function search_users()
{
list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q');
if (empty($active_users)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['users_column'];
$query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE ";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$column['uname']} LIKE '{$word}' OR ";
$query .= "{$column['name']} LIKE '{$word}'";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['uname']}";
if (empty($total)) {
$countres = $dbconn->Execute($query);
$total = $countres->PO_RecordCount();
$countres->Close();
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>');
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_users=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// some basic authcheck - might result in a wrong count...
if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&uname={$row['uname']}&module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_weblinks()
{
list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool');
if (empty($active_weblinks)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['links_links_column'];
$query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// web links
$query .= "{$column['description']} LIKE '{$word}' OR \n";
$query .= "{$column['url']} LIKE '{$word}' OR \n";
$query .= "{$column['submitter']} LIKE '{$word}' OR \n";
$query .= "{$column['title']} LIKE '{$word}' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_weblinks=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_comments()
{
list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q');
if (empty($active_comments)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['comments_column'];
$query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, ";
$query .= "{$column['sid']} as sid, {$column['pid']} as pid FROM {$pntable['comments']} WHERE ";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$column['subject']} LIKE '{$word}' OR ";
$query .= "{$column['comment']} LIKE '{$word}'";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['subject']}";
if (empty($total)) {
$countres = $dbconn->Execute($query);
$total = $countres->PO_RecordCount();
$countres->Close();
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_comments=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if ($row[pid] != 0) {
// comment with parent posting
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&req=showreply&tid={$row['tid']}&sid={$row['sid']}&pid={$row['pid']}\">{$row['subject']}</a></li>");
} else {
// comment without parent posting
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&tid={$row['tid']}&sid={$row['sid']}#{$row['tid']}\">{$row['subject']}</a></li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_COMMENTS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_downloads()
{
list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total');
if (empty($active_downloads)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
// fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later...
$column =& $pntable['downloads_downloads_column'];
$query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['totalvotes']} as totalvotes, {$column['hits']} as hits, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// downloads
$query .= "{$column['description']} LIKE '{$word}' OR \n";
$query .= "{$column['title']} LIKE '{$word}' OR \n";
$query .= "{$column['submitter']} LIKE '{$word}' OR \n";
$query .= "{$column['name']} LIKE '{$word}' OR \n";
$query .= "{$column['homepage']} LIKE '{$word}' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_downloads=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Downloads&file=index&req=getit&lid={$row['lid']}\">{$row['title']}</a> <font class=\"pn-normal\">(votes: {$row['totalvotes']} - hits: {$row['hits']})</font><br>Uploader: {$row['name']}<br>{$row['description']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Mung URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_DOWNLOADS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
/**
* view items
*/
function template_admin_view()
{
// Get parameters from whatever input we need. All arguments to this
// function should be obtained from pnVarCleanFromInput(), getting them
// from other places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
$startnum = pnVarCleanFromInput('startnum');
// Create output object - this object will store all of our output so that
// we can return it easily when required
$output = new pnHTML();
if (!pnSecAuthAction(0, 'Template::', '::', ACCESS_EDIT)) {
$output->Text(_TEMPLATENOAUTH);
return $output->GetOutput();
}
// Add menu to output - it helps if all of the module pages have a standard
// menu at their head to aid in navigation
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(template_adminmenu());
$output->SetInputMode(_PNH_PARSEINPUT);
// Title - putting a title ad the head of each page reminds the user what
// they are doing
$output->Title(_VIEWTEMPLATE);
// Load API. Note that this is loading the user API, that is because the
// user API contains the function to obtain item information which is the
// first thing that we need to do. If the API fails to load an appropriate
// error message is posted and the function returns
if (!pnModAPILoad('Template', 'user')) {
$output->Text(_LOADFAILED);
return $output->GetOutput();
}
// The user API function is called. This takes the number of items
// required and the first number in the list of all items, which we
// obtained from the input and gets us the information on the appropriate
// items.
