/** * Index function * * @access public * @return void */ function index($message = '') { $this->load->helper('html'); $this->load->helper('search'); $vars['cp_page_title'] = $this->lang->line('search_results'); $this->cp->set_variable('cp_page_title', $vars['cp_page_title']); // Saved search if ($search = $this->input->get('saved')) { $search = base64_decode(rawurldecode($search)); } else { $search = $this->input->get_post('cp_search_keywords', TRUE); } if (!$this->cp_search->_check_index()) { // Save the search $search = rawurlencode(base64_encode($search)); if ($this->input->get('ajax')) { // Force a js redirect $url = str_replace('&', '&', BASE) . '&C=search&M=build_index&saved=' . $search; echo '<script type="text/javascript">window.location="' . $url . '";</script>'; exit; } // Degrade 'nicely' $this->functions->redirect(BASE . AMP . 'C=search' . AMP . 'M=build_index' . AMP . 'saved=' . $search); } $vars['keywords'] = sanitize_search_terms($search); $vars['can_rebuild'] = $this->cp->allowed_group('can_access_utilities'); $vars['search_data'] = $this->cp_search->generate_results($search); $vars['num_rows'] = count($vars['search_data']); if ($this->input->get('ajax')) { echo $this->load->view('search/sidebar', $vars, TRUE); exit; } $this->javascript->compile(); $this->load->view('search/results', $vars); }
/** * Index function * * @access public * @return void */ function index() { ee()->load->helper('html'); ee()->load->helper('search'); $vars['cp_page_title'] = lang('search_results'); ee()->view->cp_page_title = $vars['cp_page_title']; // Saved search if ($search = ee()->input->get('saved')) { $search = base64_decode(rawurldecode($search)); } else { $search = ee()->input->get_post('cp_search_keywords', TRUE); } if (!ee()->cp_search->_check_index()) { // Save the search $search = rawurlencode(base64_encode($search)); if (AJAX_REQUEST) { // Force a js redirect $url = cp_url('search/build_index', array('saved' => $search)); $url = str_replace('&', '&', $url); echo '<script type="text/javascript">window.location="' . $url . '";</script>'; exit; } // Degrade 'nicely' ee()->functions->redirect(cp_url('search/build_index', array('saved' => $search))); } $vars['keywords'] = sanitize_search_terms($search); $vars['can_rebuild'] = ee()->cp->allowed_group('can_access_utilities'); $vars['search_data'] = ee()->cp_search->generate_results($search); $vars['num_rows'] = count($vars['search_data']); if (AJAX_REQUEST) { echo ee()->load->view('search/sidebar', $vars, TRUE); exit; } ee()->cp->render('search/results', $vars); }
function add_items($channel_id = '', $message = '', $extra_sql = '', $search_url = '', $form_url = '', $action = '', $extra_fields_search = '', $extra_fields_entries = '', $heading = '') { ee()->lang->loadfile('content'); ee()->load->helper('url'); $channel_id = ''; $extra_sql = array(); ee()->db->select('entry_id'); $query = ee()->db->get('simple_commerce_items'); if ($query->num_rows() > 0) { $extra_sql['where'] = " AND exp_channel_titles.entry_id NOT IN ('"; foreach ($query->result_array() as $row) { $extra_sql['where'] .= $row['entry_id'] . "','"; } $extra_sql['where'] = substr($extra_sql['where'], 0, -2) . ') '; } ee()->load->library('api'); // $action, $extra_fields_*, and $heading are used by move_comments $vars['message'] = $message; $action = $action ? $action : ee()->input->get_post('action'); // Security check if (!ee()->cp->allowed_group('can_access_edit')) { show_error(lang('unauthorized_access')); } ee()->load->library('pagination'); ee()->load->library('table'); ee()->load->helper(array('form', 'text', 'url', 'snippets')); ee()->api->instantiate('channel_categories'); ee()->load->model('channel_model'); ee()->load->model('channel_entries_model'); ee()->load->model('category_model'); ee()->load->model('status_model'); // Load the search helper so we can filter the keywords ee()->load->helper('search'); ee()->view->cp_page_title = lang('edit'); ee()->cp->add_js_script('ui', 'datepicker'); ee()->javascript->output(array(ee()->javascript->hide(".paginationLinks .first"), ee()->javascript->hide(".paginationLinks .previous"))); ee()->javascript->output(' $(".toggle_all").toggle( function(){ $("input.toggle").each(function() { this.checked = true; }); }, function (){ var checked_status = this.checked; $("input.toggle").each(function() { this.checked = false; }); } ); '); ee()->jquery->tablesorter('.mainTable', '{ headers: { 2: {sorter: false}, 3: { // BLARG!!! This should be human readable sorted... }, 5: {dateFormat: "mm/dd/yy"}, 8: {sorter: false} }, widgets: ["zebra"] }'); ee()->javascript->output(' $("#custom_date_start_span").datepicker({ dateFormat: "yy-mm-dd", prevText: "<<", nextText: ">>", onSelect: function(date) { $("#custom_date_start").val(date); dates_picked(); } }); $("#custom_date_end_span").datepicker({ dateFormat: "yy-mm-dd", prevText: "<<", nextText: ">>", onSelect: function(date) { $("#custom_date_end").val(date); dates_picked(); } }); $("#custom_date_start, #custom_date_end").focus(function(){ if ($(this).val() == "yyyy-mm-dd") { $(this).val(""); } }); $("#custom_date_start, #custom_date_end").keypress(function(){ if ($(this).val().length >= 9) { dates_picked(); } }); function dates_picked() { if ($("#custom_date_start").val() != "yyyy-mm-dd" && $("#custom_date_end").val() != "yyyy-mm-dd") { // populate dropdown box focus_number = $("#date_range").children().length; $("#date_range").append("<option id=\\"custom_date_option\\">" + $("#custom_date_start").val() + " to " + $("#custom_date_end").val() + "</option>"); document.getElementById("date_range").options[focus_number].selected=true; // hide custom date picker again $("#custom_date_picker").slideUp("fast"); } } '); ee()->javascript->change("#date_range", "\n\t\t\tif (\$('#date_range').val() == 'custom_date')\n\t\t\t{\n\t\t\t\t// clear any current dates, remove any custom options\n\t\t\t\t\$('#custom_date_start').val('yyyy-mm-dd');\n\t\t\t\t\$('#custom_date_end').val('yyyy-mm-dd');\n\t\t\t\t\$('#custom_date_option').remove();\n\n\t\t\t\t// drop it down\n\t\t\t\t\$('#custom_date_picker').slideDown('fast');\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\t\$('#custom_date_picker').hide();\n\t\t\t}\n\t\t"); ee()->javascript->output(' $(".paginationLinks a.page").click(function() { current_rownum = $("#perpage").val()*$(this).text()-$("#perpage").val(); current_perpage = $("#perpage").val(); $.getJSON("' . BASE . '&C=javascript&M=json&perpage="+$("#perpage").val()+"&rownum="+($("#perpage").val()*$(this).text()-$("#perpage").val())' . ', {ajax: "true"}, doPagination); return false; }); var current_rownum = 0; var current_perpage = 20; var total_entries = 60; // needs to be set via PHP var next_page = current_perpage; function doPagination(e){ var entries = ""; for (var i = 0; i < e.length; i++) { entries += "<tr>"; entries += "<td>" + e[i].id + "</td>"; entries += "<td><a href=\\"#\\">" + e[i].title + "</a></td>"; entries += "<td><a href=\\"#\\">Live Look</a></td>"; entries += "<td>(" + e[i].comment_count + ") <a href=\\"#\\">View</a></td>"; entries += "<td><div class=\'smallLinks\'><a href=\\"mailto:" + e[i].author_email + "\\">" + e[i].author + "</a></div></td>"; entries += "<td>" + e[i].entry_date + "</td>"; entries += "<td>" + e[i].channel_name + "</td>"; if (e[i].status == "Open") { entries += "<td><span style=\\"color:#339900;\\">" + e[i].status + "</span></td>"; } else { entries += "<td><span style=\\"color:#cc0000;\\">" + e[i].status + "</span></td>"; } entries += "<td><input class=\'checkbox\' type=\'checkbox\' name=\'toggle[]\' value=\'" + e[i].id + "\' /></td>"; entries += "</tr>"; } $(".mainTable tbody").html(entries); $(".mainTable").trigger("update"); var current_sort = $(".mainTable").get(0).config.sortList; $(".mainTable").trigger("sorton", [current_sort]); // add or remove first and last links (current_rownum >= current_perpage) ? $(".paginationLinks .first").show() : $(".paginationLinks .first").hide() ; (current_rownum >= current_perpage) ? $(".paginationLinks .previous").show() : $(".paginationLinks .previous").hide() ; (current_rownum >= (total_entries - current_perpage)) ? $(".paginationLinks .last").hide() : $(".paginationLinks .last").show() ; (current_rownum >= (total_entries - current_perpage)) ? $(".paginationLinks .next").hide() : $(".paginationLinks .next").show() ; // readjust page numbers for links } $(".paginationLinks .first").click(function() { current_perpage = $("#perpage").val(); current_rownum = 0; $.getJSON("' . BASE . '&C=javascript&M=json&per_page="+current_perpage+"&rownum="+current_rownum, {ajax: "true"}, doPagination); return false; }); $(".paginationLinks .previous").click(function() { current_perpage = $("#perpage").val(); current_rownum = Number(current_rownum) - Number($("#perpage").val()); $.getJSON("' . BASE . '&C=javascript&M=json&per_page="+current_perpage+"&rownum="+current_rownum, {ajax: "true"}, doPagination); return false; }); $(".paginationLinks .next").click(function() { current_perpage = $("#perpage").val(); current_rownum = Number(current_rownum) + Number($("#perpage").val()); $.getJSON("' . BASE . '&C=javascript&M=json&per_page="+current_perpage+"&rownum="+current_rownum, {ajax: "true"}, doPagination); return false; }); $(".paginationLinks .last").click(function() { current_perpage = $("#perpage").val(); current_rownum = total_entries; $.getJSON("' . BASE . '&C=edit&M=json_entries&per_page="+current_perpage+"&rownum="+current_rownum, {ajax: "true"}, doPagination); return false; }); '); $cp_theme = !ee()->session->userdata('cp_theme') ? ee()->config->item('cp_theme') : ee()->session->userdata('cp_theme'); $turn_on_robot = FALSE; // Fetch channel ID numbers assigned to the current user $allowed_channels = ee()->functions->fetch_assigned_channels(); if (empty($allowed_channels)) { show_error(lang('no_channels')); } // Fetch Color Library - We use this to assist with our status colors if (file_exists(APPPATH . 'config/colors.php')) { include APPPATH . 'config/colors.php'; } else { $colors = ''; } // We need to determine which channel to show entries from // if the channel_id combined if ($channel_id == '') { $channel_id = ee()->input->get_post('channel_id'); } if ($channel_id == 'null' or $channel_id === FALSE or !is_numeric($channel_id)) { $channel_id = ''; } $cat_group = ''; $cat_id = ee()->input->get_post('cat_id'); $status = ee()->input->get_post('status'); $order = ee()->input->get_post('order'); $date_range = ee()->input->get_post('date_range'); $total_channels = count($allowed_channels); // If we have more than one channel we'll write the JavaScript menu switching code if ($total_channels > 1) { ee()->javascript->output($this->filtering_menus()); } // Do we have a message to show? // Note: a message is displayed on this page after editing or submitting a new entry if (ee()->input->get_post("U") == 'mu') { $vars['message'] = lang('multi_entries_updated'); } // Declare the "filtering" form $vars['search_form'] = $search_url != '' ? $search_url : 'C=addons_modules' . AMP . 'M=show_module_cp' . AMP . 'module=simple_commerce' . AMP . 'method=add_items'; // If we have more than one channel we'll add the "onchange" method to // the form so that it'll automatically switch categories and statuses if ($total_channels > 1) { $vars['channel_select']['onchange'] = 'changemenu(this.selectedIndex);'; } // Design note: Because the JavaScript code dynamically switches the information inside the // pull-down menus we can't show any particular menu in a "selected" state unless there is only // one channel. Each channel is fully independent, so it can have its own categories, statuses, etc. // Channel selection pull-down menu // Fetch the names of all channels and write each one in an <option> field $fields = array('channel_title', 'channel_id', 'cat_group'); $where = array(); // If the user is restricted to specific channels, add that to the query if (ee()->session->userdata['group_id'] != 1) { $where[] = array('channel_id' => $allowed_channels); } $query = ee()->channel_model->get_channels(ee()->config->item('site_id'), $fields, $where); if ($query->num_rows() == 1) { $channel_id = $query->row('channel_id'); $cat_group = $query->row('cat_group'); } elseif ($channel_id != '') { foreach ($query->result_array() as $row) { if ($row['channel_id'] == $channel_id) { $channel_id = $row['channel_id']; $cat_group = $row['cat_group']; } } } $vars['channel_selected'] = ee()->input->get_post('channel_id'); $vars['channel_select_options'] = array('null' => lang('filter_by_channel')); if ($query->num_rows() > 1) { $vars['channel_select_options']['all'] = lang('all'); } foreach ($query->result_array() as $row) { $vars['channel_select_options'][$row['channel_id']] = $row['channel_title']; } // Category pull-down menu $vars['category_selected'] = $cat_id; $vars['category_select_options'][''] = lang('filter_by_category'); if ($total_channels > 1) { $vars['category_select_options']['all'] = lang('all'); } $vars['category_select_options']['none'] = lang('none'); if ($cat_group != '') { foreach (ee()->api_channel_categories->cat_array as $key => $val) { if (!in_array($val['0'], explode('|', $cat_group))) { unset(ee()->api_channel_categories->cat_array[$key]); } } $i = 1; $new_array = array(); foreach (ee()->api_channel_categories->cat_array as $ckey => $cat) { if ($ckey - 1 < 0 or !isset(ee()->api_channel_categories->cat_array[$ckey - 1])) { $vars['category_select_options']['NULL_' . $i] = '-------'; } $vars['category_select_options'][$cat['1']] = str_replace("!