function search_users() { list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q'); if (empty($active_users)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['users_column']; $query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['uname']} LIKE '{$word}' OR "; $query .= "{$column['name']} LIKE '{$word}'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['uname']}"; if (empty($total)) { $countres = $dbconn->Execute($query); $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>'); $url = "modules.php?op=modload&name=Search&file=index&action=search&active_users=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // some basic authcheck - might result in a wrong count... if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&uname={$row['uname']}&module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_weblinks() { list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool'); if (empty($active_weblinks)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['links_links_column']; $query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // web links $query .= "{$column['description']} LIKE '{$word}' OR \n"; $query .= "{$column['url']} LIKE '{$word}' OR \n"; $query .= "{$column['submitter']} LIKE '{$word}' OR \n"; $query .= "{$column['title']} LIKE '{$word}' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_weblinks=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_comments() { list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q'); if (empty($active_comments)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['comments_column']; $query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, "; $query .= "{$column['sid']} as sid, {$column['pid']} as pid FROM {$pntable['comments']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['subject']} LIKE '{$word}' OR "; $query .= "{$column['comment']} LIKE '{$word}'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['subject']}"; if (empty($total)) { $countres = $dbconn->Execute($query); $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_comments=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if ($row[pid] != 0) { // comment with parent posting $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&req=showreply&tid={$row['tid']}&sid={$row['sid']}&pid={$row['pid']}\">{$row['subject']}</a></li>"); } else { // comment without parent posting $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&tid={$row['tid']}&sid={$row['sid']}#{$row['tid']}\">{$row['subject']}</a></li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_COMMENTS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_downloads() { list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total'); if (empty($active_downloads)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; // fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later... $column =& $pntable['downloads_downloads_column']; $query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['totalvotes']} as totalvotes, {$column['hits']} as hits, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // downloads $query .= "{$column['description']} LIKE '{$word}' OR \n"; $query .= "{$column['title']} LIKE '{$word}' OR \n"; $query .= "{$column['submitter']} LIKE '{$word}' OR \n"; $query .= "{$column['name']} LIKE '{$word}' OR \n"; $query .= "{$column['homepage']} LIKE '{$word}' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_downloads=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Downloads&file=index&req=getit&lid={$row['lid']}\">{$row['title']}</a> <font class=\"pn-normal\">(votes: {$row['totalvotes']} - hits: {$row['hits']})</font><br>Uploader: {$row['name']}<br>{$row['description']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Mung URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_DOWNLOADS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
/** * view items */ function template_admin_view() { // Get parameters from whatever input we need. All arguments to this // function should be obtained from pnVarCleanFromInput(), getting them // from other places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke $startnum = pnVarCleanFromInput('startnum'); // Create output object - this object will store all of our output so that // we can return it easily when required $output = new pnHTML(); if (!pnSecAuthAction(0, 'Template::', '::', ACCESS_EDIT)) { $output->Text(_TEMPLATENOAUTH); return $output->GetOutput(); } // Add menu to output - it helps if all of the module pages have a standard // menu at their head to aid in navigation $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(template_adminmenu()); $output->SetInputMode(_PNH_PARSEINPUT); // Title - putting a title ad the head of each page reminds the user what // they are doing $output->Title(_VIEWTEMPLATE); // Load API. Note that this is loading the user API, that is because the // user API contains the function to obtain item information which is the // first thing that we need to do. If the API fails to load an appropriate // error message is posted and the function returns