Permalink
Browse files

add search security

  • Loading branch information...
1 parent dabb87f commit 90097e456e4679cf0a09d1da0dbce0a840b5c565 futura-creative committed Feb 18, 2013
@@ -90,16 +90,17 @@ public function refresh(){
}
public function search(){
- if(isset($this->request->query['cari']) || isset($this->params["named"]["page"])){
+ $this->set("title_for_layout","ADDins - Cari Iklan");
+ if(isset($this->request->query['q']) || isset($this->params["named"]["page"])){
$conditions = array();
- if($this->request->query["cari"] != "")
- $conditions["And"]["Ad.ads_title LIKE"] = "%".$this->request->query['cari']."%";
- if($this->request->query['kategori'] != 0)
- $conditions["And"]["Ad.category_id ="] = $this->request->query['kategori'];
- if($this->request->query['provinsi'] != 0)
- $conditions["And"]["Ad.state_id ="] = $this->request->query['provinsi'];
- if($this->request->query['tanggal'] != ""){
- $tgl = split("/",$this->request->query['tanggal']);
+ if($this->request->query["q"] != "")
+ $conditions["And"]["Ad.ads_title LIKE"] = "%".$this->request->query['q']."%";
+ if($this->request->query['k'] != 0)
+ $conditions["And"]["Ad.category_id ="] = $this->request->query['k'];
+ if($this->request->query['p'] != 0)
+ $conditions["And"]["Ad.state_id ="] = $this->request->query['p'];
+ if($this->request->query['t'] != ""){
+ $tgl = split("/",$this->request->query['t']);
$conditions["And"]["Ad.issue_date = "] = $tgl[2]."-".$tgl[0]."-".$tgl[1];
}
$this->paginate = array('limit'=>10,'conditions'=>$conditions);
@@ -71,14 +71,22 @@ $cakeDescription = __d('cake_dev', 'CakePHP: the rapid development php framework
<!-- Search - Box -->
<?= $this->Form->Create('Ad',array('action'=>'search','type'=>'get')) ?>
<ul class="search-wrapper">
- <li><?= $this->Form->input('cari',array('type'=>'text','class'=>'search-box','label'=>False,'div'=>False,'placeholder'=>'Cari...'));?></li>
<li>
- <?= $this->Form->input('kategori',array('label'=>False,'div'=>False,'id'=>'kategori','type'=>'select','options'=>$kategori)); ?>
+ <?= $this->Form->input('dE41',array('type'=>'hidden','value'=> hash("sha256",rand(1000000,1000000000000000000000000000000000)))); ?>
+ <?= $this->Form->input('q',array('type'=>'text','class'=>'search-box','label'=>False,'div'=>False,'placeholder'=>'Cari...'));?>
</li>
<li>
- <?= $this->Form->input('provinsi',array('label'=>False,'div'=>False,'id'=>'provinsi','type'=>'select','options'=>$state)); ?>
+ <?= $this->Form->input('k',array('label'=>False,'div'=>False,'id'=>'kategori','type'=>'select','options'=>$kategori)); ?>
+ <?= $this->Form->input('dq',array('type'=>'hidden','value'=> hash("md5",rand(1000000,1000000000000000000000000000000000)))); ?>
+ </li>
+ <li>
+ <?= $this->Form->input('dE41',array('type'=>'hidden','value'=> hash("sha256",rand(1000000,1000000000000000000000000000000000)))); ?>
+ <?= $this->Form->input('p',array('label'=>False,'div'=>False,'id'=>'provinsi','type'=>'select','options'=>$state)); ?>
+ </li>
+ <li>
+ <?= $this->Form->input('dE41',array('type'=>'hidden','value'=> hash("sha256",rand(1000000,1000000000000000000000000000000000)))); ?>
+ <?= $this->Form->input('t',array('label'=>False,'div'=>False,'id'=>'date','type'=>'text','class'=>'date-box','placeholder'=>'Tanggal')); ?>
</li>
- <li><?= $this->Form->input('tanggal',array('label'=>False,'div'=>False,'id'=>'date','type'=>'text','class'=>'date-box','placeholder'=>'Tanggal')); ?></li>
<li><?= $this->Form->submit('Cari',array('div'=>False)) ;?></li>
</ul>
<?= $this->Form->end(); ?>
@@ -1,2 +1,2 @@
-1361182399
+1361184074