-!", " ", $cat['2']); if (isset(ee()->api_channel_categories->cat_array[$ckey + 1]) && ee()->api_channel_categories->cat_array[$ckey + 1]['0'] != $cat['0']) { $vars['category_select_options']['NULL_' . $i] = '-------'; } $i++; } } // Authors list $vars['author_selected'] = ee()->input->get_post('author_id'); $query = ee()->member_model->get_authors(); $vars['author_select_options'][''] = lang('filter_by_author'); foreach ($query->result_array() as $row) { $vars['author_select_options'][$row['member_id']] = $row['screen_name'] == '' ? $row['username'] : $row['screen_name']; } // Status pull-down menu $vars['status_selected'] = $status; $vars['status_select_options'][''] = lang('filter_by_status'); $vars['status_select_options']['all'] = lang('all'); $sel_1 = ''; $sel_2 = ''; if ($cat_group != '') { $sel_1 = $status == 'open' ? 1 : ''; $sel_2 = $status == 'closed' ? 1 : ''; } if ($cat_group != '') { $rez = ee()->db->query("SELECT status_group FROM exp_channels WHERE channel_id = '{$channel_id}'"); $query = ee()->db->query("SELECT status FROM exp_statuses WHERE group_id = '" . ee()->db->escape_str($rez->row('status_group')) . "' ORDER BY status_order"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $status_name = ($row['status'] == 'closed' or $row['status'] == 'open') ? lang($row['status']) : $row['status']; $vars['status_select_options'][$row['status']] = $status_name; } } } else { $vars['status_select_options']['open'] = lang('open'); $vars['status_select_options']['closed'] = lang('closed'); } // Date range pull-down menu $vars['date_selected'] = $date_range; $vars['date_select_options'][''] = lang('date_range'); $vars['date_select_options']['1'] = lang('today'); $vars['date_select_options']['7'] = lang('past_week'); $vars['date_select_options']['31'] = lang('past_month'); $vars['date_select_options']['182'] = lang('past_six_months'); $vars['date_select_options']['365'] = lang('past_year'); $vars['date_select_options']['custom_date'] = lang('any_date'); // Display order pull-down menu $vars['order_selected'] = $order; $vars['order_select_options'][''] = lang('order'); $vars['order_select_options']['asc'] = lang('ascending'); $vars['order_select_options']['desc'] = lang('descending'); $vars['order_select_options']['alpha'] = lang('alpha'); // Results per page pull-down menu if (!($perpage = ee()->input->get_post('perpage'))) { $perpage = ee()->input->cookie('perpage'); } if ($perpage == '') { $perpage = 50; } ee()->functions->set_cookie('perpage', $perpage, 60 * 60 * 24 * 182); $vars['perpage_selected'] = $perpage; $vars['perpage_select_options']['10'] = '10 ' . lang('results'); $vars['perpage_select_options']['25'] = '25 ' . lang('results'); $vars['perpage_select_options']['50'] = '50 ' . lang('results'); $vars['perpage_select_options']['75'] = '75 ' . lang('results'); $vars['perpage_select_options']['100'] = '100 ' . lang('results'); $vars['perpage_select_options']['150'] = '150 ' . lang('results'); if (isset($_POST['keywords'])) { $keywords = sanitize_search_terms($_POST['keywords']); } elseif (isset($_GET['keywords'])) { $keywords = sanitize_search_terms(base64_decode($_GET['keywords'])); } else { $keywords = ''; } if (substr(strtolower($keywords), 0, 3) == 'ip:') { $keywords = str_replace('_', '.', $keywords); } // Because of the auto convert we prepare a specific variable with the converted ascii // characters while leaving the $keywords variable intact for display and URL purposes $search_keywords = ee()->config->item('auto_convert_high_ascii') == 'y' ? ascii_to_entities($keywords) : $keywords; $vars['exact_match'] = ee()->input->get_post('exact_match'); $vars['keywords'] = array('name' => 'keywords', 'value' => stripslashes($keywords), 'id' => 'keywords', 'maxlength' => 200); $search_in = ee()->input->get_post('search_in') != '' ? ee()->input->get_post('search_in') : 'title'; $vars['search_in_selected'] = $search_in; $vars['search_in_options']['title'] = lang('title_only'); $vars['search_in_options']['body'] = lang('title_and_body'); if (isset(ee()->installed_modules['comment'])) { $vars['search_in_options']['everywhere'] = lang('title_body_comments'); $vars['search_in_options']['comments'] = $this->lang->line('comments'); } // Build the main query if ($search_url != '') { $pageurl = BASE . AMP . $search_url; } else { $pageurl = BASE . AMP . 'C=addons_modules' . AMP . 'M=show_module_cp' . AMP . 'module=simple_commerce' . AMP . 'method=add_items'; } $sql_a = "SELECT "; if ($search_in == 'comments') { $sql_b = "DISTINCT(exp_comments.comment_id) "; } else { $sql_b = ($cat_id == 'none' or $cat_id != "") ? "DISTINCT(exp_channel_titles.entry_id) " : "exp_channel_titles.entry_id "; } $sql = "FROM exp_channel_titles\n\t\t\t\tLEFT JOIN exp_channels ON exp_channel_titles.channel_id = exp_channels.channel_id "; if ($keywords != '') { if ($search_in != 'title') { $sql .= "LEFT JOIN exp_channel_data ON exp_channel_titles.entry_id = exp_channel_data.entry_id "; } if ($search_in == 'everywhere' or $search_in == 'comments') { $sql .= "LEFT JOIN exp_comments ON exp_channel_titles.entry_id = exp_comments.entry_id "; } } elseif ($search_in == 'comments') { $sql .= "LEFT JOIN exp_comments ON exp_channel_titles.entry_id = exp_comments.entry_id "; } $sql .= "LEFT JOIN exp_members ON exp_members.member_id = exp_channel_titles.author_id "; if ($cat_id == 'none' or $cat_id != "") { $sql .= "LEFT JOIN exp_category_posts ON exp_channel_titles.entry_id = exp_category_posts.entry_id\n\t\t\t\t\t LEFT JOIN exp_categories ON exp_category_posts.cat_id = exp_categories.cat_id "; } if (is_array($extra_sql) && isset($extra_sql['tables'])) { $sql .= ' ' . $extra_sql['tables'] . ' '; } // Limit to channels assigned to user $sql .= " WHERE exp_channels.site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' AND exp_channel_titles.channel_id IN ("; foreach ($allowed_channels as $val) { $sql .= "'" . $val . "',"; } $sql = substr($sql, 0, -1) . ')'; if (!ee()->cp->allowed_group('can_edit_other_entries') and !ee()->cp->allowed_group('can_view_other_entries')) { $sql .= " AND exp_channel_titles.author_id = " . ee()->session->userdata('member_id'); } if (is_array($extra_sql) && isset($extra_sql['where'])) { $sql .= ' ' . $extra_sql['where'] . ' '; } if ($keywords != '') { $pageurl .= AMP . 'keywords=' . base64_encode($keywords); if ($search_in == 'comments') { // When searching in comments we do not want to search the entry title. // However, by removing this we would have to make the rest of the query creation code // below really messy so we simply check for an empty title, which should never happen. // That makes this check pointless and allows us some cleaner code. -Paul $sql .= " AND (exp_channel_titles.title = '' "; } else { if ($vars['exact_match'] != 'yes') { $sql .= " AND (exp_channel_titles.title LIKE '%" . ee()->db->escape_like_str($search_keywords) . "%' "; } else { $pageurl .= AMP . 'exact_match=yes'; $sql .= " AND (exp_channel_titles.title = '" . ee()->db->escape_str($search_keywords) . "' OR exp_channel_titles.title LIKE '" . ee()->db->escape_like_str($search_keywords) . " %' OR exp_channel_titles.title LIKE '% " . ee()->db->escape_like_str($search_keywords) . " %' "; } } $pageurl .= AMP . 'search_in=' . $search_in; if ($search_in == 'body' or $search_in == 'everywhere') { // --------------------------------------- // Fetch the searchable field names // --------------------------------------- $fields = array(); $xql = "SELECT DISTINCT(field_group) FROM exp_channels"; if ($channel_id != '') { $xql .= " WHERE channel_id = '" . ee()->db->escape_str($channel_id) . "' "; } $query = ee()->db->query($xql); if ($query->num_rows() > 0) { $fql = "SELECT field_id FROM exp_channel_fields WHERE group_id IN ("; foreach ($query->result_array() as $row) { $fql .= "'" . $row['field_group'] . "',"; } $fql = substr($fql, 0, -1) . ')'; $query = ee()->db->query($fql); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $fields[] = $row['field_id']; } } } foreach ($fields as $val) { if ($exact_match != 'yes') { $sql .= " OR exp_channel_data.field_id_" . $val . " LIKE '%" . ee()->db->escape_like_str($search_keywords) . "%' "; } else { $sql .= " OR (exp_channel_data.field_id_" . $val . " LIKE '" . ee()->db->escape_like_str($search_keywords) . " %' OR exp_channel_data.field_id_" . $val . " LIKE '% " . ee()->db->escape_like_str($search_keywords) . " %' OR exp_channel_data.field_id_" . $val . " = '" . ee()->db->escape_str($search_keywords) . "') "; } } } if ($search_in == 'everywhere' or $search_in == 'comments') { if ($search_in == 'comments' && (substr(strtolower($search_keywords), 0, 3) == 'ip:' or substr(strtolower($search_keywords), 0, 4) == 'mid:')) { if (substr(strtolower($search_keywords), 0, 3) == 'ip:') { $sql .= " OR (exp_comments.ip_address = '" . ee()->db->escape_str(str_replace('_', '.', substr($search_keywords, 3))) . "') "; } elseif (substr(strtolower($search_keywords), 0, 4) == 'mid:') { $sql .= " OR (exp_comments.author_id = '" . ee()->db->escape_str(substr($search_keywords, 4)) . "') "; } } else { $sql .= " OR (exp_comments.comment LIKE '%" . ee()->db->escape_like_str($keywords) . "%') "; // No ASCII conversion here! } } $sql .= ")"; } if ($channel_id) { $pageurl .= AMP . 'channel_id=' . $channel_id; $sql .= " AND exp_channel_titles.channel_id = {$channel_id}"; } if ($date_range) { $pageurl .= AMP . 'date_range=' . $date_range; $date_range = time() - $date_range * 60 * 60 * 24; $sql .= " AND exp_channel_titles.entry_date > {$date_range}"; } if (is_numeric($cat_id)) { $pageurl .= AMP . 'cat_id=' . $cat_id; $sql .= " AND exp_category_posts.cat_id = '{$cat_id}'\n\t\t\t\t\t AND exp_category_posts.entry_id = exp_channel_titles.entry_id "; } if ($cat_id == 'none') { $pageurl .= AMP . 'cat_id=' . $cat_id; $sql .= " AND exp_category_posts.entry_id IS NULL "; } if ($status && $status != 'all') { $pageurl .= AMP . 'status=' . $status; $sql .= " AND exp_channel_titles.status = '{$status}'"; } $end = " ORDER BY "; if ($order) { $pageurl .= AMP . 'order=' . $order; switch ($order) { case 'asc': $end .= "entry_date asc"; break; case 'desc': $end .= "entry_date desc"; break; case 'alpha': $end .= "title asc"; break; default: $end .= "entry_date desc"; } } else { $end .= "entry_date desc"; } // ------------------------------ // Are there results? // ------------------------------ $query = ee()->db->query($sql_a . $sql_b . $sql); // No result? Show the "no results" message $vars['total_count'] = $query->num_rows(); if ($vars['total_count'] == 0) { ee()->javascript->compile(); $vars['heading'] = 'edit_channel_entries'; $vars['search_form_hidden'] = array(); ee()->load->view('edit_rip', $vars, TRUE); return; } // Get the current row number and add the LIMIT clause to the SQL query if (!($rownum = ee()->input->get_post('rownum'))) { $rownum = 0; } // -------------------------------------------- // Run the query again, fetching ID numbers // -------------------------------------------- if ($search_in == 'comments') { $rownum = ee()->input->get('current_page') ? ee()->input->get('current_page') : 0; } else { $pageurl .= AMP . 'perpage=' . $perpage; $vars['form_hidden']['pageurl'] = base64_encode($pageurl); // for pagination } $query = ee()->db->query($sql_a . $sql_b . $sql . $end . " LIMIT " . $rownum . ", " . $perpage); // Filter comments if ($search_in == 'comments') { $comment_array = array(); foreach ($query->result_array() as $row) { $comment_array[] = $row['comment_id']; } if ($keywords == '') { $pageurl .= AMP . 'keywords=' . base64_encode($keywords) . AMP . 'search_in=' . $search_in; } return ee()->view_comments('', '', '', FALSE, array_unique($comment_array), $vars['total_count'], $pageurl); } // -------------------------------------------- // Fetch the channel information we need later // -------------------------------------------- $sql = "SELECT channel_id, channel_name FROM exp_channels "; $sql .= "WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' "; $w_array = array(); $result = ee()->db->query($sql); if ($result->num_rows() > 0) { foreach ($result->result_array() as $rez) { $w_array[$rez['channel_id']] = $rez['channel_name']; } } // -------------------------------------------- // Fetch the status highlight colors // -------------------------------------------- $cql = "SELECT exp_channels.channel_id, exp_channels.channel_name, exp_statuses.status, exp_statuses.highlight\n\t\t\t\t FROM exp_channels, exp_statuses, exp_status_groups\n\t\t\t\t WHERE exp_status_groups.group_id = exp_channels.status_group\n\t\t\t\t AND exp_status_groups.group_id = exp_statuses.group_id\n\t\t\t\t AND\texp_statuses.highlight != ''\n\t\t\t\t AND\texp_status_groups.site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' "; // Limit to channels assigned to user $sql .= " AND exp_channels.channel_id IN ("; foreach ($allowed_channels as $val) { $sql .= "'" . $val . "',"; } $sql = substr($sql, 0, -1) . ')'; $result = ee()->db->query($cql); $c_array = array(); if ($result->num_rows() > 0) { foreach ($result->result_array() as $rez) { $c_array[$rez['channel_id'] . '_' . $rez['status']] = str_replace('#', '', $rez['highlight']); } } // information for entries table $vars['entries_form'] = $form_url != '' ? $form_url : 'C=addons_modules' . AMP . 