$items = pnModAPIFunc('Template', 'user', 'getall', array('startnum' => $startnum, 'numitems' => pnModGetVar('Template', 'itemsperpage')));
// Start output table
$output->TableStart('', array(_TEMPLATENAME, _TEMPLATENUMBER, _TEMPLATEOPTIONS), 3);
foreach ($items as $item) {
$row = array();
if (pnSecAuthAction(0, 'Template::', "{$item['name']}::{$item['tid']}", ACCESS_READ)) {
// Name and number. Note that unlike the user function we do not
// censor the text that is being displayed. This is so the
// administrator can see the text as exists in the database rather
// than the munged output version
$row[] = $item['name'];
$row[] = $item['number'];
// Options for the item. Note that each item has the appropriate
// levels of authentication checked to ensure that it is suitable
// for display
$options = array();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
if (pnSecAuthAction(0, 'Template::', "{$item['name']}::{$item['tid']}", ACCESS_EDIT)) {
$options[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'modify', array('tid' => $item['tid']))), _EDIT);
if (pnSecAuthAction(0, 'Template::', "{$item['name']}::{$item['tid']}", ACCESS_DELETE)) {
$options[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'delete', array('tid' => $item['tid']))), _DELETE);
}
}
$options = join(' | ', $options);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$row[] = $output->Text($options);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->TableAddRow($row);
$output->SetInputMode(_PNH_PARSEINPUT);
}
}
$output->TableEnd();
// Call the pnHTML helper function to produce a pager in case of there
// being many items to display.
//
// Note that this function includes another user API function. The
// function returns a simple count of the total number of items in the item
// table so that the pager function can do its job properly
$output->Pager($startnum, pnModAPIFunc('Template', 'user', 'countitems'), pnModURL('Template', 'admin', 'view', array('startnum' => '%%')), pnModGetVar('Template', 'itemsperpage'));
// Return the output that has been generated by this function
return $output->GetOutput();
}
function search_sections()
{
list($active_sections, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_sections', 'startnum', 'total', 'bool', 'q');
if (empty($active_sections)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$seccol =& $pntable['seccont_column'];
$query = "SELECT {$seccol['artid']} as id, {$seccol['title']} as title, {$seccol['secid']} as secid\n FROM {$pntable['seccont']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$seccol['title']} LIKE '{$word}' OR \n";
$query .= "{$seccol['content']} LIKE '{$word}')\n";
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$seccol['slanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$seccol['slanguage']}='')";
}
$query .= " ORDER BY {$seccol['artid']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we know about the section id so let's get the section name
$column2 =& $pntable['sections_column'];
$result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
list($secname) = $result2->fields;
if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_SECTIONS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_sections=1&bool={$bool}&q={$q}";
$output->Text('<ul>');
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we know about the section id so let's get the section name
$column2 =& $pntable['sections_column'];
$result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
list($secname) = $result2->fields;
if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid={$row['id']}\">{$row['title']}</a><br></li>");
}
$result->MoveNext();
}
$output->Text('</ul>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_SECTIONS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_faqs()
{
list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs');
if (empty($active_faqs)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['faqanswer_column'];
$faqcatcol =& $pntable['faqcategories_column'];
$query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// faqs
$query .= "{$column['question']} LIKE '{$word}' OR \n";
$query .= "{$column['answer']} LIKE '{$word}'\n";
$query .= ')';
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')";
}
$query .= " ORDER BY {$column['id']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_faqs=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat={$row['id_cat']}\">{$row['question']}</a><br>Answer: " . nl2br($row[answer]) . "</li>");
}
$result->MoveNext();
}
$output->Text('</ul>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_FAQS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_stories()
{
list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool');
if (!isset($active_stories) || !$active_stories) {
return;
}
$output = new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (empty($bool)) {
$bool = 'OR';
}
$flag = false;
$storcol =& $pntable['stories_column'];
