function sitesearch_filter_highlight($text) { $text = strip_tags(xmlentities_reverse($text)); if (strlen($text) >= 300) { $text = substr($text, 0, 297); } loader_import('saf.Misc.Search'); global $cgi, $sitesearch_queries; if (!is_array($sitesearch_queries)) { $sitesearch_queries = search_split_query($cgi->query); } foreach ($sitesearch_queries as $query) { $text = preg_replace('/(' . preg_quote($query, '/') . ')/i', '<strong>\\1</strong>', $text); } return $text; }
/** * Highlights all of the query terms in the specified string, wrapping * them in <span class="highlighted"></span> tags. * Source: http://www.ilovejackdaniels.com/php/google-style-keyword-highlighting/ * * @param string * @param array * @return string * @package Misc */ function search_highlight($string, $queries) { if (!is_array($queries)) { $queries = search_split_query($queries); } // A max of ten search terms $j = sizeof($queries) > 10 ? 10 : sizeof($queries); // There are search terms, highlight these if ($j > 0) { for ($i = 0; $i < $j; $i++) { //$string = preg_replace('/(>)([^<]*)([^a-z]+)(' . $queries[$i] . ')([^a-z]+)/i', '$1$2$3<span style="font-weight: bold; background-color: yellow;">$4</span>$5', $string); $string = preg_replace('#(\\>(((?' . '>([^><]+|(?R)))*)\\<))#use', "preg_replace('#(" . str_replace("'", "", $queries[$i]) . ")#usi', '<span class=\"highlighted\">\\\\1</span>', '\\0')", '>' . $string . '<'); if (function_exists('iconv_substr')) { $string = @iconv_substr($string, 1, -1); } else { $string = substr($string, 1, -1); } $string = str_replace('\\"', '"', $string); } return $string; } // Nothing to highlight return $string; }
function search_weblinks() { list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool'); if (empty($active_weblinks)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['links_links_column']; $query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // web links $query .= "{$column['description']} LIKE '{$word}' OR \n"; $query .= "{$column['url']} LIKE '{$word}' OR \n"; $query .= "{$column['submitter']} LIKE '{$word}' OR \n"; $query .= "{$column['title']} LIKE '{$word}' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_weblinks=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_users() { list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q'); if (empty($active_users)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['users_column']; $query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['uname']} LIKE '{$word}' OR "; $query .= "{$column['name']} LIKE '{$word}'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['uname']}"; if (empty($total)) { $countres = $dbconn->Execute($query); $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>'); $url = "modules.php?op=modload&name=Search&file=index&action=search&active_users=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // some basic authcheck - might result in a wrong count... if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&uname={$row['uname']}&module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_downloads() { list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total'); if (empty($active_downloads)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; // fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later... $column =& $pntable['downloads_downloads_column']; $query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['totalvotes']} as totalvotes, {$column['hits']} as hits, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // downloads $query .= "{$column['description']} LIKE '{$word}' OR \n"; $query .= "{$column['title']} LIKE '{$word}' OR \n"; $query .= "{$column['submitter']} LIKE '{$word}' OR \n"; $query .= "{$column['name']} LIKE '{$word}' OR \n"; $query .= "{$column['homepage']} LIKE '{$word}' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_downloads=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Downloads&file=index&req=getit&lid={$row['lid']}\">{$row['title']}</a> <font class=\"pn-normal\">(votes: {$row['totalvotes']} - hits: {$row['hits']})</font><br>Uploader: {$row['name']}<br>{$row['description']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Mung URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_DOWNLOADS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_downloads() { list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total'); if (empty($active_downloads)) { return; } if (!pnModAvailable('Downloads')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; // fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later... $column =& $pntable['downloads_downloads_column']; $query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // downloads $query .= "{$column['description']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['title']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['submitter']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['name']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['homepage']} LIKE '" . pnVarPrepForStore($word) . "' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_downloads=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $row['description'] = strip_tags($row['description']); if (strlen($row['description']) > 128) { $row['description'] = substr($row['description'], 0, 125) . '...'; } $output->Text("<dt><a href=\"index.php?name=Downloads&req=viewdownloaddetails&lid={$row['lid']}\">" . pnVarPrepForDisplay($row[title]) . "</a></dt>"); $output->Text("<dd>" . pnVarPrepForDisplay($row[description]) . "</dd>"); } $result->MoveNext(); } $output->Text("</dl>"); // Mung URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_DOWNLOADS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_comments() { list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q'); if (empty($active_comments)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['comments_column']; $query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, "; $query .