if (!pnModAPILoad('Template', 'user')) { $output->Text(_LOADFAILED); return $output->GetOutput(); } // The user API function is called. This takes the number of items // required and the first number in the list of all items, which we // obtained from the input and gets us the information on the appropriate // items. $items = pnModAPIFunc('Template', 'user', 'getall', array('startnum' => $startnum, 'numitems' => pnModGetVar('Template', 'itemsperpage'))); // Start output table $output->TableStart('', array(_TEMPLATENAME, _TEMPLATENUMBER, _TEMPLATEOPTIONS), 3); foreach ($items as $item) { $row = array(); if (pnSecAuthAction(0, 'Template::', "{$item['name']}::{$item['tid']}", ACCESS_READ)) { // Name and number. Note that unlike the user function we do not // censor the text that is being displayed. This is so the // administrator can see the text as exists in the database rather // than the munged output version $row[] = $item['name']; $row[] = $item['number']; // Options for the item. Note that each item has the appropriate // levels of authentication checked to ensure that it is suitable // for display $options = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); if (pnSecAuthAction(0, 'Template::', "{$item['name']}::{$item['tid']}", ACCESS_EDIT)) { $options[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'modify', array('tid' => $item['tid']))), _EDIT); if (pnSecAuthAction(0, 'Template::', "{$item['name']}::{$item['tid']}", ACCESS_DELETE)) { $options[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'delete', array('tid' => $item['tid']))), _DELETE); } } $options = join(' | ', $options); $output->SetInputMode(_PNH_VERBATIMINPUT); $row[] = $output->Text($options); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->TableAddRow($row); $output->SetInputMode(_PNH_PARSEINPUT); } } $output->TableEnd(); // Call the pnHTML helper function to produce a pager in case of there // being many items to display. // // Note that this function includes another user API function. The // function returns a simple count of the total number of items in the item // table so that the pager function can do its job properly $output->Pager($startnum, pnModAPIFunc('Template', 'user', 'countitems'), pnModURL('Template', 'admin', 'view', array('startnum' => '%%')), pnModGetVar('Template', 'itemsperpage')); // Return the output that has been generated by this function return $output->GetOutput(); }
function search_sections() { list($active_sections, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_sections', 'startnum', 'total', 'bool', 'q'); if (empty($active_sections)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $seccol =& $pntable['seccont_column']; $query = "SELECT {$seccol['artid']} as id, {$seccol['title']} as title, {$seccol['secid']} as secid\n FROM {$pntable['seccont']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$seccol['title']} LIKE '{$word}' OR \n"; $query .= "{$seccol['content']} LIKE '{$word}')\n"; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$seccol['slanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$seccol['slanguage']}='')"; } $query .= " ORDER BY {$seccol['artid']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we know about the section id so let's get the section name $column2 =& $pntable['sections_column']; $result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}"); list($secname) = $result2->fields; if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_SECTIONS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_sections=1&bool={$bool}&q={$q}"; $output->Text('<ul>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we know about the section id so let's get the section name $column2 =& $pntable['sections_column']; $result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}"); list($secname) = $result2->fields; if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid={$row['id']}\">{$row['title']}</a><br></li>"); } $result->MoveNext(); } $output->Text('</ul>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_SECTIONS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_faqs() { list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs'); if (empty($active_faqs)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['faqanswer_column']; $faqcatcol =& $pntable['faqcategories_column']; $query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // faqs $query .= "{$column['question']} LIKE '{$word}' OR \n"; $query .= "{$column['answer']} LIKE '{$word}'\n"; $query .= ')'; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')"; } $query .= " ORDER BY {$column['id']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_faqs=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat={$row['id_cat']}\">{$row['question']}</a><br>Answer: " . nl2br($row[answer]) . "</li>"); } $result->MoveNext(); } $output->Text('</ul>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_FAQS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_stories() { list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool'); if (!isset($active_stories) || !