function sitesearch_filter_highlight($text)
{
$text = strip_tags(xmlentities_reverse($text));
if (strlen($text) >= 300) {
$text = substr($text, 0, 297);
}
loader_import('saf.Misc.Search');
global $cgi, $sitesearch_queries;
if (!is_array($sitesearch_queries)) {
$sitesearch_queries = search_split_query($cgi->query);
}
foreach ($sitesearch_queries as $query) {
$text = preg_replace('/(' . preg_quote($query, '/') . ')/i', '<strong>\\1</strong>', $text);
}
return $text;
}
/**
* Highlights all of the query terms in the specified string, wrapping
* them in <span class="highlighted"></span> tags.
* Source: http://www.ilovejackdaniels.com/php/google-style-keyword-highlighting/
*
* @param string
* @param array
* @return string
* @package Misc
*/
function search_highlight($string, $queries)
{
if (!is_array($queries)) {
$queries = search_split_query($queries);
}
// A max of ten search terms
$j = sizeof($queries) > 10 ? 10 : sizeof($queries);
// There are search terms, highlight these
if ($j > 0) {
for ($i = 0; $i < $j; $i++) {
//$string = preg_replace('/(>)([^<]*)([^a-z]+)(' . $queries[$i] . ')([^a-z]+)/i', '$1$2$3<span style="font-weight: bold; background-color: yellow;">$4</span>$5', $string);
$string = preg_replace('#(\\>(((?' . '>([^><]+|(?R)))*)\\<))#use', "preg_replace('#(" . str_replace("'", "", $queries[$i]) . ")#usi', '<span class=\"highlighted\">\\\\1</span>', '\\0')", '>' . $string . '<');
if (function_exists('iconv_substr')) {
$string = @iconv_substr($string, 1, -1);
} else {
$string = substr($string, 1, -1);
}
$string = str_replace('\\"', '"', $string);
}
return $string;
}
// Nothing to highlight
return $string;
}
function search_weblinks()
{
list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool');
if (empty($active_weblinks)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['links_links_column'];
$query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// web links
$query .= "{$column['description']} LIKE '{$word}' OR \n";
$query .= "{$column['url']} LIKE '{$word}' OR \n";
$query .= "{$column['submitter']} LIKE '{$word}' OR \n";
$query .= "{$column['title']} LIKE '{$word}' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_weblinks=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_users()
{
list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q');
if (empty($active_users)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['users_column'];
$query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE ";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$column['uname']} LIKE '{$word}' OR ";
$query .= "{$column['name']} LIKE '{$word}'";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['uname']}";
if (empty($total)) {
$countres = $dbconn->Execute($query);
$total = $countres->PO_RecordCount();
$countres->Close();
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>');
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_users=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// some basic authcheck - might result in a wrong count...
if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&uname={$row['uname']}&module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_downloads()
{
list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total');
if (empty($active_downloads)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
// fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later...
$column =& $pntable['downloads_downloads_column'];
$query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['totalvotes']} as totalvotes, {$column['hits']} as hits, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// downloads
$query .= "{$column['description']} LIKE '{$word}' OR \n";
$query .= "{$column['title']} LIKE '{$word}' OR \n";
$query .= "{$column['submitter']} LIKE '{$word}' OR \n";
$query .= "{$column['name']} LIKE '{$word}' OR \n";
$query .= "{$column['homepage']} LIKE '{$word}' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_downloads=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Downloads&file=index&req=getit&lid={$row['lid']}\">{$row['title']}</a> <font class=\"pn-normal\">(votes: {$row['totalvotes']} - hits: {$row['hits']})</font><br>Uploader: {$row['name']}<br>{$row['description']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Mung URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_DOWNLOADS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_downloads()
{
list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total');
if (empty($active_downloads)) {
return;
}
if (!pnModAvailable('Downloads')) {
return;
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$output =& new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
// fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later...