'M=show_module_cp' . AMP . 'module=simple_commerce' . AMP . 'method=add_item'; $vars['form_hidden'] = $extra_fields_entries; $vars['search_form_hidden'] = $extra_fields_search ? $extra_fields_search : array(); // table headings $table_headings = array('#', lang('title'), lang('view')); // comments module installed? If so, add it to the list of headings. if (isset(ee()->installed_modules['comment'])) { $table_headings[] .= lang('comments'); } $table_headings = array_merge($table_headings, array(lang('author'), lang('date'), lang('channel'), lang('status'), form_checkbox('select_all', 'true', FALSE, 'class="toggle_all"'))); $vars['table_headings'] = $table_headings; // Build and run the full SQL query $sql = "SELECT "; $sql .= ($cat_id == 'none' or $cat_id != "") ? "DISTINCT(exp_channel_titles.entry_id), " : "exp_channel_titles.entry_id, "; $sql .= "exp_channel_titles.channel_id,\n\t\t\t\texp_channel_titles.title,\n\t\t\t\texp_channel_titles.author_id,\n\t\t\t\texp_channel_titles.status,\n\t\t\t\texp_channel_titles.entry_date,\n\t\t\t\texp_channel_titles.comment_total,\n\t\t\t\texp_channels.live_look_template,\n\t\t\t\texp_members.username,\n\t\t\t\texp_members.email,\n\t\t\t\texp_members.screen_name"; $sql .= " FROM exp_channel_titles\n\t\t\t\t LEFT JOIN exp_channels ON exp_channel_titles.channel_id = exp_channels.channel_id\n\t\t\t\t LEFT JOIN exp_members ON exp_members.member_id = exp_channel_titles.author_id "; if ($cat_id != 'none' and $cat_id != "") { $sql .= "INNER JOIN exp_category_posts ON exp_channel_titles.entry_id = exp_category_posts.entry_id\n\t\t\t\t\t INNER JOIN exp_categories ON exp_category_posts.cat_id = exp_categories.cat_id "; } $sql .= "WHERE exp_channel_titles.entry_id IN ("; foreach ($query->result_array() as $row) { $sql .= $row['entry_id'] . ','; } $sql = substr($sql, 0, -1) . ') ' . $end; $query = ee()->db->query($sql); // load the site's templates $templates = array(); $tquery = ee()->db->query("SELECT exp_template_groups.group_name, exp_templates.template_name, exp_templates.template_id\n\t\t\t\t\t\t\tFROM exp_template_groups, exp_templates\n\t\t\t\t\t\t\tWHERE exp_template_groups.group_id = exp_templates.group_id\n\t\t\t\t\t\t\tAND exp_templates.site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'"); if ($tquery->num_rows() > 0) { foreach ($tquery->result_array() as $row) { $templates[$row['template_id']] = $row['group_name'] . '/' . $row['template_name']; } } // Grab all autosaved entries // Removed for here $vars['autosave_show'] = FALSE; // Loop through the main query result and set up data structure for table $vars['entries'] = array(); foreach ($query->result_array() as $row) { // Entry ID number $vars['entries'][$row['entry_id']][] = $row['entry_id']; // Channel entry title (view entry) $output = '<a href="' . BASE . AMP . 'C=content_publish' . AMP . 'M=entry_form' . AMP . 'channel_id=' . $row['channel_id'] . AMP . 'entry_id=' . $row['entry_id'] . '">' . $row['title'] . '</a>'; $vars['entries'][$row['entry_id']][] = $output; // "View" if ($row['live_look_template'] != 0 && isset($templates[$row['live_look_template']])) { $qm = ee()->config->item('force_query_string') == 'y' ? '' : '?'; $view_link = anchor(ee()->functions->fetch_site_index() . $qm . 'URL=' . ee()->functions->create_url($templates[$row['live_look_template']] . '/' . $row['entry_id']), lang('view'), '', TRUE); } else { $view_link = '--'; } $vars['entries'][$row['entry_id']][] = $view_link; // Comment count $show_link = TRUE; if ($row['author_id'] == ee()->session->userdata('member_id')) { if (!ee()->cp->allowed_group('can_edit_own_comments') and !ee()->cp->allowed_group('can_delete_own_comments') and !ee()->cp->allowed_group('can_moderate_comments')) { $show_link = FALSE; } } else { if (!ee()->cp->allowed_group('can_edit_all_comments') and !ee()->cp->allowed_group('can_delete_all_comments') and !ee()->cp->allowed_group('can_moderate_comments')) { $show_link = FALSE; } } if (isset(ee()->installed_modules['comment'])) { // Comment Link if ($show_link !== FALSE) { $res = ee()->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '" . $row['entry_id'] . "'"); ee()->db->query_count--; $view_url = BASE . AMP . 'C=content_edit' . AMP . 'M=view_comments' . AMP . 'channel_id=' . $row['channel_id'] . AMP . 'entry_id=' . $row['entry_id']; } $view_link = $show_link == FALSE ? '<div class="lightLinks">--</div>' : '<div class="lightLinks">(' . $res->row('count') . ')' . NBS . anchor($view_url, lang('view')) . '</div>'; $vars['entries'][$row['entry_id']][] = $view_link; } // Username $name = $row['screen_name'] != '' ? $row['screen_name'] : $row['username']; $vars['entries'][$row['entry_id']][] = mailto($row['email'], $name); // Date $date_fmt = ee()->session->userdata('time_format') != '' ? ee()->session->userdata('time_format') : ee()->config->item('time_format'); if ($date_fmt == 'us') { $datestr = '%m/%d/%y %h:%i %a'; } else { $datestr = '%Y-%m-%d %H:%i'; } $vars['entries'][$row['entry_id']][] = ee()->localize->format_date($datestr, $row['entry_date']); // Channel $vars['entries'][$row['entry_id']][] = isset($w_array[$row['channel_id']]) ? '<div class="smallNoWrap">' . $w_array[$row['channel_id']] . '</div>' : ''; // Status $status_name = ($row['status'] == 'open' or $row['status'] == 'closed') ? lang($row['status']) : $row['status']; $color_info = ''; if (isset($c_array[$row['channel_id'] . '_' . $row['status']]) and $c_array[$row['channel_id'] . '_' . $row['status']] != '') { $color = $c_array[$row['channel_id'] . '_' . $row['status']]; $prefix = (is_array($colors) and !array_key_exists(strtolower($color), $colors)) ? '#' : ''; // There are custom colours, override the class above $color_info = 'style="color:' . $prefix . $color . ';"'; } $vars['entries'][$row['entry_id']][] = '<span class="status_' . $row['status'] . '"' . $color_info . '>' . $status_name . '</span>'; // Delete checkbox $vars['entries'][$row['entry_id']][] = form_checkbox('toggle[]', $row['entry_id'], '', ' class="toggle" id="delete_box_' . $row['entry_id'] . '"'); } // End foreach // Pass the relevant data to the paginate class $config['base_url'] = $pageurl; $config['total_rows'] = $vars['total_count']; $config['per_page'] = $perpage; $config['page_query_string'] = TRUE; $config['query_string_segment'] = 'rownum'; $config['full_tag_open'] = '<p id="paginationLinks">'; $config['full_tag_close'] = '</p>'; $config['prev_link'] = '<img src="' . ee()->cp->cp_theme_url . 'images/pagination_prev_button.gif" width="13" height="13" alt="<" />'; $config['next_link'] = '<img src="' . ee()->cp->cp_theme_url . 'images/pagination_next_button.gif" width="13" height="13" alt=">" />'; $config['first_link'] = '<img src="' . ee()->cp->cp_theme_url . 'images/pagination_first_button.gif" width="13" height="13" alt="< <" />'; $config['last_link'] = '<img src="' . ee()->cp->cp_theme_url . 'images/pagination_last_button.gif" width="13" height="13" alt="> >" />'; ee()->pagination->initialize($config); $vars['pagination'] = ee()->pagination->create_links(); $vars['heading'] = $heading ? $heading : 'edit_channel_entries'; $vars['action_options'] = ''; if ($action == '') { $vars['action_options'] = array('add' => lang('add_items')); } elseif (is_array($action)) { $vars['action_options'] = $action; } ee()->javascript->compile(); return ee()->load->view('edit_rip', $vars, TRUE); }
/** * search_products function. * * @access public * @param string $term * @param string $type * @return JSON product array */ public function search_products($term, $type = '') { $this->EE->load->helper('search'); $products = array(); $term = "%" . sanitize_search_terms($term) . "%"; if (strlen($term) < 2) { return $products; } $site_id = $this->config->item('site_id'); $sql = " SELECT \n \t\t * \n \t\t FROM \n \t\t " . $this->EE->db->dbprefix . "br_product \n \t\t WHERE \n \t\t enabled >= 0 \n \t\t AND \n \t\t site_id = " . $site_id . " \n \t\t AND \n \t\t (\n \t\t title LIKE '" . $term . "'\n \t\t OR \n \t\t detail LIKE '" . $term . "'\n \t\t OR \n \t\t sku LIKE '" . $term . "'\n \t\t ) "; // restrict the product types allowed // in a bundle search if ($type == 'bundle') { $types = array(1, 4, 5, 7); $sql .= " AND type_id IN (" . join(",", $types) . ")"; } $sql .= " order by title desc"; $query = $this->EE->db->query($sql); foreach ($query->result_array() as $row) { $products[] = $row; } return $products; }
/** * Sanitize Search Terms * * Filters a search string for security * * @access public * @param string * @return string */ public function sanitize_search_terms($str) { if (APP_VER < 2.0) { return $GLOBALS['REGX']->keyword_clean($str); } else { ee()->load->helper('search'); return sanitize_search_terms($str); } }
function filter_settings($ajax = FALSE) { // Load the search helper so we can filter the keywords $this->EE->load->helper('search'); $keywords = ''; if ($this->EE->input->post('keywords')) { $keywords = $this->EE->input->get_post('keywords'); } elseif ($this->EE->input->get('keywords')) { $keywords = base64_decode($this->EE->input->get('keywords')); } $channel_id = $this->EE->input->get_post('channel_id') && $this->EE->input->get_post('channel_id') != 'null' ? $this->EE->input->get_post('channel_id') : ''; $filter_on['status'] = $this->EE->input->get_post('status'); $filter_on['order'] = $this->EE->input->get_post('order'); $filter_on['date_range'] = $this->EE->input->get_post('date_range'); $filter_on['name'] = $this->EE->input->get('name') ? sanitize_search_terms(base64_decode($this->EE->input->get('name'))) : $this->EE->input->post('name'); $filter_on['keywords'] = $keywords; $filter_on['search_in'] = $this->EE->input->get_post('search_in'); $filter_on['channel_id'] = $this->EE->input->get_post('channel_id'); $filter_on['date_range'] = $this->EE->input->get_post('date_range'); $filter_on['ip_address'] = $this->EE->input->get('ip_address') ? sanitize_search_terms(base64_decode($this->EE->input->post('ip_address'))) : $this->EE->input->post('ip_address'); $filter_on['email'] = $this->EE->input->get('email') ? base64_decode($this->EE->input->post('email')) : $this->EE->input->post('email'); $filter_on['entry_id'] = $this->EE->input->get_post('entry_id'); $filter_on['comment_id'] = $this->EE->input->get_post('comment_id'); $filter_on['limit'] = $this->perpage; // Because you can specify some extra gets- let's translate that back to search_in/keywords if ($this->EE->input->get('entry_id')) { $filter_on['search_in'] = 'entry_title'; $this->EE->db->select('title'); $this->EE->db->where('entry_id', $this->EE->input->get('entry_id')); $query = $this->EE->db->get('channel_titles'); $row = $query->row(); $filter_on['keywords'] = $row->title; } elseif ($this->EE->input->get('name')) { $filter_on['search_in'] = 'name'; $filter_on['keywords'] = base64_decode($this->EE->input->get('name')); } elseif ($this->EE->input->get('email')) { $filter_on['search_in'] = 'email'; $filter_on['keywords'] = base64_decode($this->EE->input->get('email')); } elseif ($this->EE->input->get('ip_address')) { $filter_on['search_in'] = 'ip_address'; $filter_on['keywords'] = base64_decode($this->EE->input->get('ip_address')); } // Create the get variables for non-js pagination // Post variables: search_in, keywords*, channel_id, status, date_range // Get variables: entry_id, channel_id, name, email*, ip_address* and status $url = array('search_in' => $filter_on['search_in']); $filter_on['search_form_hidden'] = array(); foreach ($filter_on as $name => $value) { if ($this->EE->input->post($name) && $this->EE->input->post($name) != '') { $v = $name == 'keywords' ? base64_encode($this->EE->input->post($name)) : $this->EE->input->post($name); $url[$name] = $name . '=' . $v; } elseif ($this->EE->input->get($name)) { $url[$name] = $name . '=' . $this->EE->input->get($name); } } if (!isset($url['keywords'])) { unset($url['search_in']); } $this->search_url = implode(AMP, $url); return $filter_on; }