$active_stories) { return; } $output = new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (empty($bool)) { $bool = 'OR'; } $flag = false; $storcol =& $pntable['stories_column']; $stcatcol =& $pntable['stories_cat_column']; $topcol =& $pntable['topics_column']; $query = ""; $query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE "; // hack to get this to work, but much better than what we had before //$query .= " 1 = 1 "; // words $w = search_split_query($q); if (isset($w)) { foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR "; $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; $no_flag = false; } } else { $no_flag = true; } // topics if (isset($stories_topics) && !empty($stories_topics)) { $flag = false; $start_flag = false; // dont set AND/OR if nothing is in front foreach ($stories_topics as $v) { if (empty($v)) { continue; } if (!$no_flag and !$start_flag) { $query .= " AND ("; $start_flag = true; } if ($flag) { $query .= " OR "; } $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag and $start_flag) { $query .= ") "; $no_flag = false; } } // categories if (!is_array($stories_cat)) { $stories_cat[0] = ''; } if (isset($stories_cat[0]) && !empty($stories_cat[0])) { if (!$no_flag) { $query .= " AND ("; } $flag = false; foreach ($stories_cat as $v) { if ($flag) { $query .= " OR "; } $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag) { $query .= ") "; $no_flag = false; } } // authors if (isset($stories_author) && $stories_author != "") { if (!$no_flag) { $query .= " AND ("; } $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'"; $result = $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $query .= " OR {$storcol['aid']}={$row['pn_uid']}"; $result->MoveNext(); } if (!$no_flag) { $query .= ") "; $no_flag = false; } } else { $stories_author = ''; } if (pnConfigGetVar('multilingual') == 1) { if (!empty($query)) { $query .= " AND"; } $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')"; } if (empty($query)) { $query = "1"; } $query .= " ORDER BY {$storcol['time']} DESC"; $query = $query1 . $query; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_stories=1&stories_author=" . $stories_author; if (isset($stories_cat) && $stories_cat) { foreach ($stories_cat as $v) { $url .= "&stories_cat%5B%5D={$v}"; } } if (isset($stories_topics) && $stories_topics) { foreach ($stories_topics as $v) { $url .= "&stories_topics%5B%5D={$v}"; } } $url .= "&bool=" . $bool; if (isset($q)) { $url .= "&q=" . $q; } $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); $output->Text("<li>"); if (!empty($row['topicid'])) { $output->Text("<b><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&active_stories=1&stories_topics[0]=" . $row['topicid'] . "\">" . $row['topictext'] . "</a></b> - "); } if (!empty($row['catid'])) { $output->Text("<a href=\"modules.php?op=modload&name=News&file=index&catid=" . $row['catid'] . "\">" . $row['cat_title'] . "</a>: "); } if ($row['story_title'] == '') { $row['story_title'] = 'No Title'; } $output->Text('<i><a class="pn-normal" href="modules.php?op=modload&name=News&file=article&sid=' . $row['sid'] . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></i> - ' . $row['fdate'] . "</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_STORIES_TOPICS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_reviews() { list($active_reviews, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_reviews', 'startnum', 'total', 'bool', 'q'); if (empty($active_reviews)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $revcol =& $pntable['reviews_column']; $comcol =& $pntable['reviews_comments_column']; $query = "SELECT DISTINCT {$revcol['id']} as id, {$revcol['title']} as title, {$revcol['score']} as score, {$revcol['hits']} as hits, {$revcol['reviewer']} as reviewer, {$revcol['date']} AS fdate\n FROM {$pntable['reviews']} LEFT JOIN {$pntable['reviews_comments']} ON {$comcol['rid']}={$revcol['id']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // reviews $query .= "{$revcol['title']} LIKE '{$word}' OR \n"; $query .= "{$revcol['text']} LIKE '{$word}' OR \n"; $query .= "{$revcol['reviewer']} LIKE '{$word}' OR \n"; $query .= "{$revcol['cover']} LIKE '{$word}' OR \n"; $query .= "{$revcol['url']} LIKE '{$word}' OR \n"; $query .= "{$revcol['url_title']} LIKE '{$word}' OR \n"; // reviews_comments $query .= "{$comcol['comments']} LIKE '{$word}'\n"; $query .= ')'; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$revcol['rlanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$revcol['rlanguage']}='')"; } $query .= " ORDER BY {$revcol['date']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_REVIEWS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_reviews=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Reviews&file=index&req=showcontent&id={$row['id']}\">{$row['title']}</a> <font class=\"pn-sub\">(score: {$row['score']} - hits: {$row['hits']})</font><br>{$row['reviewer']}<br>{$row['fdate']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_REVIEWS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }