/** * Performs search on all stories * * @return object plugin object * */ private function _searchStories() { global $_TABLES, $_DB_dbms, $LANG09; // Make sure the query is SQL safe $query = trim(DB_escapeString($this->_query)); $sql = 'SELECT s.sid AS id, s.title AS title, s.introtext AS description, '; $sql .= 'UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, '; $sql .= 'CONCAT(\'/article.php?story=\',s.sid) AS url '; $sql .= 'FROM ' . $_TABLES['stories'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta '; $sql .= 'WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) '; $sql .= 'AND ta.type = \'article\' AND ta.id = sid '; $sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND', 0, 'ta') . COM_getLangSQL('sid', 'AND') . ' '; if (!empty($this->_topic)) { // Retrieve list of inherited topics if ($this->_topic == TOPIC_ALL_OPTION) { // Stories do not have an all option so just return all stories that meet the requirements and permissions //$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) "; } else { $tid_list = TOPIC_getChildList($this->_topic); $sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) "; } } if (!empty($this->_author)) { $sql .= 'AND (s.uid = \'' . $this->_author . '\') '; } $search_s = new SearchCriteria('stories', $LANG09[65]); $columns = array('title' => 'title', 'introtext', 'bodytext'); $sql .= $search_s->getDateRangeSQL('AND', 'date', $this->_dateStart, $this->_dateEnd); list($sql, $ftsql) = $search_s->buildSearchSQL($this->_keyType, $query, $columns, $sql); $sql .= " GROUP BY s.sid"; $search_s->setSQL($sql); $search_s->setFTSQL($ftsql); $search_s->setRank(5); $search_s->setURLRewrite(true); // Search Story Comments $sql = 'SELECT c.cid AS id, c.title AS title, c.comment AS description, '; $sql .= 'UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, \'0\' AS hits, '; // MSSQL has a problem when concatenating numeric values if ($_DB_dbms == 'mssql') { $sql .= '\'/comment.php?mode=view&cid=\' + CAST(c.cid AS varchar(10)) AS url '; } else { $sql .= 'CONCAT(\'/comment.php?mode=view&cid=\',c.cid) AS url '; } $sql .= 'FROM ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta, ' . $_TABLES['comments'] . ' AS c '; $sql .= 'LEFT JOIN ' . $_TABLES['stories'] . ' AS s ON ((s.sid = c.sid) '; $sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getLangSQL('sid', 'AND', 's') . ') '; $sql .= 'WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) '; $sql .= 'AND ta.type = \'article\' AND ta.id = s.sid ' . COM_getTopicSQL('AND', 0, 'ta'); if (!empty($this->_topic)) { if ($this->_topic == TOPIC_ALL_OPTION) { // Stories do not have an all option so just return all story comments that meet the requirements and permissions //$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) "; } else { $sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) "; } } if (!empty($this->_author)) { $sql .= 'AND (c.uid = \'' . $this->_author . '\') '; } $search_c = new SearchCriteria('comments', array($LANG09[65], $LANG09[66])); $columns = array('title' => 'c.title', 'comment'); $sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd); list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql); $sql .= " GROUP BY id"; $search_c->setSQL($sql); $search_c->setFTSQL($ftsql); $search_c->setRank(2); return array($search_s, $search_c); }
/** * Performs search on all stories * * @author Tony Bibbs <tony AT geeklog DOT net> * Sami Barakat <s.m.barakat AT gmail DOT com> * @access private * @return object plugin object * */ function _searchStories() { global $_TABLES, $_DB_dbms, $LANG09; // Make sure the query is SQL safe $query = trim(DB_escapeString(htmlspecialchars($this->_query))); $sql = "SELECT s.sid AS id, s.title AS title, s.introtext AS description, UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, CONCAT('/article.php?story=',s.sid) AS url "; $sql .= "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u "; $sql .= "WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) "; $sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND') . COM_getLangSQL('sid', 'AND') . ' '; if (!empty($this->_topic)) { $sql .= "AND (s.tid = '{$this->_topic}') "; } if (!empty($this->_author)) { $sql .= "AND (s.uid = '{$this->_author}') "; } $search = new SearchCriteria('stories', $LANG09[65]); $columns = array('introtext', 'bodytext', 'title'); $sql .= $search->getDateRangeSQL('AND', 'UNIX_TIMESTAMP(s.date)', $this->_dateStart, $this->_dateEnd); list($sql, $ftsql) = $search->buildSearchSQL($this->_keyType, $query, $columns, $sql); $search->setSQL($sql); $search->setFTSQL($ftsql); $search->setRank(5); $search->setURLRewrite(true); return $search; }
/** * Performs search on all stories * * @access private * @return object plugin object * */ function _searchStories() { global $_TABLES, $_DB_dbms, $LANG09; // Make sure the query is SQL safe $query = trim(addslashes($this->_query)); $sql = 'SELECT s.sid AS id, s.title AS title, s.introtext AS description, '; $sql .= 'UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, '; $sql .= 'CONCAT(\'/article.php?story=\',s.sid) AS url '; $sql .= 'FROM ' . $_TABLES['stories'] . ' AS s, ' . $_TABLES['users'] . ' AS u '; $sql .= 'WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) '; $sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND') . COM_getLangSQL('sid', 'AND') . ' '; if (!empty($this->_topic)) { $sql .= 'AND (s.tid = \'' . $this->_topic . '\') '; } if (!empty($this->_author)) { $sql .= 'AND (s.uid = \'' . $this->_author . '\') '; } $search_s = new SearchCriteria('stories', $LANG09[65]); $columns = array('title' => 'title', 'introtext', 'bodytext'); $sql .= $search_s->getDateRangeSQL('AND', 'date', $this->_dateStart, $this->_dateEnd); list($sql, $ftsql) = $search_s->buildSearchSQL($this->_keyType, $query, $columns, $sql); $search_s->setSQL($sql); $search_s->setFTSQL($ftsql); $search_s->setRank(5); $search_s->setURLRewrite(true); // Search Story Comments $sql = 'SELECT c.cid AS id, c.title AS title, c.comment AS description, '; $sql .= 'UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, '; // MSSQL has a problem when concatenating numeric values if ($_DB_dbms == 'mssql') { $sql .= '\'/comment.php?mode=view&cid=\' + CAST(c.cid AS varchar(10)) AS url '; } else { $sql .= 'CONCAT(\'/comment.php?mode=view&cid=\',c.cid) AS url '; } $sql .= 'FROM ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['comments'] . ' AS c '; $sql .= 'LEFT JOIN ' . $_TABLES['stories'] . ' AS s ON ((s.sid = c.sid) '; $sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 's') . COM_getLangSQL('sid', 'AND', 's') . ') '; $sql .= 'WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) '; if (!empty($this->_topic)) { $sql .= 'AND (s.tid = \'' . $this->_topic . '\') '; } if (!empty($this->_author)) { $sql .= 'AND (c.uid = \'' . $this->_author . '\') '; } $search_c = new SearchCriteria('comments', array($LANG09[65], $LANG09[66])); $columns = array('title' => 'c.title', 'comment'); $sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd); list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql); $search_c->setSQL($sql); $search_c->setFTSQL($ftsql); $search_c->setRank(2); return array($search_s, $search_c); }