/** * View Referrers */ function view() { ee()->load->library('pagination'); ee()->load->library('javascript'); ee()->load->library('table'); ee()->load->helper('form'); ee()->cp->set_breadcrumb(BASE . AMP . 'C=addons_modules' . AMP . 'M=show_module_cp' . AMP . 'module=referrer', ee()->lang->line('referrers')); $vars['cp_page_title'] = ee()->lang->line('view_referrers'); ee()->jquery->tablesorter('.mainTable', '{ headers: {5: {sorter: false}}, widgets: ["zebra"] }'); ee()->javascript->output(array('$(".toggle_all").toggle( function(){ $("input.toggle").each(function() { this.checked = true; }); }, function (){ var checked_status = this.checked; $("input.toggle").each(function() { this.checked = false; }); } );')); ee()->cp->add_to_foot('<script type="text/javascript">function showHide(entryID, htmlObj, linkType) { extTextDivID = ("extText" + (entryID)); extLinkDivID = ("extLink" + (entryID)); if (linkType == "close") { document.getElementById(extTextDivID).style.display = "none"; document.getElementById(extLinkDivID).style.display = "block"; htmlObj.blur(); } else { document.getElementById(extTextDivID).style.display = "block"; document.getElementById(extLinkDivID).style.display = "none"; htmlObj.blur(); } } </script>'); $vars['referrers'] = array(); // used to pass referrer info into view, but initialized here in case there are no results. $rownum = ee()->input->get_post('rownum') != '' ? ee()->input->get_post('rownum') : 0; $perpage = 10; $search_str = ''; $search_sql = ''; $vars['search']['name'] = 'search'; if (isset($_GET['search']) or isset($_POST['search'])) { $search_str = isset($_POST['search']) ? stripslashes($_POST['search']) : base64_decode($_GET['search']); } if ($search_str != '') { // Load the search helper so we can filter the keywords ee()->load->helper('search'); $s = preg_split("/\\s+/", sanitize_search_terms($search_str)); foreach ($s as $part) { if (substr($part, 0, 1) == '-') { $search_sql .= "CONCAT_WS(' ', ref_from, ref_to, ref_ip, ref_agent) NOT LIKE '%" . ee()->db->escape_like_str(substr($part, 1)) . "%' AND "; } else { $search_sql .= "CONCAT_WS(' ', ref_from, ref_to, ref_ip, ref_agent) LIKE '%" . ee()->db->escape_like_str($part) . "%' AND "; } } $sql = "WHERE (" . substr($search_sql, 0, -4) . ")"; $vars['search']['value'] = sanitize_search_terms($search_str); } else { $sql = ""; } $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_referrers " . $sql); $vars['num_referrers'] = $query->row('count'); if ($query->row('count') == 0) { $vars['message'] = isset($vars['search']['value']) ? ee()->lang->line('referrer_no_results') : ee()->lang->line('no_referrers'); return ee()->load->view('view', $vars, TRUE); exit; } $sites_query = ee()->db->query("SELECT site_id, site_label FROM exp_sites"); $sites = array(); foreach ($sites_query->result_array() as $row) { $sites[$row['site_id']] = $row['site_label']; } $query = ee()->db->query("SELECT * FROM exp_referrers " . $sql . " ORDER BY ref_id desc LIMIT {$rownum}, {$perpage}"); $site_url = ee()->config->item('site_url'); foreach ($query->result_array() as $row) { // From $row['ref_from'] = str_replace('http://', '', $row['ref_from']); if (strlen($row['ref_from']) > 40) { $from_pieces = explode('/', $row['ref_from']); $new_from = $from_pieces['0'] . '/'; for ($p = 1; $p < count($from_pieces); $p++) { if (strlen($from_pieces[$p]) + strlen($new_from) <= 40) { $new_from .= $p == count($from_pieces) - 1 ? $from_pieces[$p] : $from_pieces[$p] . '/'; } else { $new_from .= '…'; break; } } } else { $new_from = $row['ref_from']; } $vars['referrers'][$row['ref_id']]['from_link'] = ee()->functions->fetch_site_index() . QUERY_MARKER . 'URL=' . urlencode($row['ref_from']); $vars['referrers'][$row['ref_id']]['from_url'] = $new_from; // To $vars['referrers'][$row['ref_id']]['to_link'] = ee()->functions->fetch_site_index() . QUERY_MARKER . 'URL=' . urlencode($row['ref_to']); $vars['referrers'][$row['ref_id']]['to_url'] = '/' . ltrim(str_replace($site_url, '', $row['ref_to']), '/'); // Date $vars['referrers'][$row['ref_id']]['date'] = ($row['ref_date'] != '' and $row['ref_date'] != 0) ? ee()->localize->human_time($row['ref_date']) : '-'; // IP $vars['referrers'][$row['ref_id']]['referrer_ip'] = ($row['ref_ip'] != '' and $row['ref_ip'] != 0) ? $row['ref_ip'] : '-'; // Agent $agent = $row['ref_agent'] != '' ? $row['ref_agent'] : '-'; if (strlen($agent) > 11) { $agent2 = '<span class="defaultBold">' . ee()->lang->line('ref_user_agent') . '</span>:' . NBS . "<a href=\"javascript:void(0);\" name=\"ext{$row['ref_id']}\" onclick=\"showHide({$row['ref_id']},this,'close');return false;\">[-]</a>" . NBS . NBS . $agent; $agent = "<div id='extLink{$row['ref_id']}'><span class='defaultBold'>" . ee()->lang->line('ref_user_agent') . '</span>:' . NBS . "<a href=\"javascript:void(0);\" name=\"ext{$row['ref_id']}\" onclick=\"showHide({$row['ref_id']},this,'open');return false;\">[+]</a>" . NBS . NBS . preg_replace("/(.+?)\\s+.*/", "\\1", $agent) . "</div>"; $agent .= '<div id="extText' . $row['ref_id'] . '" style="display: none; padding:0;">' . $agent2 . '</div>'; } $vars['referrers'][$row['ref_id']]['user_agent'] = $agent; // Site $vars['referrers'][$row['ref_id']]['site'] = $sites[$row['site_id']]; // Toggle checkbox $vars['referrers'][$row['ref_id']]['toggle'] = array('name' => 'toggle[]', 'id' => 'delete_box_' . $row['ref_id'], 'value' => $row['ref_id'], 'class' => 'toggle'); } // Pass the relevant data to the paginate class $config['base_url'] = BASE . AMP . 'C=addons_modules' . AMP . 'M=show_module_cp' . AMP . 'module=referrer' . AMP . 'method=view'; $config['total_rows'] = $vars['num_referrers']; $config['per_page'] = $perpage; $config['page_query_string'] = TRUE; $config['query_string_segment'] = 'rownum'; $config['full_tag_open'] = '<p id="paginationLinks">'; $config['full_tag_close'] = '</p>'; $config['prev_link'] = '<img src="' . ee()->cp->cp_theme_url . 'images/pagination_prev_button.gif" width="13" height="13" alt="<" />'; $config['next_link'] = '<img src="' . ee()->cp->cp_theme_url . 'images/pagination_next_button.gif" width="13" height="13" alt=">" />'; $config['first_link'] = '<img src="' . ee()->cp->cp_theme_url . 'images/pagination_first_button.gif" width="13" height="13" alt="< <" />'; $config['last_link'] = '<img src="' . ee()->cp->cp_theme_url . 'images/pagination_last_button.gif" width="13" height="13" alt="> >" />'; ee()->pagination->initialize($config); $vars['pagination'] = ee()->pagination->create_links(); ee()->javascript->compile(); return ee()->load->view('view', $vars, TRUE); }
/** * Do Search */ function do_search() { $this->EE->lang->loadfile('search'); // Get hidden meta vars if (isset($_POST['meta'])) { $this->_get_meta_vars(); } /** ---------------------------------------- /** Profile Exception /** ----------------------------------------*/ // This is an exception to the normal search routine. // It permits us to search for all posts by a particular user's screen name // We look for the "mbr" $_GET variable. If it exsists it will // trigger our exception if ($this->EE->input->get_post('mbr')) { $this->_meta['result_page'] = $this->EE->input->get_post('result_path') != '' ? $this->EE->input->get_post('result_path') : 'search/results'; $_POST['keywords'] = ''; $_POST['exact_match'] = 'y'; $_POST['exact_keyword'] = 'n'; } // RP can be used in a query string, // so we need to clean it a bit $this->_meta['result_page'] = str_replace(array('=', '&'), '', $this->_meta['result_page']); /** ---------------------------------------- /** Pulldown Addition - Any, All, Exact /** ----------------------------------------*/ if (isset($this->_meta['where']) && $this->_meta['where'] == 'exact') { $_POST['exact_keyword'] = 'y'; } /** ---------------------------------------- /** Do we have a search results page? /** ----------------------------------------*/ // The search results template is specified as a parameter in the search form tag. // If the parameter is missing we'll issue an error since we don't know where to // show the results if (!isset($this->_meta['result_page']) or $this->_meta['result_page'] == '') { return $this->EE->output->show_user_error('general', array(lang('search_path_error'))); } /** ---------------------------------------- /** Is the current user allowed to search? /** ----------------------------------------*/ if ($this->EE->session->userdata('can_search') == 'n' and $this->EE->session->userdata('group_id') != 1) { return $this->EE->output->show_user_error('general', array(lang('search_not_allowed'))); } /** ---------------------------------------- /** Flood control /** ----------------------------------------*/ if ($this->EE->session->userdata['search_flood_control'] > 0 and $this->EE->session->userdata['group_id'] != 1) { $cutoff = time() - $this->EE->session->userdata['search_flood_control']; $sql = "SELECT search_id FROM exp_search WHERE site_id = '" . $this->EE->db->escape_str($this->EE->config->item('site_id')) . "' AND search_date > '{$cutoff}' AND "; if ($this->EE->session->userdata['member_id'] != 0) { $sql .= "(member_id='" . $this->EE->db->escape_str($this->EE->session->userdata('member_id')) . "' OR ip_address='" . $this->EE->db->escape_str($this->EE->input->ip_address()) . "')"; } else { $sql .= "ip_address='" . $this->EE->db->escape_str($this->EE->input->ip_address()) . "'"; } $query = $this->EE->db->query($sql); $text = str_replace("%x", $this->EE->session->userdata['search_flood_control'], lang('search_time_not_expired')); if ($query->num_rows() > 0) { return $this->EE->output->show_user_error('general', array($text)); } } /** ---------------------------------------- /** Did the user submit any keywords? /** ----------------------------------------*/ // We only require a keyword if the member name field is blank if (!isset($_GET['mbr']) or !is_numeric($_GET['mbr'])) { if (!isset($_POST['member_name']) or $_POST['member_name'] == '') { if (!isset($_POST['keywords']) or $_POST['keywords'] == "") { return $this->EE->output->show_user_error('general', array(lang('search_no_keywords'))); } } } /** ---------------------------------------- /** Strip extraneous junk from keywords /** ----------------------------------------*/ if ($_POST['keywords'] != "") { // Load the search helper so we can filter the keywords $this->EE->load->helper('search'); $this->keywords = sanitize_search_terms($_POST['keywords']); /** ---------------------------------------- /** Is the search term long enough? /** ----------------------------------------*/ if (strlen($this->keywords) < $this->min_length) { $text = lang('search_min_length'); $text = str_replace("%x", $this->min_length, $text); return $this->EE->output->show_user_error('general', array($text)); } // Load the text helper $this->EE->load->helper('text'); $this->keywords = $this->EE->config->item('auto_convert_high_ascii') == 'y' ? ascii_to_entities($this->keywords) : $this->keywords; /** ---------------------------------------- /** Remove "ignored" words /** ----------------------------------------*/ if ((!isset($_POST['exact_keyword']) or $_POST['exact_keyword'] != 'y') && @(include_once APPPATH . 'config/stopwords.php')) { $parts = explode('"', $this->keywords); $this->keywords = ''; foreach ($parts as $num => $part) { // The odd breaks contain quoted strings. if ($num % 2 == 0) { foreach ($ignore as $badword) { $part = preg_replace("/\\b" . preg_quote($badword, '/') . "\\b/i", "", $part); } } $this->keywords .= $num != 0 ? '"' . $part : $part; } if (trim($this->keywords) == '') { return $this->EE->output->show_user_error('general', array(lang('search_no_stopwords'))); } } /** ---------------------------------------- /** Log Search Terms /** ----------------------------------------*/ $this->EE->functions->log_search_terms($this->keywords); } if (isset($_POST['member_name']) and $_POST['member_name'] != "") { $_POST['member_name'] = $this->EE->security->xss_clean($_POST['member_name']); } /** ---------------------------------------- /** Build and run query /** ----------------------------------------*/ $original_keywords = $this->keywords; $mbr = !isset($_GET['mbr']) ? '' : $_GET['mbr']; $sql = $this->build_standard_query(); /** ---------------------------------------- /** No query results? /** ----------------------------------------*/ if ($sql == FALSE) { if (isset($this->_meta['no_results_page']) and $this->_meta['no_results_page'] != '') { $hash = $this->EE->functions->random('md5'); $data = array('search_id' => $hash, 'search_date' => time(), 'member_id' => $this->EE->session->userdata('member_id'), 'keywords' => $original_keywords != '' ? $original_keywords : $mbr, 'ip_address' => $this->EE->input->ip_address(), 'total_results' => 0, 'per_page' => 0, 'query' => '', 'custom_fields' => '', 'result_page' => '', 'site_id' => $this->EE->config->item('site_id')); $this->EE->db->query($this->EE->db->insert_string('exp_search', $data)); return $this->EE->functions->redirect($this->EE->functions->create_url($this->EE->functions->extract_path("='" . $this->_meta['no_results_page'] . "'")) . '/' . $hash . '/'); } else { return $this->EE->output->show_user_error('off', array(lang('search_no_result')), lang('search_result_heading')); } } /** ---------------------------------------- /** If we have a result, cache it /** ----------------------------------------*/ $hash = $this->EE->functions->random('md5'); $sql = str_replace("\\", "\\\\", $sql); // This fixes a bug that occurs when a different table prefix is used $sql = str_replace('exp_', 'MDBMPREFIX', $sql); $data = array('search_id' => $hash, 'search_date' => time(), 'member_id' => $this->EE->session->userdata('member_id'), 'keywords' => $original_keywords != '' ? $original_keywords : $mbr, 'ip_address' => $this->EE->input->ip_address(), 'total_results' => $this->num_rows, 'per_page' => (isset($_POST['RES']) and is_numeric($_POST['RES']) and $_POST['RES'] < 999) ? $_POST['RES'] : 50, 'query' => addslashes(serialize($sql)), 'custom_fields' => addslashes(serialize($this->fields)), 'result_page' => $this->_meta['result_page'], 'site_id' => $this->EE->config->item('site_id')); $this->EE->db->query($this->EE->db->insert_string('exp_search', $data)); /** ---------------------------------------- /** Redirect to search results page /** ----------------------------------------*/ // Load the string helper $this->EE->load->helper('string'); $path = $this->EE->functions->remove_double_slashes($this->EE->functions->create_url(trim_slashes($this->_meta['result_page'])) . '/' . $hash . '/'); return $this->EE->functions->redirect($path); }