$column =& $pntable['downloads_downloads_column'];
$query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// downloads
$query .= "{$column['description']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['title']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['submitter']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['name']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['homepage']} LIKE '" . pnVarPrepForStore($word) . "' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "index.php?name=Search&action=search&active_downloads=1&bool={$bool}&q={$q}";
$output->Text("<dl>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$row['description'] = strip_tags($row['description']);
if (strlen($row['description']) > 128) {
$row['description'] = substr($row['description'], 0, 125) . '...';
}
$output->Text("<dt><a href=\"index.php?name=Downloads&req=viewdownloaddetails&lid={$row['lid']}\">" . pnVarPrepForDisplay($row[title]) . "</a></dt>");
$output->Text("<dd>" . pnVarPrepForDisplay($row[description]) . "</dd>");
}
$result->MoveNext();
}
$output->Text("</dl>");
// Mung URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_DOWNLOADS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_comments()
{
list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q');
if (empty($active_comments)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['comments_column'];
$query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, ";
$query .= "{$column['sid']} as sid, {$column['pid']} as pid FROM {$pntable['comments']} WHERE ";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$column['subject']} LIKE '{$word}' OR ";
$query .= "{$column['comment']} LIKE '{$word}'";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['subject']}";
if (empty($total)) {
$countres = $dbconn->Execute($query);
$total = $countres->PO_RecordCount();
$countres->Close();
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_comments=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if ($row[pid] != 0) {
// comment with parent posting
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&req=showreply&tid={$row['tid']}&sid={$row['sid']}&pid={$row['pid']}\">{$row['subject']}</a></li>");
} else {
// comment without parent posting
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&tid={$row['tid']}&sid={$row['sid']}#{$row['tid']}\">{$row['subject']}</a></li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_COMMENTS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_faqs()
{
list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs');
if (empty($active_faqs)) {
return;
}
if (!pnModAvailable('FAQ')) {
return;
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$output =& new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['faqanswer_column'];
$faqcatcol =& $pntable['faqcategories_column'];
$query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE {$column['answer']} != \"\" AND \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// faqs
$query .= "{$column['question']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['answer']} LIKE '" . pnVarPrepForStore($word) . "'\n";
$query .= ')';
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')";
}
$query .= " ORDER BY {$column['id']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "index.php?name=Search&action=search&active_faqs=1&bool={$bool}&q={$q}";
$output->Text("<dl>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$row['answer'] = strip_tags($row['answer']);
if (strlen($row['answer']) > 128) {
$row['answer'] = substr($row['answer'], 0, 125) . '...';
}
$output->Text("<dt><a href=\"index.php?name=FAQ&myfaq=yes&id_cat={$row['id_cat']}\">" . pnVarPrepForDisplay($row[question]) . "</a></dt>");
$output->Text("<dd>" . pnVarPrepForDisplay($row[answer]) . "</dd>");
}
$result->MoveNext();
}
$output->Text('</dl>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_FAQS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
$p->limit(appconf('limit'));
$p->offset($cgi->offset);
$list = $p->getThread($cgi->post);
if (!empty($cgi->highlight)) {
$highlight = '?highlight=' . $cgi->highlight;
} else {
$highlight = '?highlight=';
}
$pg = new Pager($cgi->offset, appconf('limit'), $p->total);
$pg->setUrl(site_prefix() . '/index/siteforum-list-action/post.%s' . $highlight, $cgi->post);
$pg->getInfo();
if (!$cgi->topic) {
$cgi->topic = $list[0]->topic_id;
}
$t = new SiteForum_Topic();
$topic = $t->getTitle($cgi->topic);
$subject = $list[0]->subject;
if (!empty($cgi->highlight)) {
loader_import('saf.Misc.Search');
echo search_bar($cgi->highlight, '/index/sitesearch-app?ctype=siteforum_post&show_types=yes');
$queries = search_split_query($cgi->highlight);
foreach (array_keys($list) as $key) {
$list[$key]->body = search_highlight($list[$key]->body, $queries);
}
}
page_title($subject);
template_simple_register('pager', $pg);
echo template_simple('message_list.spt', array('forum_name' => appconf('forum_name'), 'topic' => $topic, 'subject' => $subject, 'list' => $list, 'sitesearch' => @file_exists('inc/app/sitesearch/data/sitesearch.pid')));
if (appconf('template')) {
page_template(appconf('template'));
}
function search_users()
{
list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q');
if (empty($active_users)) {
return;
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$output =& new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['users_column'];
$query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE ";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$column['uname']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$column['name']} LIKE '" . pnVarPrepForStore($word) . "'";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['uname']}";
if (empty($total)) {
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
$total = $countres->PO_RecordCount();
$countres->Close();
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS);
$url = "index.php?name=Search&action=search&active_users=1&bool={$bool}&q={$q}";
$output->Text("<dl>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// some basic authcheck - might result in a wrong count...
