $searchstring)){ + //If it loosely matches datetime format: 2000-02-31 25:00:90, assume date timestamp + $searchstring_tmp = " \"Date\"=\"".str_replace(" ", "T", trim($searchstring,'"'))."\""; + //Greater than midnight if only YYYY-MM-DD format specified + }elseif (preg_match('/^\"{0,1}\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])\"{0,1}$/', $searchstring)){ + // Matches YYYY-MM-DD format, pad for sanity and SQL search + $searchstring_tmp = " \"Date\">=\"".trim($searchstring,'"')."T00:00:00\""; + }else{ + $searchstring_tmp = "\"Message\"=\"".trim(str_replace(" ","%20",$searchstring),'"')."\""; + $searchstring_tmp .= " \"FromHost\"=\"".trim($searchstring,'"')."\""; + $searchstring_tmp .= " \"Date\"=\"".trim($searchstring,'"')."\""; + } + $searchstring = urlencode($searchstring_tmp); + } + + $wherestring = ""; $urlencoded = trim( urldecode( $searchstring ) ); + $urlencoded = str_replace("*","%",$urlencoded); $array = explode( " ", $urlencoded ); for( $x = 0; $x < count( $array ); $x++ ) @@ -27,17 +48,16 @@ $keyvalue = ""; $expression = ""; $position = 0; - for( $y = 0; $y < count( $keysarray ); $y++ ) { if( $position == 3 && $keysarray[$y] == "\"" ) { $position = 4; } - if( $position == 3 && $keysarray[$y] != "\"" ) { $keyvalue .= $keysarray[$y]; } + if( $position == 3 && $keysarray[$y] != "\"" ) { $keyvalue .= $keysarray[$y];} if( $position == 2 && $keysarray[$y] == "\"" ) { $position = 3; } if( $position == 2 && $keysarray[$y] != "\"" ) { $expression .= $keysarray[$y]; } if( $position == 1 && $keysarray[$y] == "\"" ) { $position = 2; } if( $position == 1 && $keysarray[$y] != "\"" ) { $keyname .= $keysarray[$y]; } if( $position == 0 && $keysarray[$y] == "\"" ) { $position = 1; } - } + } if( $keyname == "Host" ) $keyname = "FromHost"; if( $keyname == "Facility" ) @@ -87,26 +107,38 @@ if( $keyname == "Syslogtag" ) $keyname = "SysLogTag"; if( $keyname == "Messagetype" ) $keyname = "Messagetype"; - if( $expression != "=" && $expression != "<>" && $expression != "<" && $expression != ">" ) - exit(); - - if( $expression == "=" ) $expression = "LIKE"; - + //echo $keyname.$keyvalue; + + if( $expression != "=" && $expression != "<>" && $expression != "<" && $expression != ">" && $expression != ">=" && $expression != "<="){ + //exit(); + break; + } - $qArray[ "param".strval( $x ) ] = $keyvalue; + if( $expression == "=" && $keyname != "DeviceReportedTime" ) $expression = "LIKE"; + - if( $wherestring == "" ) - $wherestring = " WHERE $keyname $expression :param".strval( $x )." "; - else - $wherestring .= " AND $keyname $expression :param".strval( $x )." "; + $qArray[ "param".strval( $x ) ] = strtolower(str_replace("%20", " ", $keyvalue)); + + if( $wherestring == "" ){ + if ($keyname != "DeviceReportedTime" && $keyname != "ReceivedAt"){ + $wherestring = " WHERE LOWER($keyname) $expression LOWER(:param".strval( $x ).") "; + //Only lowercase non time related fields, weird issue with mysql + }else{ + $wherestring = " WHERE $keyname $expression LOWER(:param".strval( $x ).") "; + } + }else{ + if ($keyname != "DeviceReportedTime" && $keyname != "ReceivedAt"){ + //Only lowercase non time related fields, weird issue with mysql + $wherestring .= " $conditional LOWER($keyname) $expression LOWER(:param".strval( $x ).") "; + }else{ + $wherestring .= " $conditional $keyname $expression LOWER(:param".strval( $x ).") "; + } + } } } - $db = new PDO( "mysql:host=$mysql_server;dbname=$mysql_database;charset=utf8", $mysql_user, $mysql_password ); - $rows = array(); $stmt = $db->prepare($query . $wherestring . " ORDER BY ID DESC LIMIT 2000"); - if( $stmt->execute( $qArray ) ) foreach( $stmt as $row ) { $rows[] = $row;