/** * Render the search results * @param string $keywords (Optional) Search keyword from elsewhere * @return string Parsed search results */ public function search_results($keywords = '') { // Check for pagination if (ee()->input->get_post('keywords') === FALSE && $keywords == '') { if (!isset($this->seg_parts['1']) or strlen($this->seg_parts['1']) < 20) { return $this->return_data = ''; } ee()->db->where('wiki_search_id', $this->seg_parts['1']); $query = ee()->db->get('wiki_search'); if ($query->num_rows() > 0) { // Retrieve information about the search $paginate_sql = $query->row('wiki_search_query'); $paginate_hash = $query->row('wiki_search_id'); $keywords = $query->row('wiki_search_keywords'); } } /** ---------------------------------------- /** Work Up the Keywords A Bit, Know What I'm Saying? /** ----------------------------------------*/ $keywords = ee()->input->get_post('keywords') !== FALSE ? ee()->input->get_post('keywords') : $keywords; // Load the search helper so we can filter the keywords ee()->load->helper('search'); $keywords = ee()->functions->encode_ee_tags(sanitize_search_terms($keywords), TRUE); if ($keywords == '') { $this->redirect('', 'index'); } elseif (strlen($keywords) < $this->min_length_keywords) { return ee()->output->show_user_error('general', array(str_replace("%x", $this->min_length_keywords, lang('search_min_length')))); } $this->return_data = str_replace(array('{wiki:page}', '{keywords}'), array($this->_fetch_template('wiki_special_search_results.html'), stripslashes($keywords)), $this->return_data); // Start work on pagination ee()->load->library('pagination'); $pagination = ee()->pagination->create(); $this->return_data = $pagination->prepare($this->return_data); /** ---------------------------------------- /** Parse Results Tag Pair /** ----------------------------------------*/ if (!preg_match("/\\{wiki:search_results(.*?)\\}(.*?)\\{\\/wiki:search_results\\}/s", $this->return_data, $match)) { return $this->return_data = ''; } /** ---------------------------------------- /** Parameters /** ----------------------------------------*/ $parameters = ee()->functions->assign_parameters($match[1], array('limit' => 20, 'paginate' => 'bottom', 'switch' => '')); /* ---------------------------------------- /* Date Formats /* - Those GMT dates are not typical for results, but I thought it might /* be the case that there will be dynamic RSS/Atom searches in the /* future so I added them just in case. /* ----------------------------------------*/ $dates = $this->parse_dates($this->return_data); /** ---------------------------------------- /** Our Query /** ----------------------------------------*/ if ($pagination->paginate === TRUE && isset($paginate_sql)) { $sql = $paginate_sql; } else { $sql = "FROM exp_wiki_revisions r, exp_members m, exp_wiki_page p\n\t\t\t\tWHERE p.page_id = r.page_id\n\t\t\t\t\tAND p.last_updated = r.revision_date\n\t\t\t\t\tAND p.wiki_id = '" . ee()->db->escape_str($this->wiki_id) . "'\n\t\t\t\t\tAND ("; /** ------------------------------------- /** Get our keywords into search terms /** -------------------------------------*/ $terms = array(); $keywords = stripslashes($keywords); $nsql = ''; if (stristr(strtolower($keywords), 'namespace:')) { $namespaces = array('Category' => 'category'); $nquery = ee()->db->query("SELECT namespace_label, namespace_name FROM exp_wiki_namespaces"); if ($nquery->num_rows() > 0) { foreach ($nquery->result_array() as $row) { $namespaces[$row['namespace_label']] = $row['namespace_name']; } } foreach ($namespaces as $key => $val) { if (preg_match("/namespace:\\s*(\\-)*\\s*[\\'\"]?(" . preg_quote($key, '/') . ")[\\'\"]?/", $keywords, $nmatch)) { $keywords = str_replace($nmatch['0'], '', $keywords); $compare = $nmatch['1'] == "-" ? '!=' : '='; $nsql = "AND p.page_namespace {$compare} '" . $namespaces[$nmatch['2']] . "' \n"; } } } // in case they searched with only "namespace:namespace_label" and no keywords if (trim($keywords) == '') { return ee()->output->show_user_error('general', array(lang('no_search_terms'))); } if (preg_match_all("/\\-*\"(.*?)\"/", $keywords, $matches)) { for ($m = 0; $m < count($matches['1']); $m++) { $terms[] = trim(str_replace('"', '', $matches['0'][$m])); $keywords = str_replace($matches['0'][$m], '', $keywords); } } if (trim($keywords) != '') { $terms = array_merge($terms, preg_split("/\\s+/", trim($keywords))); } $not_and = count($terms) > 2 ? ') AND (' : 'AND'; rsort($terms); /** ------------------------------------- /** Log Search Terms /** -------------------------------------*/ ee()->functions->log_search_terms(implode(' ', $terms), 'wiki'); /** ------------------------------------- /** Search in content and article title /** -------------------------------------*/ $mysql_function = substr($terms['0'], 0, 1) == '-' ? 'NOT LIKE' : 'LIKE'; $search_term = substr($terms['0'], 0, 1) == '-' ? substr($terms['0'], 1) : $terms['0']; $connect = $mysql_function == 'LIKE' ? 'OR' : 'AND'; $sql .= "\n(r.page_content {$mysql_function} '%" . ee()->db->escape_like_str($search_term) . "%' "; $sql .= "{$connect} p.page_name {$mysql_function} '%" . ee()->db->escape_like_str($search_term) . "%') "; for ($i = 1; $i < count($terms); $i++) { $mysql_criteria = ($mysql_function == 'NOT LIKE' or substr($terms[$i], 0, 1) == '-') ? $not_and : 'AND'; $mysql_function = substr($terms[$i], 0, 1) == '-' ? 'NOT LIKE' : 'LIKE'; $search_term = substr($terms[$i], 0, 1) == '-' ? substr($terms[$i], 1) : $terms[$i]; $connect = $mysql_function == 'LIKE' ? 'OR' : 'AND'; $sql .= "{$mysql_criteria} (r.page_content {$mysql_function} '%" . ee()->db->escape_like_str($search_term) . "%' "; $sql .= "{$connect} p.page_name {$mysql_function} '%" . ee()->db->escape_like_str($search_term) . "%') "; } // close it up, and add our namespace clause $sql .= "\n) \n{$nsql}"; $sql .= "AND m.member_id = r.revision_author\n\t\t\t\t\t AND r.revision_status = 'open'\n\t\t\t\t\t ORDER BY r.revision_date"; } $query = ee()->db->query("SELECT COUNT(*) AS count " . $sql); if ($query->row('count') == 0) { $this->return_data = $this->_deny_if('results', $this->return_data); $this->return_data = $this->_allow_if('no_results', $this->return_data); $this->return_data = str_replace($match['0'], '', $this->return_data); return; } else { $this->return_data = $this->_allow_if('results', $this->return_data); $this->return_data = $this->_deny_if('no_results', $this->return_data); } /** ---------------------------------------- /** Store Pagination Hash and Query and do Garbage Collection /** ----------------------------------------*/ if ($query->row('count') > $parameters['limit'] && $pagination->current_page === 1) { $paginate_hash = ee()->functions->random('md5'); ee()->db->insert('wiki_search', array('wiki_search_id' => $paginate_hash, 'search_date' => time(), 'wiki_search_query' => $sql, 'wiki_search_keywords' => $keywords)); // Clear old search results ee()->db->where('search_date <', time() - $this->cache_expire * 3600); ee()->db->delete('wiki_search'); } /** ---------------------------------------- /** Rerun Query This Time With Our Data /** ----------------------------------------*/ if ($pagination->paginate === TRUE) { $base_paginate = $this->base_url . $this->special_ns . ':Search_results/'; if (isset($paginate_hash)) { $base_paginate .= $paginate_hash . '/'; } $pagination->basepath = $base_paginate; $pagination->position = $parameters['paginate']; $pagination->build($query->row('count'), $parameters['limit']); $pagination_sql = " LIMIT {$pagination->offset}, {$parameters['limit']}"; } else { $pagination_sql = " LIMIT " . $parameters['limit']; } $query = ee()->db->query("SELECT r.*, m.member_id, m.screen_name, m.email, m.url, p.page_namespace, p.page_name AS topic " . $sql . $pagination_sql); /** ---------------------------------------- /** Global Last Updated /** ----------------------------------------*/ $this->return_data = ee()->TMPL->parse_date_variables($this->return_data, array('last_updated' => $query->row('revision_date'))); $this->return_data = ee()->TMPL->parse_date_variables($this->return_data, array('gmt_last_updated' => $query->row('revision_date')), FALSE); /** ---------------------------------------- /** Parsing of the Results /** ----------------------------------------*/ $results = $this->parse_results($match, $query, $parameters, $dates, $pagination); $results = $pagination->render($results); $this->return_data = str_replace($match['0'], $results, $this->return_data); }
function search() { // Load native EE helper to sanitize search term $this->EE->load->helper('search'); // Set the return location $return = $this->EE->TMPL->fetch_param('return') ? $this->EE->TMPL->fetch_param('return') : 'catalog/result'; // Get the product search collection $term = $this->EE->TMPL->fetch_param('term') ? $this->EE->TMPL->fetch_param('term') : $this->EE->input->post('search', TRUE); $term = sanitize_search_terms($term); $hits = $this->_search_index($term); $hash = sha1(time() . $term); $i = 0; $product = array(); foreach ($hits as $hit) { $tmp = $this->EE->product_model->get_products($hit["product_id"]); // Check to make sure that a product is returned if (isset($tmp[0])) { if ($tmp[0]["site_id"] == $this->site_id) { $product[$i] = $tmp[0]; $product[$i]["score"] = round(100 * $hit["score"], 2); $product[$i]["row_count"] = $i + 1; $i++; } } } // Count the products but set // a reasonable search result // limit $count = count($product); if ($count > $this->_config["result_limit"]) { $lim = $count - 1; for ($i = $this->_config["result_limit"]; $i <= $count; $i++) { unset($product[$i]); } $count = $this->_config["result_limit"]; } $vars[0] = array('search_hash' => $hash, 'search_term' => $term, 'total_results' => count($product), 'results' => $product, 'no_results' => array(), 'result_filter_set' => ''); save_to_cache('search_' . $hash, serialize($vars)); $this->EE->product_model->log_search($term, $hash, count($product), $this->EE->session->userdata["member_id"]); $this->EE->functions->redirect($this->EE->functions->create_url($return . '/id/' . $hash)); }
/** * Sanitize Search Terms * * Filters a search string for security * * @access public * @param string * @return string */ public function sanitize_search_terms($str) { ee()->load->helper('search'); return sanitize_search_terms($str); }
/** ------------------------------------- /** Search Some Content! /** -------------------------------------*/ function search_results($keywords='') { /** ---------------------------------------- /** Check for Pagination /** ----------------------------------------*/ $search_paginate = FALSE; if ($this->EE->input->get_post('keywords') === FALSE && $keywords == '') { if ( ! isset($this->seg_parts['1']) OR strlen($this->seg_parts['1']) < 20) { return $this->return_data = ''; } $this->EE->db->where('wiki_search_id', $this->seg_parts['1']); $query = $this->EE->db->get('wiki_search'); if ($query->num_rows() > 0) { $search_paginate = TRUE; $paginate_sql = $query->row('wiki_search_query') ; $paginate_hash = $query->row('wiki_search_id') ; $keywords = $query->row('wiki_search_keywords') ; } } /** ---------------------------------------- /** Work Up the Keywords A Bit, Know What I'm Saying? /** ----------------------------------------*/ $keywords = ($this->EE->input->get_post('keywords') !== FALSE) ? $this->EE->input->get_post('keywords') : $keywords; // Load the search helper so we can filter the keywords $this->EE->load->helper('search'); $keywords = $this->EE->functions->encode_ee_tags(sanitize_search_terms($keywords), TRUE); if ($keywords == '') { $this->redirect('', 'index'); } elseif(strlen($keywords) < $this->min_length_keywords) { return $this->EE->output->show_user_error('general', array(str_replace("%x", $this->min_length_keywords, $this->EE->lang->line('search_min_length')))); } $this->return_data = str_replace(array('{wiki:page}', '{keywords}'), array($this->_fetch_template('wiki_special_search_results.html'), stripslashes($keywords)), $this->return_data); /** ---------------------------------------- /** Parse Results Tag Pair /** ----------------------------------------*/ if ( ! preg_match("/\{wiki:search_results(.*?)\}(.*?)\{\/wiki:search_results\}/s", $this->return_data, $match)) { return $this->return_data = ''; } /** ---------------------------------------- /** Parameters /** ----------------------------------------*/ $parameters['limit'] = 20; $parameters['switch1'] = ''; $parameters['switch2'] = ''; $parameters['paginate'] = 'bottom'; if (trim($match['1']) != '' && ($params = $this->EE->functions->assign_parameters($match['1'])) !== FALSE) { $parameters['limit'] = (isset($params['limit']) && is_numeric($params['limit'])) ? $params['limit'] : $parameters['limit']; $parameters['paginate'] = (isset($params['paginate'])) ? $params['paginate'] : $parameters['paginate']; if (isset($params['switch'])) { if (strpos($params['switch'], '|') !