if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) {
$output->Text("<dt><a href=\"user.php?op=userinfo&uname=" . pnVarPrepForDisplay($row['uname']) . "\">" . pnVarPrepForDisplay($row['uname']) . "</a></dt><dd>" . pnVarPrepForDisplay($row['name']) . "</dd>");
}
$result->MoveNext();
}
$output->Text("</dl>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_MEMBERS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_comments()
{
list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q');
if (empty($active_comments)) {
return;
}
if (!pnModAvailable('Comments')) {
return;
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$output =& new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['comments_column'];
$query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, ";
$query .= "{$column['sid']} as sid, {$column['pid']} as pid, {$column['comment']} as comment FROM {$pntable['comments']} WHERE ";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$column['subject']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$column['comment']} LIKE '" . pnVarPrepForStore($word) . "'";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['subject']}";
if (empty($total)) {
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
$total = $countres->PO_RecordCount();
$countres->Close();
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "index.php?name=Search&action=search&active_comments=1&bool={$bool}&q={$q}";
$output->Text('<dl>');
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$row['comment'] = strip_tags($row['comment']);
if (strlen($row['comment']) > 128) {
$row['comment'] = substr($row['comment'], 0, 125) . '...';
}
if ($row[subject] == "") {
$row[subject] = "No title";
}
if ($row[pid] != 0) {
// comment with parent posting
$output->Text("<dt><a href=\"index.php?name=Comments&req=showreply&tid={$row['tid']}&sid={$row['sid']}&pid={$row['pid']}\">" . pnVarPrepHTMLDisplay($row[subject]) . "</a></dt>");
} else {
// comment without parent posting
$output->Text("<dt><a href=\"index.php?name=Comments&tid={$row['tid']}&sid={$row['sid']}#{$row['tid']}\">" . pnVarPrepHTMLDisplay($row[subject]) . "</a></dt>");
}
$output->Text("<dd>" . pnVarPrepForDisplay($row[comment]) . "</dd>");
$result->MoveNext();
}
$output->Text('</dl>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_COMMENTS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_faqs()
{
list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs');
if (empty($active_faqs)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['faqanswer_column'];
$faqcatcol =& $pntable['faqcategories_column'];
$query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// faqs
$query .= "{$column['question']} LIKE '{$word}' OR \n";
$query .= "{$column['answer']} LIKE '{$word}'\n";
$query .= ')';
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')";
}
$query .= " ORDER BY {$column['id']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_faqs=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat={$row['id_cat']}\">{$row['question']}</a><br>Answer: " . nl2br($row[answer]) . "</li>");
}
$result->MoveNext();
}
$output->Text('</ul>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_FAQS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_reviews()
{
list($active_reviews, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_reviews', 'startnum', 'total', 'bool', 'q');
if (empty($active_reviews)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$revcol =& $pntable['reviews_column'];
$comcol =& $pntable['reviews_comments_column'];
$query = "SELECT DISTINCT {$revcol['id']} as id, {$revcol['title']} as title, {$revcol['score']} as score, {$revcol['hits']} as hits, {$revcol['reviewer']} as reviewer, {$revcol['date']} AS fdate\n FROM {$pntable['reviews']} LEFT JOIN {$pntable['reviews_comments']} ON {$comcol['rid']}={$revcol['id']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// reviews
$query .= "{$revcol['title']} LIKE '{$word}' OR \n";
$query .= "{$revcol['text']} LIKE '{$word}' OR \n";
$query .= "{$revcol['reviewer']} LIKE '{$word}' OR \n";
$query .= "{$revcol['cover']} LIKE '{$word}' OR \n";
$query .= "{$revcol['url']} LIKE '{$word}' OR \n";
$query .= "{$revcol['url_title']} LIKE '{$word}' OR \n";
// reviews_comments
$query .= "{$comcol['comments']} LIKE '{$word}'\n";
$query .= ')';
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$revcol['rlanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$revcol['rlanguage']}='')";
}
