OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	03/15/2024 04:24:02 PM	rwxr-xr-x
📄 add.edit.paper.php	7.04 KB	03/15/2024 04:24:02 PM	rw-r--r--
📄 article.php	1.14 KB	03/15/2024 04:24:02 PM	rw-r--r--
📄 featured.articles.php	535 bytes	03/15/2024 04:24:02 PM	rw-r--r--
📄 login.php	1.19 KB	03/15/2024 04:24:02 PM	rw-r--r--
📄 register.php	2.59 KB	03/15/2024 04:24:02 PM	rw-r--r--
📄 search.php	3.18 KB	03/15/2024 04:24:02 PM	rw-r--r--
📄 user.articles.php	1.03 KB	03/15/2024 04:24:02 PM	rw-r--r--
📄 verify.php	856 bytes	03/15/2024 04:24:02 PM	rw-r--r--

Editing: search.php

<?
// Opal API: Search Articles - By Title, Author, Category

require_once '../inc/config.php';

$searchType = isset($_POST['type']) ? $_POST['type'] : '';
$searchVal = isset($_POST['val']) ? $_POST['val'] : '';
if ($searchType == '' || $searchVal == '') die(json_encode(['status' => 500, 'message' => 'Invalid Call!']));

// Search by Title
if ($searchType == 'title') {
 $data = [];
 $sql = "SELECT articleId AS id,articleTitle AS title,articleDOI AS doi,articleSummary AS summary,filePdf,yearPublished FROM articles WHERE isPublished=1 AND articleTitle LIKE '%$searchVal%' ORDER BY articleTitle";
 $result = mysqli_query($db, $sql);
 while($row = mysqli_fetch_assoc($result)) {
  $articleId = $row['id'];
  $sql = "SELECT A.salutation,A.firstName,A.lastName FROM authors A INNER JOIN article_authors B WHERE A.authorId=B.authorId AND B.articleId=$articleId";
  $resultAuthor = mysqli_query($db, $sql);
  $numRowsAuthor = mysqli_num_rows($resultAuthor);
  if ($numRowsAuthor > 0) {
   $dataAuthor = mysqli_fetch_all($resultAuthor, MYSQLI_ASSOC);
   $row['author'] = $dataAuthor;
  } else {
   $row['author'] = [];
  }
  array_push($data,$row);
 }
 $dataJSON = ['status' => 200, 'data' => $data];
}

// Search by Author
if ($searchType == 'author') {
 $data = [];
 $sql = "SELECT articleId AS id,articleTitle AS title,articleDOI AS doi,articleSummary AS summary,filePdf,yearPublished FROM articles WHERE isPublished=1 AND articleId IN (SELECT A.articleId FROM article_authors A INNER JOIN authors B WHERE A.authorId=B.authorId AND (B.firstName LIKE '%$searchVal%' OR B.lastName LIKE '%$searchVal%')) ORDER BY articleTitle";
 $result = mysqli_query($db, $sql);
 while($row = mysqli_fetch_assoc($result)) {
  $articleId = $row['id'];
  $sql = "SELECT A.salutation,A.firstName,A.lastName FROM authors A INNER JOIN article_authors B WHERE A.authorId=B.authorId AND B.articleId=$articleId";
  $resultAuthor = mysqli_query($db, $sql);
  $numRowsAuthor = mysqli_num_rows($resultAuthor);
  if ($numRowsAuthor > 0) {
   $dataAuthor = mysqli_fetch_all($resultAuthor, MYSQLI_ASSOC);
   $row['author'] = $dataAuthor;
  } else {
   $row['author'] = [];
  }
  array_push($data,$row);
 }
 $dataJSON = ['status' => 200, 'data' => $data];
}

// Search by Category
if ($searchType == 'category') {
 $data = [];
 $sql = "SELECT articleId AS id,articleTitle AS title,articleDOI AS doi,articleSummary AS summary,filePdf,yearPublished FROM articles WHERE isPublished=1 AND categoryId IN (SELECT categoryId FROM category WHERE category LIKE '%$searchVal%') ORDER BY articleTitle";
 $result = mysqli_query($db, $sql);
 while($row = mysqli_fetch_assoc($result)) {
  $articleId = $row['id'];
  $sql = "SELECT A.salutation,A.firstName,A.lastName FROM authors A INNER JOIN article_authors B WHERE A.authorId=B.authorId AND B.articleId=$articleId";
  $resultAuthor = mysqli_query($db, $sql);
  $numRowsAuthor = mysqli_num_rows($resultAuthor);
  if ($numRowsAuthor > 0) {
   $dataAuthor = mysqli_fetch_all($resultAuthor, MYSQLI_ASSOC);
   $row['author'] = $dataAuthor;
  } else {
   $row['author'] = [];
  }
  array_push($data,$row);
 }
 $dataJSON = ['status' => 200, 'data' => $data];
}

echo json_encode($dataJSON);