$stcatcol =& $pntable['stories_cat_column'];
$topcol =& $pntable['topics_column'];
$query = "";
$query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE ";
// hack to get this to work, but much better than what we had before
//$query .= " 1 = 1 ";
// words
$w = search_split_query($q);
if (isset($w)) {
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
//$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR ";
$query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'";
$query .= ')';
$flag = true;
$no_flag = false;
}
} else {
$no_flag = true;
}
// topics
if (isset($stories_topics) && !empty($stories_topics)) {
$flag = false;
$start_flag = false;
// dont set AND/OR if nothing is in front
foreach ($stories_topics as $v) {
if (empty($v)) {
continue;
}
if (!$no_flag and !$start_flag) {
$query .= " AND (";
$start_flag = true;
}
if ($flag) {
$query .= " OR ";
}
$query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag and $start_flag) {
$query .= ") ";
$no_flag = false;
}
}
// categories
if (!is_array($stories_cat)) {
$stories_cat[0] = '';
}
if (isset($stories_cat[0]) && !empty($stories_cat[0])) {
if (!$no_flag) {
$query .= " AND (";
}
$flag = false;
foreach ($stories_cat as $v) {
if ($flag) {
$query .= " OR ";
}
$query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag) {
$query .= ") ";
$no_flag = false;
}
}
// authors
if (isset($stories_author) && $stories_author != "") {
if (!$no_flag) {
$query .= " AND (";
}
$query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'";
$result = $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$query .= " OR {$storcol['aid']}={$row['pn_uid']}";
$result->MoveNext();
}
if (!$no_flag) {
$query .= ") ";
$no_flag = false;
}
} else {
$stories_author = '';
}
if (pnConfigGetVar('multilingual') == 1) {
if (!empty($query)) {
$query .= " AND";
}
$query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')";
}
if (empty($query)) {
$query = "1";
}
$query .= " ORDER BY {$storcol['time']} DESC";
$query = $query1 . $query;
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_stories=1&stories_author=" . $stories_author;
if (isset($stories_cat) && $stories_cat) {
foreach ($stories_cat as $v) {
$url .= "&stories_cat%5B%5D={$v}";
}
}
if (isset($stories_topics) && $stories_topics) {
foreach ($stories_topics as $v) {
$url .= "&stories_topics%5B%5D={$v}";
}
}
$url .= "&bool=" . $bool;
if (isset($q)) {
$url .= "&q=" . $q;
}
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
$output->Text("<li>");
if (!empty($row['topicid'])) {
$output->Text("<b><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&active_stories=1&stories_topics[0]=" . $row['topicid'] . "\">" . $row['topictext'] . "</a></b> - ");
}
if (!empty($row['catid'])) {
$output->Text("<a href=\"modules.php?op=modload&name=News&file=index&catid=" . $row['catid'] . "\">" . $row['cat_title'] . "</a>: ");
}
if ($row['story_title'] == '') {
$row['story_title'] = 'No Title';
}
$output->Text('<i><a class="pn-normal" href="modules.php?op=modload&name=News&file=article&sid=' . $row['sid'] . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></i> - ' . $row['fdate'] . "</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_STORIES_TOPICS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_reviews()
{
list($active_reviews, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_reviews', 'startnum', 'total', 'bool', 'q');
if (empty($active_reviews)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$revcol =& $pntable['reviews_column'];
$comcol =& $pntable['reviews_comments_column'];
$query = "SELECT DISTINCT {$revcol['id']} as id, {$revcol['title']} as title, {$revcol['score']} as score, {$revcol['hits']} as hits, {$revcol['reviewer']} as reviewer, {$revcol['date']} AS fdate\n FROM {$pntable['reviews']} LEFT JOIN {$pntable['reviews_comments']} ON {$comcol['rid']}={$revcol['id']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// reviews
$query .= "{$revcol['title']} LIKE '{$word}' OR \n";
$query .= "{$revcol['text']} LIKE '{$word}' OR \n";
$query .= "{$revcol['reviewer']} LIKE '{$word}' OR \n";
$query .= "{$revcol['cover']} LIKE '{$word}' OR \n";
$query .= "{$revcol['url']} LIKE '{$word}' OR \n";
$query .= "{$revcol['url_title']} LIKE '{$word}' OR \n";
// reviews_comments
$query .= "{$comcol['comments']} LIKE '{$word}'\n";
$query .= ')';
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$revcol['rlanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$revcol['rlanguage']}='')";
}
$query .= " ORDER BY {$revcol['date']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_REVIEWS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_reviews=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Reviews&file=index&req=showcontent&id={$row['id']}\">{$row['title']}</a> <font class=\"pn-sub\">(score: {$row['score']} - hits: {$row['hits']})</font><br>{$row['reviewer']}<br>{$row['fdate']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_REVIEWS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