$query .= " ORDER BY {$revcol['date']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_REVIEWS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_reviews=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Reviews&file=index&req=showcontent&id={$row['id']}\">{$row['title']}</a> <font class=\"pn-sub\">(score: {$row['score']} - hits: {$row['hits']})</font><br>{$row['reviewer']}<br>{$row['fdate']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_REVIEWS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_stories()
{
list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool');
if (!isset($active_stories) || !$active_stories) {
return;
}
if (!pnModAvailable('News')) {
return;
}
$output =& new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
if (empty($bool)) {
$bool = 'OR';
}
$flag = false;
$storcol =& $pntable['stories_column'];
$stcatcol =& $pntable['stories_cat_column'];
$topcol =& $pntable['topics_column'];
$query = '';
$query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE ";
// hack to get this to work, but much better than what we had before
//$query .= " 1 = 1 ";
// words
$w = search_split_query($q);
if (isset($w)) {
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
//$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR ";
$query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'";
$query .= ')';
$flag = true;
$no_flag = false;
}
} else {
$no_flag = true;
}
// topics
if (isset($stories_topics) && !empty($stories_topics)) {
$flag = false;
$start_flag = false;
// dont set AND/OR if nothing is in front
foreach ($stories_topics as $v) {
if (empty($v)) {
continue;
}
if (!$no_flag and !$start_flag) {
$query .= ' AND (';
$start_flag = true;
}
if ($flag) {
$query .= ' OR ';
}
$query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag and $start_flag) {
$query .= ') ';
$no_flag = false;
}
}
// categories
if (!is_array($stories_cat)) {
$stories_cat[0] = '';
}
if (isset($stories_cat[0]) && !empty($stories_cat[0])) {
if (!$no_flag) {
$query .= ' AND (';
}
$flag = false;
foreach ($stories_cat as $v) {
if ($flag) {
$query .= ' OR ';
}
$query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag) {
$query .= ') ';
$no_flag = false;
}
}
// authors
if (isset($stories_author) && $stories_author != '') {
if (!$no_flag) {
$query .= ' AND (';
}
$query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'";
$result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$query .= " OR {$storcol['aid']}={$row['pn_uid']}";
$result->MoveNext();
}
if (!$no_flag) {
$query .= ') ';
$no_flag = false;
}
} else {
$stories_author = '';
}
if (pnConfigGetVar('multilingual') == 1) {
if (!empty($query)) {
$query .= ' AND';
}
$query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')";
}
if (empty($query)) {
$query = '1';
}
$query .= " ORDER BY {$storcol['time']} DESC";
$query = $query1 . $query;
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author);
if (isset($stories_cat) && $stories_cat) {
foreach ($stories_cat as $v) {
$url .= "&stories_cat%5B%5D={$v}";
}
}
if (isset($stories_topics) && $stories_topics) {
foreach ($stories_topics as $v) {
$url .= "&stories_topics%5B%5D={$v}";
}
}
$url .= '&bool=' . pnVarPrepForDisplay($bool);
if (isset($q)) {
$url .= '&q=' . pnVarPrepForDisplay($q);
}
$output->Text('<dl>');
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
$output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>');
$output->Text('<dd>');
$output->Text(pnVarPrepForDisplay($row['fdate']) . ' (');
if (!empty($row['topicid'])) {
$output->Text($row['topictext']);
}
if (!empty($row['catid'])) {
$output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title']));
}
$output->Text(')</dd>');
}
$result->MoveNext();
}
$output->Text('</dl>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_STORIES_TOPICS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_sections()
{
list($active_sections, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_sections', 'startnum', 'total', 'bool', 'q');
if (empty($active_sections)) {
return;
}
if (!pnModAvailable('Sections')) {
return;
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$output =& new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$seccol =& $pntable['seccont_column'];
$query = "SELECT {$seccol['artid']} as id, {$seccol['title']} as title, {$seccol['secid']} as secid, {$seccol['content']} as content\n FROM {$pntable['seccont']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$seccol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$seccol['content']} LIKE '" . pnVarPrepForStore($word) . "')\n";
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$seccol['slanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$seccol['slanguage']}='')";