= "{$column['sid']} as sid, {$column['pid']} as pid FROM {$pntable['comments']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['subject']} LIKE '{$word}' OR "; $query .= "{$column['comment']} LIKE '{$word}'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['subject']}"; if (empty($total)) { $countres = $dbconn->Execute($query); $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_comments=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if ($row[pid] != 0) { // comment with parent posting $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&req=showreply&tid={$row['tid']}&sid={$row['sid']}&pid={$row['pid']}\">{$row['subject']}</a></li>"); } else { // comment without parent posting $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&tid={$row['tid']}&sid={$row['sid']}#{$row['tid']}\">{$row['subject']}</a></li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_COMMENTS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_faqs() { list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs'); if (empty($active_faqs)) { return; } if (!pnModAvailable('FAQ')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['faqanswer_column']; $faqcatcol =& $pntable['faqcategories_column']; $query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE {$column['answer']} != \"\" AND \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // faqs $query .= "{$column['question']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['answer']} LIKE '" . pnVarPrepForStore($word) . "'\n"; $query .= ')'; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')"; } $query .= " ORDER BY {$column['id']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_faqs=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $row['answer'] = strip_tags($row['answer']); if (strlen($row['answer']) > 128) { $row['answer'] = substr($row['answer'], 0, 125) . '...'; } $output->Text("<dt><a href=\"index.php?name=FAQ&myfaq=yes&id_cat={$row['id_cat']}\">" . pnVarPrepForDisplay($row[question]) . "</a></dt>"); $output->Text("<dd>" . pnVarPrepForDisplay($row[answer]) . "</dd>"); } $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_FAQS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
$p->limit(appconf('limit')); $p->offset($cgi->offset); $list = $p->getThread($cgi->post); if (!empty($cgi->highlight)) { $highlight = '?highlight=' . $cgi->highlight; } else { $highlight = '?highlight='; } $pg = new Pager($cgi->offset, appconf('limit'), $p->total); $pg->setUrl(site_prefix() . '/index/siteforum-list-action/post.%s' . $highlight, $cgi->post); $pg->getInfo(); if (!$cgi->topic) { $cgi->topic = $list[0]->topic_id; } $t = new SiteForum_Topic(); $topic = $t->getTitle($cgi->topic); $subject = $list[0]->subject; if (!empty($cgi->highlight)) { loader_import('saf.Misc.Search'); echo search_bar($cgi->highlight, '/index/sitesearch-app?ctype=siteforum_post&show_types=yes'); $queries = search_split_query($cgi->highlight); foreach (array_keys($list) as $key) { $list[$key]->body = search_highlight($list[$key]->body, $queries); } } page_title($subject); template_simple_register('pager', $pg); echo template_simple('message_list.spt', array('forum_name' => appconf('forum_name'), 'topic' => $topic, 'subject' => $subject, 'list' => $list, 'sitesearch' => @file_exists('inc/app/sitesearch/data/sitesearch.pid'))); if (appconf('template')) { page_template(appconf('template')); }
function search_users() { list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q'); if (empty($active_users)) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['users_column']; $query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['uname']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$column['name']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['uname']}"; if (empty($total)) { $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS); $url = "index.php?name=Search&action=search&active_users=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // some basic authcheck - might result in a wrong count... if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) { $output->Text("<dt><a href=\"user.php?op=userinfo&uname=" . pnVarPrepForDisplay($row['uname']) . "\">" . pnVarPrepForDisplay($row['uname']) . "</a></dt><dd>" . pnVarPrepForDisplay($row['name']) . "</dd>"); } $result->MoveNext(); } $output->Text("</dl>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_MEMBERS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_comments() { list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q'); if (empty($active_comments)) { return; } if (!pnModAvailable('Comments')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['comments_column']; $query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, "; $query .