== FALSE) { $x = explode("|", $params['switch']); $parameters['switch1'] = $x['0']; $parameters['switch2'] = $x['1']; } else { $parameters['switch1'] = $params['switch']; } } } /* ---------------------------------------- /* Date Formats /* - Those GMT dates are not typical for results, but I thought it might /* be the case that there will be dynamic RSS/Atom searches in the /* future so I added them just in case. /* ----------------------------------------*/ $dates = $this->parse_dates($this->return_data); // Secure Forms check // If the hash is not found we'll simply reload the page. if ($this->EE->config->item('secure_forms') == 'y' && $search_paginate === FALSE) { if ($this->EE->security->secure_forms_check($this->EE->input->post('XID')) == FALSE) { $this->redirect('', $this->EE->input->get_post('title')); } } /** ---------------------------------------- /** Our Query /** ----------------------------------------*/ if ($search_paginate === TRUE) { $sql = $paginate_sql; } else { $sql = "FROM exp_wiki_revisions r, exp_members m, exp_wiki_page p WHERE p.page_id = r.page_id AND p.last_updated = r.revision_date AND p.wiki_id = '".$this->EE->db->escape_str($this->wiki_id)."' AND ("; /** ------------------------------------- /** Get our keywords into search terms /** -------------------------------------*/ $terms = array(); $keywords = stripslashes($keywords); $nsql = ''; if (stristr(strtolower($keywords), 'namespace:')) { $namespaces = array('Category' => 'category'); $nquery = $this->EE->db->query("SELECT namespace_label, namespace_name FROM exp_wiki_namespaces"); if ($nquery->num_rows() > 0) { foreach ($nquery->result_array() as $row) { $namespaces[$row['namespace_label']] = $row['namespace_name']; } } foreach ($namespaces as $key => $val) { if (preg_match("/namespace:\s*(\-)*\s*[\'\"]?(".preg_quote($key, '/').")[\'\"]?/", $keywords, $nmatch)) { $keywords = str_replace($nmatch['0'], '', $keywords); $compare = ($nmatch['1'] == "-") ? '!=' : '='; $nsql = "AND p.page_namespace {$compare} '".$namespaces[$nmatch['2']]."' \n"; } } } // in case they searched with only "namespace:namespace_label" and no keywords if (trim($keywords) == '') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('no_search_terms'))); } if (preg_match_all("/\-*\"(.*?)\"/", $keywords, $matches)) { for($m=0; $m < count($matches['1']); $m++) { $terms[] = trim(str_replace('"','',$matches['0'][$m])); $keywords = str_replace($matches['0'][$m],'', $keywords); } } if (trim($keywords) != '') { $terms = array_merge($terms, preg_split("/\s+/", trim($keywords))); } $not_and = (count($terms) > 2) ? ') AND (' : 'AND'; rsort($terms); /** ------------------------------------- /** Log Search Terms /** -------------------------------------*/ $this->EE->functions->log_search_terms(implode(' ', $terms), 'wiki'); /** ------------------------------------- /** Search in content and article title /** -------------------------------------*/ $mysql_function = (substr($terms['0'], 0,1) == '-') ? 'NOT LIKE' : 'LIKE'; $search_term = (substr($terms['0'], 0,1) == '-') ? substr($terms['0'], 1) : $terms['0']; $connect = ($mysql_function == 'LIKE') ? 'OR' : 'AND'; $sql .= "\n(r.page_content {$mysql_function} '%".$this->EE->db->escape_like_str($search_term)."%' "; $sql .= "{$connect} p.page_name {$mysql_function} '%".$this->EE->db->escape_like_str($search_term)."%') "; for ($i=1; $i < count($terms); $i++) { $mysql_criteria = ($mysql_function == 'NOT LIKE' OR substr($terms[$i], 0,1) == '-') ? $not_and : 'AND'; $mysql_function = (substr($terms[$i], 0,1) == '-') ? 'NOT LIKE' : 'LIKE'; $search_term = (substr($terms[$i], 0,1) == '-') ? substr($terms[$i], 1) : $terms[$i]; $connect = ($mysql_function == 'LIKE') ? 'OR' : 'AND'; $sql .= "{$mysql_criteria} (r.page_content {$mysql_function} '%".$this->EE->db->escape_like_str($search_term)."%' "; $sql .= "{$connect} p.page_name {$mysql_function} '%".$this->EE->db->escape_like_str($search_term)."%') "; } // close it up, and add our namespace clause $sql .= "\n) \n{$nsql}"; $sql .= "AND m.member_id = r.revision_author AND r.revision_status = 'open' ORDER BY r.revision_date"; } $query = $this->EE->db->query("SELECT COUNT(*) AS count ".$sql); if ($query->row('count') == 0) { $this->return_data = $this->_deny_if('results', $this->return_data); $this->return_data = $this->_allow_if('no_results', $this->return_data); $this->return_data = str_replace($match['0'], '', $this->return_data); return; } else { $this->return_data = $this->_allow_if('results', $this->return_data); $this->return_data = $this->_deny_if('no_results', $this->return_data); } /** ---------------------------------------- /** Store Pagination Hash and Query and do Garbage Collection /** ----------------------------------------*/ if ($query->row('count') > $parameters['limit'] && $search_paginate === FALSE) { $paginate_hash = $this->EE->functions->random('md5'); $search_data = array('wiki_search_id' => $paginate_hash, 'search_date' => time(), 'wiki_search_query' => $sql, 'wiki_search_keywords' => $keywords); $this->EE->db->insert('wiki_search', $search_data); // Clear old search results $expire = time() - ($this->cache_expire * 3600); $this->EE->db->where('search_date <', $expire); $this->EE->db->delete('wiki_search'); } $base_paginate = $this->base_url.$this->special_ns.':Search_results/'; if (isset($paginate_hash)) { $base_paginate .= $paginate_hash.'/'; } $this->pagination($query->row('count') , $parameters['limit'], $base_paginate); /** ---------------------------------------- /** Rerun Query This Time With Our Data /** ----------------------------------------*/ if ($this->paginate === TRUE) { // Now that the Paginate code is removed, we run this again preg_match("/\{wiki:search_results(.*?)\}(.*?)\{\/wiki:search_results\}/s", $this->return_data, $match); } else { $this->pagination_sql .= " LIMIT ".$parameters['limit']; } $query = $this->EE->db->query("SELECT r.*, m.member_id, m.screen_name, m.email, m.url, p.page_namespace, p.page_name AS topic ".$sql.$this->pagination_sql); /** ---------------------------------------- /** Global Last Updated /** ----------------------------------------*/ if (isset($dates['last_updated'])) { foreach($dates['last_updated'] as $key => $value) { $temp_date = $value['0']; foreach ($value['1'] as $dvar) { $temp_date = str_replace($dvar, $this->EE->localize->convert_timestamp($dvar, $results->row('revision_date') , TRUE), $temp_date); } $this->return_data = str_replace($key, $temp_date, $this->return_data); } } if (isset($dates['gmt_last_updated'])) { foreach($dates['gmt_last_updated'] as $key => $value) { $temp_date = $value['0']; foreach ($value['1'] as $dvar) { $temp_date = str_replace($dvar, $this->EE->localize->convert_timestamp($dvar, $results->row('revision_date') , FALSE), $temp_date); } $this->return_data = str_replace($key, $temp_date, $this->return_data); } } /** ---------------------------------------- /** Parsing of the Results /** ----------------------------------------*/ $results = $this->parse_results($match, $query, $parameters, $dates); $this->return_data = str_replace($match['0'], $results, $this->return_data); }
/** * Fetch Get/Post variables * * GET/POST variables are just a wee bit different when a jquery datatables * request is made. In order to keep stupid IE from caching the ajax request, * we add a time= variable to the request. So here, we can safely assume that * a request from datatables will have $_['GET']['time'] in it. * There are just a coupla differences, so we construct our array of get/post * vars and return 'er/ * * @return array */ private function _fetch_get_post_vars() { $this->load->helper('search'); $ret = array('author_id' => $this->input->get_post('author_id'), 'cat_id' => $this->input->get_post('cat_id'), 'dir_id' => $this->input->get_post('dir_id') != 'all' && $this->input->get_post('dir_id') != 'null' ? $this->input->get_post('dir_id') : FALSE, 'date_range' => $this->input->get_post('date_range'), 'file_type' => $this->input->get_post('file_type'), 'keywords' => NULL, 'offset' => ($offset = $this->input->get('offset')) ? $offset : 0, 'order' => ($order = $this->input->get('offset')) ? $order : 0, 'per_page' => ($per_page = $this->input->get('per_page')) ? $per_page : $this->per_page, 'status' => $this->input->get_post('status') != 'all' ? $this->input->get_post('status') : '', 'search_in' => $this->input->get_post('search_in'), 'search_type' => $this->input->get_post('search_type'), 'type' => ($type = $this->input->get_post('type')) ? $type : 'all', 'date_range' => $this->input->get_post('date_range'), 'date_start' => (($date_start = $this->input->get_post('custom_date_start')) != 'yyyy-mm-dd' and $date_start !== FALSE) ? $date_start : FALSE, 'date_end' => (($date_end = $this->input->get_post('custom_date_end')) != 'yyyy-mm-dd' and $date_end !== FALSE) ? $date_end : FALSE); if ($this->input->post('keywords')) { $ret['keywords'] = sanitize_search_terms($this->input->post('keywords')); } elseif ($this->input->get('keywords')) { $ret['keywords'] = sanitize_search_terms(base64_decode($this->input->get('keywords'))); } return $ret; }
/** * Edit table datasource * * Must remain public so that it can be called from the * table library! * * @access public */ public function _table_datasource($tbl_settings, $defaults) { // Get filter information // ---------------------------------------------------------------- $keywords = (string) $this->input->post('keywords'); $channel_id = (string) $this->input->get_post('channel_id'); if ($channel_id == 'null') { $channel_id = NULL; } if (!$keywords) { $keywords = (string) $this->input->get('keywords'); if ($keywords) { $keywords = base64_decode($keywords); } } if ($keywords) { $this->load->helper('search'); $keywords = sanitize_search_terms($keywords); if (substr(strtolower($keywords), 0, 3) == 'ip:') { $keywords = str_replace('_', '.', $keywords); } } // Because of the auto convert we prepare a specific variable with the converted ascii // characters while leaving the $keywords variable intact for display and URL purposes $this->load->helper('text'); $search_keywords = $this->config->item('auto_convert_high_ascii') == 'y' ? ascii_to_entities($keywords) : $keywords; $perpage = $this->input->get_post('perpage'); $perpage = $perpage ? $perpage : $defaults['perpage']; $rownum = $tbl_settings['offset']; // We want the filter to work based on both get and post $filter_data = array('channel_id' => $channel_id, 'keywords' => $keywords, 'cat_id' => $this->input->get_post('cat_id'), 'status' => $this->input->get_post('status'), 'order' => $this->input->get_post('order'), 'date_range' => $this->input->get_post('date_range'), 'author_id' => $this->input->get_post('author_id'), 'exact_match' => $this->input->get_post('exact_match'), 'cat_id' => $this->input->get_post('cat_id') != 'all' ? $this->input->get_post('cat_id') : '', 'search_in' => $this->input->get_post('search_in') ? $this->input->get_post('search_in') : 'title', 'rownum' => $rownum, 'perpage' => $perpage, 'search_keywords' => $search_keywords); $channels = $defaults['channels']; $order = $tbl_settings['sort']; $columns = $tbl_settings['columns']; // ------------------------------------------- // 'edit_entries_additional_where' hook. // - Add additional where, where_in, where_not_in // $_hook_wheres = $this->extensions->call('edit_entries_additional_where', $filter_data); if ($this->extensions->end_script === TRUE) { return; } // // ------------------------------------------- $filter_data['_hook_wheres'] = is_array($_hook_wheres) ? $_hook_wheres : array(); $this->load->model('search_model'); $filter_result = $this->search_model->get_filtered_entries($filter_data, $order); $rows = $filter_result['results']; $total = $filter_result['total_count']; unset($filter_result); $filter_url = $this->_create_return_filter($filter_data); // Gather up ids for a single quick query down the line $entry_ids = array(); foreach ($rows as $row) { $entry_ids[] = $row['entry_id']; } // Load the site's templates // ---------------------------------------------------------------- $templates = array(); $tquery = $this->db->query("SELECT exp_template_groups.group_name, exp_templates.template_name, exp_templates.template_id\n\t\t\t\t\t\t\tFROM exp_template_groups, exp_templates\n\t\t\t\t\t\t\tWHERE exp_template_groups.group_id = exp_templates.group_id\n\t\t\t\t\t\t\tAND exp_templates.site_id = '" . $this->db->escape_str($this->config->item('site_id')) . "'"); foreach ($tquery->result_array() as $row) { $templates[$row['template_id']] = $row['group_name'] . '/' . $row['template_name']; } // Comment count // ---------------------------------------------------------------- $show_link = TRUE; $comment_counts = array(); if (count($entry_ids) and $this->db->table_exists('comments')) { $comment_qry = $this->db->select('entry_id, COUNT(*) as count')->where_in('entry_id', $entry_ids)->group_by('entry_id')->get('comments'); foreach ($comment_qry->result() as $row) { $comment_counts[$row->entry_id] = $row->count; } } // Date formatting $date_fmt = $this->session->userdata('time_format') != '' ? $this->session->userdata('time_format') : $this->config->item('time_format'); $datestr = '%m/%d/%y %h:%i %a'; if ($date_fmt != 'us') { $datestr = '%Y-%m-%d %H:%i'; } // Autosave - Grab all autosaved entries // ---------------------------------------------------------------- $this->prune_autosave(); $this->db->select('entry_id, original_entry_id, channel_id, title, author_id, status, entry_date, dst_enabled, comment_total'); $autosave = $this->db->get('channel_entries_autosave'); $autosave_array = array(); $autosave_show = FALSE; if ($autosave->num_rows()) { $this->load->helper('snippets'); $autosave_show = TRUE; } foreach ($autosave->result() as $entry) { if ($entry->original_entry_id) { $autosave_array[] = $entry->original_entry_id; } } // Status Highlight Colors // ---------------------------------------------------------------- $status_color_q = $this->db->from('channels AS c, statuses AS s, status_groups AS sg')->select('c.channel_id, c.channel_name, s.status, s.highlight')->where('sg.group_id = c.status_group', NULL, FALSE)->where('sg.group_id = s.group_id', NULL, FALSE)->where('sg.site_id', $this->config->item('site_id'))->where('s.highlight !