-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathyacysearch.php
81 lines (67 loc) · 3.06 KB
/
yacysearch.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
/*
Copyright 2014 Michael Peter Christen
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
---
WHAT IS THIS?
The purpose of this service is the authentication of search users;
it does an authentication of users and identifies their user rights.
Such rights are expressed with sets of specific collections names
which had been used to index data in the YaCy search engine.
This is done using a reverse proxy to a YaCy search server. It
serves as a filter for search requests from a JSON search
client like https://gitorious.org/yacy/searchpage_template_yaml4/
The server attribute within the searchpage_template_yaml4 must point
to the location of this file on a php-enabled server.
HOW TO INSTALL
- copy this file on a web space with a php interpreter
- cUrl is required, please refer to http://php.net/manual/en/book.curl.php
- modify the server address in searchpage_template_yaml4 and point
it to the location of this file
- modify the settings in class/config.class.php
*/
require 'class/config.class.php';
require 'class/user_privs.class.php';
session_start();
// prevent session fixation attempts
if (!(isset($_SESSION['init']))) {
session_regenerate_id();
$_SESSION['init'] = true;
}
// determine user's collections and set them as additional get param
// to ensure that this is a suitable way, the yacy server must not respond to direct calls
// which a user might request by just entering a get request
// this isn't a topic we cover over here, it's solved by restricting the connectivity to the yacy backend
// at network level
trigger_error('request received');
try {
$userPrivs = new UserPrivs();
} catch (Exception $e) {
trigger_error($e->getMessage(), E_USER_ERROR);
}
$_GET['collection'] = $userPrivs->getAsUrlParam();
// construct a new get request; pass-through any additional get params
$curlParams = http_build_query($_GET);
// determine, if search or suggest action is required, see suggest.php
if (isset($_suggest_action) && $_suggest_action) {
$script = Config::YACY_SUGGESTSCRIPT;
} else {
$script = Config::YACY_SEARCHSCRIPT;
}
// init and execue the curl request; curl_exec returns the received data automatically to the browser
$ch = curl_init(Config::YACY_SERVER_SEARCH . $script . '?' . $curlParams);
trigger_error(Config::YACY_SERVER_SEARCH . $script . '?' . $curlParams);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_PROXY, '');
trigger_error('curl executed');
curl_exec($ch);
curl_close($ch);
?>