a:10:{s:2:"id";a:5:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:10;s:3:"key";s:7:"primary";}s:9:"ads_title";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:40;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:8:"ads_body";a:6:{s:4:"type";s:4:"text";s:4:"null";b:0;s:7:"default";N;s:6:"length";N;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:11:"category_id";a:4:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:4;}s:7:"user_id";a:4:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:10;}s:7:"city_id";a:4:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:4;}s:8:"state_id";a:4:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:4;}s:10:"issue_date";a:4:{s:4:"type";s:4:"date";s:4:"null";b:0;s:7:"default";N;s:6:"length";N;}s:10:"issue_time";a:4:{s:4:"type";s:4:"time";s:4:"null";b:0;s:7:"default";N;s:6:"length";N;}s:5:"image";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:100;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}}
@@ -1,2 +1,2 @@
-1361182399
+1361184074
a:2:{s:2:"id";a:5:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:4;s:3:"key";s:7:"primary";}s:5:"cname";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:40;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}}
@@ -1,2 +1,2 @@
-1361182399
+1361184074
a:3:{s:2:"id";a:5:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:4;s:3:"key";s:7:"primary";}s:5:"cname";a:6:{s:4:"type";s:6:"string";s:4:"null";b:1;s:7:"default";N;s:6:"length";i:100;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:5:"state";a:4:{s:4:"type";s:7:"integer";s:4:"null";b:1;s:7:"default";N;s:6:"length";i:3;}}
@@ -1,2 +1,2 @@
-1361182399
+1361184074
a:5:{i:0;s:3:"ads";i:1;s:10:"categories";i:2;s:6:"cities";i:3;s:6:"states";i:4;s:5:"users";}
@@ -1,2 +1,2 @@
-1361182399
+1361184074
a:2:{s:2:"id";a:5:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:3;s:3:"key";s:7:"primary";}s:5:"sname";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:30;s:7:"collate";s:15:"utf8_general_ci";s:7:"charset";s:4:"utf8";}}
@@ -1,2 +1,2 @@
-1361182399
+1361184074
a:14:{s:2:"id";a:5:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:10;s:3:"key";s:7:"primary";}s:10:"first_name";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:30;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:9:"last_name";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:30;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:8:"username";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:40;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:8:"password";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:40;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:13:"jenis_kelamin";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:1;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:9:"tgl_lahir";a:4:{s:4:"type";s:4:"date";s:4:"null";b:0;s:7:"default";N;s:6:"length";N;}s:6:"alamat";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:50;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:5:"state";a:4:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:4;}s:4:"city";a:4:{s:4:"type";s:7:"integer";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:4;}s:9:"handphone";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";N;s:6:"length";i:12;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:17:"security_question";a:6:{s:4:"type";s:4:"text";s:4:"null";b:0;s:7:"default";N;s:6:"length";N;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:15:"security_answer";a:6:{s:4:"type";s:4:"text";s:4:"null";b:0;s:7:"default";N;s:6:"length";N;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}s:6:"status";a:6:{s:4:"type";s:6:"string";s:4:"null";b:0;s:7:"default";s:1:"1";s:6:"length";i:1;s:7:"collate";s:17:"latin1_swedish_ci";s:7:"charset";s:6:"latin1";}}
@@ -1,2 +1,2 @@
-1361182399
+1361184074
a:1:{s:11:"LC_MESSAGES";a:0:{}}
View
@@ -1,2 +1,2 @@
-1361182399
+1361184074
a:1:{s:11:"LC_MESSAGES";a:0:{}}
@@ -0,0 +1,2 @@
+1361184074
+a:1:{s:11:"LC_MESSAGES";a:0:{}}
Oops, something went wrong.

0 comments on commit 90097e4

Please sign in to comment.