=', '')->where_in('c.channel_id', array_keys($channels))->get(); $c_array = array(); foreach ($status_color_q->result_array() as $rez) { $c_array[$rez['channel_id'] . '_' . $rez['status']] = str_replace('#', '', $rez['highlight']); } $colors = array(); // Fetch Color Library if (file_exists(APPPATH . 'config/colors.php')) { include APPPATH . 'config/colors.php'; } // Generate row data // ---------------------------------------------------------------- foreach ($rows as &$row) { $url = $this->publish_base_uri . AMP . "M=entry_form" . AMP . "channel_id={$row['channel_id']}" . AMP . "entry_id={$row['entry_id']}" . AMP . $filter_url; $row['title'] = anchor(BASE . AMP . $url, $row['title']); $row['view'] = '---'; $row['channel_name'] = $channels[$row['channel_id']]->channel_title; $row['entry_date'] = $this->localize->decode_date($datestr, $row['entry_date'], TRUE); $row['_check'] = form_checkbox('toggle[]', $row['entry_id'], '', ' class="toggle" id="delete_box_' . $row['entry_id'] . '"'); // autosave indicator if (in_array($row['entry_id'], $autosave_array)) { $row['title'] .= NBS . required(); } // screen name email link if (!$row['screen_name']) { $row['screen_name'] = $row['username']; } $row['screen_name'] = mailto($row['email'], $row['screen_name']); // live look template $llt = $row['live_look_template']; if ($llt && isset($templates[$llt])) { $url = $this->functions->create_url($templates[$row['live_look_template']] . '/' . $row['entry_id']); $row['view'] = anchor($this->cp->masked_url($url), lang('view')); } // Status $color_info = ''; $color_key = $row['channel_id'] . '_' . $row['status']; $status_name = ($row['status'] == 'open' or $row['status'] == 'closed') ? lang($row['status']) : $row['status']; if (isset($c_array[$color_key]) and $c_array[$color_key] != '') { $color = strtolower($c_array[$color_key]); $prefix = isset($colors[$color]) ? '' : '#'; // There are custom colours, override the class above $color_info = 'style="color:' . $prefix . $color . ';"'; } $row['status'] = '<span class="status_' . $row['status'] . '"' . $color_info . '>' . $status_name . '</span>'; // comment_total link if (isset($this->installed_modules['comment'])) { $all_or_own = 'all'; if ($row['author_id'] == $this->session->userdata('member_id')) { $all_or_own = 'own'; } // do not move these to the new allowed_group style - they are ANDs not ORs if (!$this->cp->allowed_group('can_edit_' . $all_or_own . '_comments') and !$this->cp->allowed_group('can_delete_' . $all_or_own . '_comments') and !$this->cp->allowed_group('can_moderate_comments')) { $row['comment_total'] = '<div class="lightLinks">--</div>'; } else { $comment_count = isset($comment_counts[$row['entry_id']]) ? $comment_counts[$row['entry_id']] : 0; $view_url = BASE . AMP . 'C=addons_modules' . AMP . 'M=show_module_cp' . AMP . 'module=comment' . AMP . 'method=index' . AMP . 'entry_id=' . $row['entry_id']; $row['comment_total'] = '<div class="lightLinks">(' . $comment_count . ')' . NBS . anchor($view_url, lang('view')) . '</div>'; } } $row = array_intersect_key($row, $columns); } // comes out with an added: // table_html // pagination_html return array('rows' => $rows, 'no_results' => lang('no_entries_matching_that_criteria'), 'pagination' => array('per_page' => $filter_data['perpage'], 'total_rows' => $total), 'filter_data' => $filter_data, 'autosave_show' => $autosave_show, 'autosave_array' => $autosave_array); }
/** * Index function * * @return void */ public function index($channel_id = '', $message = '', $extra_sql = '', $search_url = '', $form_url = '', $action = '', $extra_fields_search = '', $extra_fields_entries = '', $heading = '') { if (!$this->cp->allowed_group('can_access_content')) { show_error($this->lang->line('unauthorized_access')); } $channel_id = ''; $extra_sql = ''; // $action, $extra_fields_*, and $heading are used by move_comments $vars['message'] = $message; $action = $action != '' ? $action : $this->input->get_post('action'); $this->load->library('pagination'); $this->load->library('table'); $this->load->helper(array('form', 'text', 'url', 'snippets')); $this->api->instantiate('channel_categories'); // Load the search helper so we can filter the keywords $this->load->helper('search'); $this->cp->set_variable('cp_page_title', $this->lang->line('edit')); $this->cp->add_js_script(array('plugin' => 'dataTables', 'ui' => 'datepicker')); // Need perpage for js // Results per page pull-down menu if (!($perpage = $this->input->get_post('perpage'))) { $perpage = $this->input->cookie('perpage'); } if ($perpage == '') { $perpage = 50; } $this->cp->add_js_script(array('file' => 'cp/content_edit')); $this->javascript->set_global('lang.selection_required', $this->lang->line('selection_required')); $cp_theme = !$this->session->userdata('cp_theme') ? $this->config->item('cp_theme') : $this->session->userdata('cp_theme'); if ($this->config->item('kill_all_humans') !== 'disable' && (mt_rand(0, 5000) == 42 && $this->session->userdata['group_id'] == 1 or $this->config->item('kill_all_humans'))) { $this->load->helper('html'); $image_properties = array('src' => base_url() . "themes/cp_themes/default/images/" . strrev('tobor_rellik') . ".png", 'alt' => '', 'id' => 'extra', 'width' => '228', 'height' => '157', 'style' => 'z-index: 1000; position: absolute; top: 49px; left: 790px'); $this->javascript->output(array('$("#mainMenu").append(\'' . img($image_properties) . '\')', $this->javascript->animate("#extra", array("left" => 0), 4000, 'function(){$(\'#extra\').fadeOut(3000)}'))); } // Fetch channel ID numbers assigned to the current user $allowed_channels = $this->functions->fetch_assigned_channels(); if (empty($allowed_channels)) { show_error($this->lang->line('no_channels')); } // Fetch Color Library - We use this to assist with our status colors if (file_exists(APPPATH . 'config/colors' . EXT)) { include APPPATH . 'config/colors' . EXT; } else { $colors = ''; } // We need to determine which channel to show entries from // if the channel_id combined if ($channel_id == '') { $channel_id = $this->input->get_post('channel_id'); } if ($channel_id == 'null' or $channel_id === FALSE or !is_numeric($channel_id)) { $channel_id = ''; } $cat_group = ''; // We want the filter to work based on both get and post $filter_data['channel_id'] = $channel_id; $filter_data['cat_id'] = $this->input->get_post('cat_id'); $filter_data['status'] = $this->input->get_post('status'); $filter_data['order'] = $this->input->get_post('order'); $filter_data['date_range'] = $this->input->get_post('date_range'); $total_channels = count($allowed_channels); $vars['status'] = $filter_data['status']; if (isset($_POST['keywords'])) { $keywords = sanitize_search_terms($_POST['keywords']); } elseif (isset($_GET['keywords'])) { $keywords = sanitize_search_terms(base64_decode($_GET['keywords'])); } else { $keywords = ''; } if (substr(strtolower($keywords), 0, 3) == 'ip:') { $keywords = str_replace('_', '.', $keywords); } $filter_data['keywords'] = $keywords; // We need this for the filter, so grab it now $cat_form_array = $this->api_channel_categories->category_form_tree($this->nest_categories); // If we have channels we'll write the JavaScript menu switching code if ($total_channels > 0) { $this->filtering_menus($cat_form_array); } // If we're filtering using ajax, we redirect comment only searches // So- pass along the filter in the url if (isset($this->installed_modules['comment'])) { $comment_url = '&ajax=true'; $comment_url .= $filter_data['channel_id'] != '' ? '&channel_id=' . $filter_data['channel_id'] : ''; $comment_url .= $filter_data['keywords'] != '' ? '&keywords=' . base64_encode($filter_data['keywords']) : ''; } if (isset($this->installed_modules['comment'])) { $table_columns = 9; } else { $table_columns = 8; } $this->javascript->set_global(array('edit.pipe' => $this->pipe_length, 'edit.perPage' => $perpage, 'edit.themeUrl' => $this->cp->cp_theme_url, 'edit.tableColumns' => $table_columns, 'lang.noEntries' => $this->lang->line('no_entries_matching_that_criteria'))); // Do we have a message to show? // Note: a message is displayed on this page after editing or submitting a new entry if ($this->input->get_post("U") == 'mu') { $vars['message'] = $this->lang->line('multi_entries_updated'); } // Declare the "filtering" form $vars['search_form'] = $search_url != '' ? $search_url : 'C=content_edit'; // Channel selection pull-down menu // Fetch the names of all channels and write each one in an <option> field $fields = array('channel_title', 'channel_id', 'cat_group'); $where = array(); // If the user is restricted to specific channels, add that to the query if ($this->session->userdata['group_id'] != 1) { $where[] = array('channel_id' => $allowed_channels); } $query = $this->channel_model->get_channels($this->config->item('site_id'), $fields, $where); if ($query->num_rows() == 1) { $channel_id = $query->row('channel_id'); $cat_group = $query->row('cat_group'); } elseif ($channel_id != '') { foreach ($query->result_array() as $row) { if ($row['channel_id'] == $channel_id) { $channel_id = $row['channel_id']; $cat_group = $row['cat_group']; } } } $vars['channel_selected'] = $this->input->get_post('channel_id'); $vars['channel_select_options'] = array('null' => $this->lang->line('filter_by_channel')); if ($query->num_rows() > 1) { $vars['channel_select_options']['all'] = $this->lang->line('all'); } foreach ($query->result_array() as $row) { $vars['channel_select_options'][$row['channel_id']] = $row['channel_title']; } // Category pull-down menu $vars['category_selected'] = $filter_data['cat_id']; $vars['category_select_options'][''] = $this->lang->line('filter_by_category'); if ($total_channels > 1) { $vars['category_select_options']['all'] = $this->lang->line('all'); } $vars['category_select_options']['none'] = $this->lang->line('none'); if ($cat_group != '') { foreach ($cat_form_array as $key => $val) { if (!in_array($val['0'], explode('|', $cat_group))) { unset($cat_form_array[$key]); } } $i = 1; $new_array = array(); foreach ($cat_form_array as $ckey => $cat) { if ($ckey - 1 < 0 or !isset($cat_form_array[$ckey - 1])) { $vars['category_select_options']['NULL_' . $i] = '-------'; } $vars['category_select_options'][$cat['1']] = str_replace("!-!", " ", $cat['2']); if (isset($cat_form_array[$ckey + 1]) && $cat_form_array[$ckey + 1]['0'] != $cat['0']) { $vars['category_select_options']['NULL_' . $i] = '-------'; } $i++; } } // Status pull-down menu $vars['status_selected'] = $filter_data['status']; $vars['status_select_options'][''] = $this->lang->line('filter_by_status'); $vars['status_select_options']['all'] = $this->lang->line('all'); $sel_1 = ''; $sel_2 = ''; if ($cat_group != '') { $sel_1 = $filter_data['status'] == 'open' ? 1 : ''; $sel_2 = $filter_data['status'] == 'closed' ? 1 : ''; } if ($cat_group != '') { $rez = $this->db->query("SELECT status_group FROM exp_channels WHERE channel_id = '{$channel_id}'"); $query = $this->db->query("SELECT status FROM exp_statuses WHERE group_id = '" . $this->db->escape_str($rez->row('status_group')) . "' ORDER BY status_order"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $status_name = ($row['status'] == 'closed' or $row['status'] == 'open') ? $this->lang->line($row['status']) : $row['status']; $vars['status_select_options'][$row['status']] = $status_name; } } } else { $vars['status_select_options']['open'] = $this->lang->line('open'); $vars['status_select_options']['closed'] = $this->lang->line('closed'); } // Date range pull-down menu $vars['date_selected'] = $filter_data['date_range']; $vars['date_select_options'][''] = $this->lang->line('date_range'); $vars['date_select_options']['1'] = $this->lang->line('past_day'); $vars['date_select_options']['7'] = $this->lang->line('past_week'); $vars['date_select_options']['31'] = $this->lang->line('past_month'); $vars['date_select_options']['182'] = $this->lang->line('past_six_months'); $vars['date_select_options']['365'] = $this->lang->line('past_year'); $vars['date_select_options']['custom_date'] = $this->lang->line('any_date'); // Display order pull-down menu $vars['order_selected'] = $filter_data['order']; $vars['order_select_options'][''] = $this->lang->line('order'); $vars['order_select_options']['asc'] = $this->lang->line('ascending'); $vars['order_select_options']['desc'] = $this->lang->line('descending'); $vars['order_select_options']['alpha'] = $this->lang->line('alpha'); $filter_data['perpage'] = $perpage; $this->functions->set_cookie('perpage', $perpage, 60 * 60 * 24 * 182); $vars['perpage_selected'] = $perpage; $vars['perpage_select_options']['10'] = '10 ' . $this->lang->line('results'); $vars['perpage_select_options']['25'] = '25 ' . $this->lang->line('results'); $vars['perpage_select_options']['50'] = '50 ' . $this->lang->line('results'); $vars['perpage_select_options']['75'] = '75 ' . $this->lang->line('results'); $vars['perpage_select_options']['100'] = '100 ' . $this->lang->line('results'); $vars['perpage_select_options']['150'] = '150 ' . $this->lang->line('results'); // Because of the auto convert we prepare a specific variable with the converted ascii // characters while leaving the $keywords variable intact for display and URL purposes $search_keywords = $this->config->item('auto_convert_high_ascii') == 'y' ? ascii_to_entities($keywords) : $keywords; $filter_data['search_keywords'] = $search_keywords; $vars['exact_match'] = $this->input->get_post('exact_match'); $filter_data['exact_match'] = $vars['exact_match']; $vars['keywords'] = array('name' => 'keywords', 'value' => stripslashes($keywords), 'id' => 'keywords', 'maxlength' => 200); $filter_data['search_in'] = $this->input->get_post('search_in') != '' ? $this->input->get_post('search_in') : 'title'; $vars['search_in_selected'] = $filter_data['search_in']; $vars['search_in_options']['title'] = $this->lang->line('title_only'); $vars['search_in_options']['body'] = $this->lang->line('title_and_body'); if (isset($this->installed_modules['comment'])) { $vars['search_in_options']['everywhere'] = $this->lang->line('title_body_comments'); } $filter = $this->create_return_filter($filter_data); if ($search_url != '') { $pageurl = BASE . AMP . $search_url; } else { $pageurl = BASE . AMP . 