= "{$column['sid']} as sid, {$column['pid']} as pid, {$column['comment']} as comment FROM {$pntable['comments']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['subject']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$column['comment']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['subject']}"; if (empty($total)) { $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_comments=1&bool={$bool}&q={$q}"; $output->Text('<dl>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $row['comment'] = strip_tags($row['comment']); if (strlen($row['comment']) > 128) { $row['comment'] = substr($row['comment'], 0, 125) . '...'; } if ($row[subject] == "") { $row[subject] = "No title"; } if ($row[pid] != 0) { // comment with parent posting $output->Text("<dt><a href=\"index.php?name=Comments&req=showreply&tid={$row['tid']}&sid={$row['sid']}&pid={$row['pid']}\">" . pnVarPrepHTMLDisplay($row[subject]) . "</a></dt>"); } else { // comment without parent posting $output->Text("<dt><a href=\"index.php?name=Comments&tid={$row['tid']}&sid={$row['sid']}#{$row['tid']}\">" . pnVarPrepHTMLDisplay($row[subject]) . "</a></dt>"); } $output->Text("<dd>" . pnVarPrepForDisplay($row[comment]) . "</dd>"); $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_COMMENTS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_faqs() { list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs'); if (empty($active_faqs)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['faqanswer_column']; $faqcatcol =& $pntable['faqcategories_column']; $query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // faqs $query .= "{$column['question']} LIKE '{$word}' OR \n"; $query .= "{$column['answer']} LIKE '{$word}'\n"; $query .= ')'; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')"; } $query .= " ORDER BY {$column['id']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_faqs=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat={$row['id_cat']}\">{$row['question']}</a><br>Answer: " . nl2br($row[answer]) . "</li>"); } $result->MoveNext(); } $output->Text('</ul>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_FAQS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_reviews() { list($active_reviews, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_reviews', 'startnum', 'total', 'bool', 'q'); if (empty($active_reviews)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $revcol =& $pntable['reviews_column']; $comcol =& $pntable['reviews_comments_column']; $query = "SELECT DISTINCT {$revcol['id']} as id, {$revcol['title']} as title, {$revcol['score']} as score, {$revcol['hits']} as hits, {$revcol['reviewer']} as reviewer, {$revcol['date']} AS fdate\n FROM {$pntable['reviews']} LEFT JOIN {$pntable['reviews_comments']} ON {$comcol['rid']}={$revcol['id']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // reviews $query .= "{$revcol['title']} LIKE '{$word}' OR \n"; $query .= "{$revcol['text']} LIKE '{$word}' OR \n"; $query .= "{$revcol['reviewer']} LIKE '{$word}' OR \n"; $query .= "{$revcol['cover']} LIKE '{$word}' OR \n"; $query .= "{$revcol['url']} LIKE '{$word}' OR \n"; $query .= "{$revcol['url_title']} LIKE '{$word}' OR \n"; // reviews_comments $query .= "{$comcol['comments']} LIKE '{$word}'\n"; $query .= ')'; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$revcol['rlanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$revcol['rlanguage']}='')"; } $query .= " ORDER BY {$revcol['date']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_REVIEWS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_reviews=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Reviews&file=index&req=showcontent&id={$row['id']}\">{$row['title']}</a> <font class=\"pn-sub\">(score: {$row['score']} - hits: {$row['hits']})</font><br>{$row['reviewer']}<br>{$row['fdate']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_REVIEWS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_stories() { list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool'); if (!isset($active_stories) || !$active_stories) { return; } if (!pnModAvailable('News')) { return; } $output =& new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); if (empty($bool)) { $bool = 'OR'; } $flag = false; $storcol =& $pntable['stories_column']; $stcatcol =& $pntable['stories_cat_column']; $topcol =& $pntable['topics_column']; $query = ''; $query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE "; // hack to get this to work, but much better than what we had before //$query .= " 1 = 1 "; // words $w = search_split_query($q); if (isset($w)) { foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR "; $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; $no_flag = false; } } else { $no_flag = true; } // topics if (isset($stories_topics) && !empty($stories_topics)) { $flag = false; $start_flag = false; // dont set AND/OR if nothing is in front foreach ($stories_topics as $v) { if (empty($v)) { continue; } if (!$no_flag and !$start_flag) { $query .= ' AND ('; $start_flag = true; } if ($flag) { $query .= ' OR '; } $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag and $start_flag) { $query .= ') '; $no_flag = false; } } // categories if (!is_array($stories_cat)) { $stories_cat[0] = ''; } if (isset($stories_cat[0]) && !empty($stories_cat[0])) { if (!$no_flag) { $query .= ' AND ('; } $flag = false; foreach ($stories_cat as $v) { if ($flag) { $query .= ' OR '; } $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag) { $query .= ') '; $no_flag = false; } } // authors if (isset($stories_author) && $stories_author != '') { if (!$no_flag) { $query .= ' AND ('; } $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'"; $result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $query .= " OR {$storcol['aid']}={$row['pn_uid']}"; $result->MoveNext(); } if (!$no_flag) { $query .= ') '; $no_flag = false; } } else { $stories_author = ''; } if (pnConfigGetVar('multilingual') == 1) { if (!empty($query)) { $query .= ' AND'; } $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')"; } if (empty($query)) { $query = '1'; } $query .= " ORDER BY {$storcol['time']} DESC"; $query = $query1 . $query; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author); if (isset($stories_cat) && $stories_cat) { foreach ($stories_cat as $v) { $url .= "&stories_cat%5B%5D={$v}"; } } if (isset($stories_topics) && $stories_topics) { foreach ($stories_topics as $v) { $url .= "&stories_topics%5B%5D={$v}"; } } $url .