[ SEA-GHOST MINI SHELL]

Path : /var/www/dinnerapp/PHP/
FILE UPLOADER :
Current File : /var/www/dinnerapp/PHP/broadSearch.php

<?php
Include "DatabaseInfo.php";
include_once "js.php";


//connect to the MySQL server using variables stored in DatabaseInfo
$LinkID = mysqli_connect($hostName, $login, $pswd, $database);

// Die if no connect
if (!$LinkID) {
	die('Could not connect: ' . mysql_error());
}

//if the user has input search parameters
if((isset($_POST[inputSearchMin])) || (isset($_POST[inputSearchMax])) || (isset($_POST[inputSearchStyle]))){

	//store the input in a string
	if($_POST[inputSearchMax] != ""){
		$inputSearchMax = $_POST[inputSearchMax];}
	else{
		$inputSearchMax = 100000;}	

	if($_POST[inputSearchMin] != ""){
		$inputSearchMin = $_POST[inputSearchMin];}
	else{
		$inputSearchMin = 1;}

	if($_POST[inputSearchStyle] != ""){
		$inputSearchStyle = $_POST[inputSearchStyle];}
	else{
		$inputSearchStyle = "";}


	//clean the string to avoid malicious content
	$cleanInputSearchMax = stripslashes(htmlspecialchars(strip_tags(trim($inputSearchMax))));
	$cleanInputSearchMin = stripslashes(htmlspecialchars(strip_tags(trim($inputSearchMin))));
	$cleanInputSearchStyle = strtolower(stripslashes(htmlspecialchars(strip_tags(trim($inputSearchStyle)))));
}


if($cleanInputSearchStyle != ""){
		//the total query used to search the database
		$query = "SELECT distinct recipe_image, recipe_link
				  FROM recipes
				  WHERE recipe_time >= "
				  .$cleanInputSearchMin.
				  " AND recipe_time <= "
				  .$cleanInputSearchMax.
				  " AND recipe_type LIKE '" .$cleanInputSearchStyle. "'";		  

		//Store the results of the query 
		$result = mysqli_query($LinkID, $query);

		$index = 0;
		$array = array();

		//An array of the output from the SQL query
	if($result != null){
		while($row = mysqli_fetch_array($result, MYSQLI_NUM)){
			$array[$index] = $row;
			$index++;
		}

		//frees up the result variable
		mysqli_free_result($result);

		//close connection to the database
		mysqli_close($LinkID);

		//Variable to store the amount of items in the array
		$max = count($array);

		//for loop to find output variables for displaying recipe card and link to recipe
		for($i =0; $i<$max; $i++){
			$j = 0;
			$getImage = $array[$i][$j];
			$j = 1;
			$getLink = $array[$i][$j];

			//Send out the recipe card and link to the webpage
			echo "<a href=".$getLink." class='nyroModal'><img src=".$getImage."></a>";
			}
		}
		else{
		echo "<a href='#search'><img src='images/noresults.png'></a>";}
		}
		
		
		
		
	else{
		//the total query used to search the database
		$query = "SELECT distinct recipe_image, recipe_link
				  FROM recipes
				  WHERE recipe_time >= "
				  .$cleanInputSearchMin.
				  " AND recipe_time <= "
				  .$cleanInputSearchMax;		  

		//Store the results of the query 
		$result = mysqli_query($LinkID, $query);

		$index = 0;
		$array = array();

		//An array of the output from the SQL query
	if($result != null && mysqli_num_rows($result) != 0){
		while($row = mysqli_fetch_array($result, MYSQLI_NUM)){
			$array[$index] = $row;
			$index++;
		}

		//frees up the result variable
		mysqli_free_result($result);

		//close connection to the database
		mysqli_close($LinkID);

		//Variable to store the amount of items in the array
		$max = count($array);

		//for loop to find output variables for displaying recipe card and link to recipe
		for($i =0; $i<$max; $i++){
			$j = 0;
			$getImage = $array[$i][$j];
			$j = 1;
			$getLink = $array[$i][$j];

			//Send out the recipe card and link to the webpage
			echo "<a href=".$getLink." class='nyroModal'><img src=".$getImage."></a>";
			}
		}
		else{
		echo "<a href='http://www.dinnerapp.ca'><img src='images/noresults.png'></a>";}
		}
?>

SEA-GHOST - SHELL CODING BY SEA-GHOST