'C=content_edit'; } // Get the current row number and add the LIMIT clause to the SQL query if (!($rownum = $this->input->get_post('rownum'))) { $rownum = 0; } $filter_data['rownum'] = $rownum; $filter_data['perpage'] = $perpage; // Are there results? $filtered_entries = $this->search_model->get_filtered_entries($filter_data); // No result? Show the "no results" message $vars['autosave_show'] = FALSE; $vars['total_count'] = $filtered_entries['total_count']; $pageurl .= $filtered_entries['pageurl']; if ($vars['total_count'] == 0) { $this->javascript->compile(); $vars['heading'] = 'edit_channel_entries'; $vars['search_form_hidden'] = array(); $this->load->view('content/edit', $vars); return; } $pageurl .= AMP . 'perpage=' . $perpage; $vars['form_hidden']['pageurl'] = base64_encode($pageurl); // for pagination // Full SQL query results $query_results = $filtered_entries['results']; // -------------------------------------------- // Fetch the channel information we need later // -------------------------------------------- $sql = "SELECT channel_id, channel_name FROM exp_channels "; $sql .= "WHERE site_id = '" . $this->db->escape_str($this->config->item('site_id')) . "' "; $w_array = array(); $result = $this->db->query($sql); if ($result->num_rows() > 0) { foreach ($result->result_array() as $rez) { $w_array[$rez['channel_id']] = $rez['channel_name']; } } // -------------------------------------------- // Fetch the status highlight colors // -------------------------------------------- $cql = "SELECT exp_channels.channel_id, exp_channels.channel_name, exp_statuses.status, exp_statuses.highlight\n\t\t\t\t FROM exp_channels, exp_statuses, exp_status_groups\n\t\t\t\t WHERE exp_status_groups.group_id = exp_channels.status_group\n\t\t\t\t AND exp_status_groups.group_id = exp_statuses.group_id\n\t\t\t\t AND\texp_statuses.highlight != ''\n\t\t\t\t AND\texp_status_groups.site_id = '" . $this->db->escape_str($this->config->item('site_id')) . "' "; // Limit to channels assigned to user $sql .= " AND exp_channels.channel_id IN ("; foreach ($allowed_channels as $val) { $sql .= "'" . $val . "',"; } $sql = substr($sql, 0, -1) . ')'; $result = $this->db->query($cql); $c_array = array(); if ($result->num_rows() > 0) { foreach ($result->result_array() as $rez) { $c_array[$rez['channel_id'] . '_' . $rez['status']] = str_replace('#', '', $rez['highlight']); } } // information for entries table $vars['entries_form'] = $form_url != '' ? $form_url : 'C=content_edit' . AMP . 'M=multi_edit_form'; $vars['form_hidden'] = $extra_fields_entries; $vars['search_form_hidden'] = $extra_fields_search ? $extra_fields_search : array(); // table headings $table_headings = array('#', lang('title'), lang('view')); // comments module installed? If so, add it to the list of headings. if (isset($this->installed_modules['comment'])) { $table_headings[] .= $this->lang->line('comments'); } $table_headings = array_merge($table_headings, array(lang('author'), lang('date'), lang('channel'), lang('status'), form_checkbox('select_all', 'true', FALSE, 'class="toggle_all"'))); $vars['table_headings'] = $table_headings; // load the site's templates $templates = array(); $tquery = $this->db->query("SELECT exp_template_groups.group_name, exp_templates.template_name, exp_templates.template_id\n\t\t\t\t\t\t\tFROM exp_template_groups, exp_templates\n\t\t\t\t\t\t\tWHERE exp_template_groups.group_id = exp_templates.group_id\n\t\t\t\t\t\t\tAND exp_templates.site_id = '" . $this->db->escape_str($this->config->item('site_id')) . "'"); if ($tquery->num_rows() > 0) { foreach ($tquery->result_array() as $row) { $templates[$row['template_id']] = $row['group_name'] . '/' . $row['template_name']; } } // Grab all autosaved entries $this->prune_autosave(); $this->db->select('entry_id, original_entry_id, channel_id, title, author_id, status, entry_date, dst_enabled, comment_total'); $autosave = $this->db->get('channel_entries_autosave'); $autosave_array = array(); foreach ($autosave->result() as $entry) { if ($entry->original_entry_id) { $autosave_array[] = $entry->original_entry_id; } } $vars['autosave_show'] = $autosave->num_rows() > 0 ? TRUE : FALSE; // Loop through the main query result and set up data structure for table $vars['entries'] = array(); $comment_totals = array(); $i = 0; foreach ($query_results as $row) { // Entry ID number $id_column = $i++; if (!isset($row['original_entry_id'])) { $vars['entries'][$id_column][] = $row['entry_id']; } elseif ($row['original_entry_id'] == 0) { $row['entry_id'] = 0; $vars['entries'][$id_column][] = $row['original_entry_id']; } // Channel entry title (view entry) $output = anchor(BASE . AMP . 'C=content_publish' . AMP . 'M=entry_form' . AMP . 'channel_id=' . $row['channel_id'] . AMP . 'entry_id=' . $row['entry_id'] . $filter, $row['title']); $output .= isset($autosave_array[$row['entry_id']]) ? NBS . required() : ''; $vars['entries'][$id_column][] = $output; // "View" if ($row['live_look_template'] != 0 && isset($templates[$row['live_look_template']])) { $qm = $this->config->item('force_query_string') == 'y' ? '' : '?'; $url = $this->functions->create_url($templates[$row['live_look_template']] . '/' . $id_column); $view_link = anchor($this->functions->fetch_site_index() . QUERY_MARKER . 'URL=' . $url, $this->lang->line('view')); } else { $view_link = '--'; } $vars['entries'][$id_column][] = $view_link; // Comment count $show_link = TRUE; if ($row['author_id'] == $this->session->userdata('member_id')) { if (!$this->cp->allowed_group('can_edit_own_comments') and !$this->cp->allowed_group('can_delete_own_comments') and !$this->cp->allowed_group('can_moderate_comments')) { $show_link = FALSE; } } else { if (!$this->cp->allowed_group('can_edit_all_comments') and !$this->cp->allowed_group('can_delete_all_comments') and !$this->cp->allowed_group('can_moderate_comments')) { $show_link = FALSE; } } if (isset($this->cp->installed_modules['comment'])) { $view_url = BASE . AMP . 'C=addons_modules' . AMP . 'M=show_module_cp' . AMP . 'module=comment ' . AMP . 'method=index' . AMP . 'entry_id=' . $id_column; $view_link = $show_link === FALSE ? '<div class="lightLinks">--</div>' : '<div class="lightLinks">(0)' . NBS . anchor($view_url, $this->lang->line('view')) . '</div>'; $vars['entries'][$id_column][] = $view_link; // Setup an array of entry IDs here so we can do an aggregate query to // get an accurate count of total comments for each entry. $comment_totals[] = $id_column; } // Username $name = $row['screen_name'] != '' ? $row['screen_name'] : $row['username']; $vars['entries'][$id_column][] = mailto($row['email'], $name); // Date $date_fmt = $this->session->userdata('time_format') != '' ? $this->session->userdata('time_format') : $this->config->item('time_format'); if ($date_fmt == 'us') { $datestr = '%m/%d/%y %h:%i %a'; } else { $datestr = '%Y-%m-%d %H:%i'; } $vars['entries'][$id_column][] = $this->localize->decode_date($datestr, $row['entry_date'], TRUE); // Channel $vars['entries'][$id_column][] = isset($w_array[$row['channel_id']]) ? '<div class="smallNoWrap">' . $w_array[$row['channel_id']] . '</div>' : ''; // Status $status_name = ($row['status'] == 'open' or $row['status'] == 'closed') ? $this->lang->line($row['status']) : $row['status']; $color_info = ''; if (isset($c_array[$row['channel_id'] . '_' . $row['status']]) and $c_array[$row['channel_id'] . '_' . $row['status']] != '') { $color = $c_array[$row['channel_id'] . '_' . $row['status']]; $prefix = (is_array($colors) and !array_key_exists(strtolower($color), $colors)) ? '#' : ''; // There are custom colours, override the class above $color_info = 'style="color:' . $prefix . $color . ';"'; } $vars['entries'][$id_column][] = '<span class="status_' . $row['status'] . '"' . $color_info . '>' . $status_name . '</span>'; // Delete checkbox $vars['entries'][$id_column][] = form_checkbox('toggle[]', $id_column, '', ' class="toggle" id="delete_box_' . $id_column . '"'); } if (isset($this->cp->installed_modules['comment'])) { // Get the total number of comments for each entry $this->db->select('comment_id, entry_id, channel_id, COUNT(*) as count'); $this->db->where_in('entry_id', $comment_totals); $this->db->group_by('entry_id'); $comment_query = $this->db->get('comments'); foreach ($comment_query->result() as $row) { if ($show_link !== FALSE) { $view_url = BASE . AMP . 'C=addons_modules' . AMP . 'M=show_module_cp' . AMP . 'module=comment' . AMP . 'method=index' . AMP . 'entry_id=' . $row->entry_id; } $view_link = $show_link === FALSE ? '<div class="lightLinks">--</div>' : '<div class="lightLinks">(' . $row->count . ')' . NBS . anchor($view_url, $this->lang->line('view')) . '</div>'; $vars['entries'][$row->entry_id][3] = $view_link; } } // Pass the relevant data to the paginate class $config['base_url'] = $pageurl; $config['total_rows'] = $vars['total_count']; $config['per_page'] = $perpage; $config['page_query_string'] = TRUE; $config['query_string_segment'] = 'rownum'; $config['full_tag_open'] = '<p id="paginationLinks">'; $config['full_tag_close'] = '</p>'; $config['prev_link'] = '<img src="' . $this->cp->cp_theme_url . 'images/pagination_prev_button.gif" width="13" height="13" alt="<" />'; $config['next_link'] = '<img src="' . $this->cp->cp_theme_url . 'images/pagination_next_button.gif" width="13" height="13" alt=">" />'; $config['first_link'] = '<img src="' . $this->cp->cp_theme_url . 'images/pagination_first_button.gif" width="13" height="13" alt="< <" />'; $config['last_link'] = '<img src="' . $this->cp->cp_theme_url . 'images/pagination_last_button.gif" width="13" height="13" alt="> >" />'; $this->pagination->initialize($config); $vars['pagination'] = $this->pagination->create_links(); $vars['heading'] = $heading ? $heading : 'edit_channel_entries'; $vars['action_options'] = array(); if (is_array($action)) { $vars['action_options'] = $action; } elseif ($action == '' or !$this->input->post('toggle')) { $vars['action_options'] = array('edit' => $this->lang->line('edit_selected'), 'delete' => $this->lang->line('delete_selected'), '------' => '------', 'add_categories' => $this->lang->line('add_categories'), 'remove_categories' => $this->lang->line('remove_categories')); } $this->javascript->set_global('autosave_map', $autosave_array); $this->javascript->compile(); $this->load->view('content/edit', $vars); }
/** * Sanitize earch terms * * @access private * @param string $keywords * @param boolean $exact_keyword * @return boolean */ private function _sanitize_search_terms($keywords, $exact_keyword = false) { /** ---------------------------------------- /** Strip extraneous junk from keywords /** ----------------------------------------*/ if ($keywords != "") { // Load the search helper so we can filter the keywords $this->EE->load->helper('search'); $keywords = sanitize_search_terms($keywords); /** ---------------------------------------- /** Is the search term long enough? /** ----------------------------------------*/ if (strlen($keywords) < $this->min_length) { $text = $this->EE->lang->line('search_min_length'); $text = str_replace("%x", $this->min_length, $text); return $this->EE->output->show_user_error('general', array($text)); } // Load the text helper $this->EE->load->helper('text'); $keywords = $this->EE->config->item('auto_convert_high_ascii') == 'y' ? ascii_to_entities($keywords) : $keywords; /** ---------------------------------------- /** Remove "ignored" words /** ----------------------------------------*/ if (!$exact_keyword) { $parts = explode('"', $keywords); $keywords = ''; foreach ($parts as $num => $part) { // The odd breaks contain quoted strings. if ($num % 2 == 0) { foreach ($this->_ignore as $badword) { $part = preg_replace("/\\b" . preg_quote($badword, '/') . "\\b/i", "", $part); } } $keywords .= $num != 0 ? '"' . $part : $part; } if (trim($keywords) == '') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('search_no_stopwords'))); } } } // finally, double spaces $keywords = str_replace(" ", " ", $keywords); return $keywords; }