}
$query .= " ORDER BY {$seccol['artid']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we know about the section id so let's get the section name
$column2 =& $pntable['sections_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
list($secname) = $result2->fields;
if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_SECTIONS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "index.php?name=Search&action=search&active_sections=1&bool={$bool}&q={$q}";
$output->Text('<dl>');
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we know about the section id so let's get the section name
$column2 =& $pntable['sections_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
list($secname) = $result2->fields;
if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
$row['content'] = strip_tags($row['content']);
if (strlen($row['content']) > 128) {
$row['content'] = substr($row['content'], 0, 125) . '...';
}
$output->Text("<dt><a href=\"index.php?name=Sections&req=viewarticle&artid={$row['id']}\">" . pnVarPrepForDisplay($row[title]) . "</a></dt>");
$output->Text("<dd>" . pnVarPrepForDisplay($row[content]) . "</dd>");
}
$result->MoveNext();
}
$output->Text('</dl>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_SECTIONS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
<?php
page_title(intl_get('Search'));
loader_import('saf.Misc.Search');
loader_import('sitewiki.Filters');
global $cgi;
$q = search_split_query($cgi->query);
$j = ' ';
$w = '(';
$b = array();
foreach ($q as $term) {
$w .= $j . 'body like ?';
$b[] = '%' . $term . '%';
$j = ' AND ';
}
$w .= ')';
$res = db_shift_array('select id from sitewiki_page where ' . $w, $b);
if (count($res) == 0) {
echo template_simple('nav.spt', new StdClass());
echo '<p>0 results for "' . $cgi->query . '"</p>';
return;
} elseif (count($res) == 1) {
header('Location: ' . site_prefix() . '/index/sitewiki-app/show.' . $res[0]);
exit;
}
echo template_simple('search.spt', (object) array('total' => count($res), 'query' => $cgi->query, 'list' => $res, 'screen' => 'search'));
function search_weblinks()
{
list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool');
if (empty($active_weblinks)) {
return;
}
if (!pnModAvailable('Web_Links')) {
return;
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$output =& new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['links_links_column'];
$query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// web links
$query .= "{$column['description']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['url']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['submitter']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['title']} LIKE '" . pnVarPrepForStore($word) . "' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "index.php?name=Search&action=search&active_weblinks=1&bool={$bool}&q={$q}";
$output->Text("<dl>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$output->Text("<dt><a href=\"" . pnVarPrepForDisplay($row['url']) . "\">" . pnVarPrepForDisplay($row['title']) . "</a></dt><dd>" . pnVarPrepHTMLDisplay($row['description']) . "</dd>");
}
$result->MoveNext();
}
$output->Text("</dl>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_LINKS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
$flag = false;
$column =& $pntable['links_categories_column'];
$query = "SELECT {$column['cat_id']} as cat_id, {$column['title']} as title, {$column['cdescription']} as description\n FROM {$pntable['links_categories']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// web links
$query .= "{$column['cdescription']} LIKE '" . pnVarPrepForStore($word) . "'\n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['cat_id']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Web Links::Category', "{$title}:{$row['title']}:{$row['cat_id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_WEBLINKSCATEGORIES . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "index.php?name=Search&action=search&active_weblinks=1&bool={$bool}&q={$q}";
$output->Text("<dl>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Web Links::Category', "{$row['title']}::{$row['cat_id']}", ACCESS_READ)) {
$output->Text("<dt><a href=\"index.php?name=Web_Links&req=viewlink&cid=" . pnVarPrepForDisplay($row['cat_id']) . "\">" . pnVarPrepForDisplay($row['title']) . "</a></dt><dd>" . pnVarPrepHTMLDisplay($row['description']) . "</dd>");
}
$result->MoveNext();
}
$output->Text("</dl>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_LINKSCATEGORIES);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