= '&bool=' . pnVarPrepForDisplay($bool); if (isset($q)) { $url .= '&q=' . pnVarPrepForDisplay($q); } $output->Text('<dl>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); $output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>'); $output->Text('<dd>'); $output->Text(pnVarPrepForDisplay($row['fdate']) . ' ('); if (!empty($row['topicid'])) { $output->Text($row['topictext']); } if (!empty($row['catid'])) { $output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title'])); } $output->Text(')</dd>'); } $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_STORIES_TOPICS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_sections() { list($active_sections, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_sections', 'startnum', 'total', 'bool', 'q'); if (empty($active_sections)) { return; } if (!pnModAvailable('Sections')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $seccol =& $pntable['seccont_column']; $query = "SELECT {$seccol['artid']} as id, {$seccol['title']} as title, {$seccol['secid']} as secid, {$seccol['content']} as content\n FROM {$pntable['seccont']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$seccol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$seccol['content']} LIKE '" . pnVarPrepForStore($word) . "')\n"; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$seccol['slanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$seccol['slanguage']}='')"; } $query .= " ORDER BY {$seccol['artid']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we know about the section id so let's get the section name $column2 =& $pntable['sections_column']; $result2 =& $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}"); list($secname) = $result2->fields; if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_SECTIONS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_sections=1&bool={$bool}&q={$q}"; $output->Text('<dl>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we know about the section id so let's get the section name $column2 =& $pntable['sections_column']; $result2 =& $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}"); list($secname) = $result2->fields; if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) { $row['content'] = strip_tags($row['content']); if (strlen($row['content']) > 128) { $row['content'] = substr($row['content'], 0, 125) . '...'; } $output->Text("<dt><a href=\"index.php?name=Sections&req=viewarticle&artid={$row['id']}\">" . pnVarPrepForDisplay($row[title]) . "</a></dt>"); $output->Text("<dd>" . pnVarPrepForDisplay($row[content]) . "</dd>"); } $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_SECTIONS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
<?php page_title(intl_get('Search')); loader_import('saf.Misc.Search'); loader_import('sitewiki.Filters'); global $cgi; $q = search_split_query($cgi->query); $j = ' '; $w = '('; $b = array(); foreach ($q as $term) { $w .= $j . 'body like ?'; $b[] = '%' . $term . '%'; $j = ' AND '; } $w .= ')'; $res = db_shift_array('select id from sitewiki_page where ' . $w, $b); if (count($res) == 0) { echo template_simple('nav.spt', new StdClass()); echo '<p>0 results for "' . $cgi->query . '"</p>'; return; } elseif (count($res) == 1) { header('Location: ' . site_prefix() . '/index/sitewiki-app/show.' . $res[0]); exit; } echo template_simple('search.spt', (object) array('total' => count($res), 'query' => $cgi->query, 'list' => $res, 'screen' => 'search'));
function search_weblinks() { list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool'); if (empty($active_weblinks)) { return; } if (!pnModAvailable('Web_Links')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['links_links_column']; $query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // web links $query .= "{$column['description']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['url']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['submitter']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['title']} LIKE '" . pnVarPrepForStore($word) . "' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_weblinks=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $output->Text("<dt><a href=\"" . pnVarPrepForDisplay($row['url']) . "\">" . pnVarPrepForDisplay($row['title']) . "</a></dt><dd>" . pnVarPrepHTMLDisplay($row['description']) . "</dd>"); } $result->MoveNext(); } $output->Text("</dl>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_LINKS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); $flag = false; $column =& $pntable['links_categories_column']; $query = "SELECT {$column['cat_id']} as cat_id, {$column['title']} as title, {$column['cdescription']} as description\n FROM {$pntable['links_categories']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // web links $query .= "{$column['cdescription']} LIKE '" . pnVarPrepForStore($word) . "'\n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['cat_id']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Web Links::Category', "{$title}:{$row['title']}:{$row['cat_id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_WEBLINKSCATEGORIES . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_weblinks=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Web Links::Category', "{$row['title']}::{$row['cat_id']}", ACCESS_READ)) { $output->Text("<dt><a href=\"index.php?name=Web_Links&req=viewlink&cid=" . pnVarPrepForDisplay($row['cat_id']) . "\">" . pnVarPrepForDisplay($row['title']) . "</a></dt><dd>" . pnVarPrepHTMLDisplay($row['description']) . "</dd>"); } $result->MoveNext(); } $output->Text("</dl>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_LINKSCATEGORIES); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }