Esempio n. 1
0
function search_users()
{
    list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q');
    if (empty($active_users)) {
        return;
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    $output->SetInputMode(_PNH_VERBATIMINPUT);
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    }
    if (isset($total) && !is_numeric($total)) {
        unset($total);
    }
    $w = search_split_query($q);
    $flag = false;
    $column =& $pntable['users_column'];
    $query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE ";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                    break;
                case 'OR':
                default:
                    $query .= ' OR ';
                    break;
            }
        }
        $query .= '(';
        $query .= "{$column['uname']} LIKE '{$word}' OR ";
        $query .= "{$column['name']} LIKE '{$word}'";
        $query .= ')';
        $flag = true;
    }
    $query .= " ORDER BY {$column['uname']}";
    if (empty($total)) {
        $countres = $dbconn->Execute($query);
        $total = $countres->PO_RecordCount();
        $countres->Close();
    }
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>');
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_users=1&amp;bool={$bool}&amp;q={$q}";
        $output->Text("<ul>");
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            // some basic authcheck - might result in a wrong count...
            if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&amp;uname={$row['uname']}&amp;module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>");
            }
            $result->MoveNext();
        }
        $output->Text("</ul>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>');
        $output->SetInputMode(_PNH_PARSEINPUT);
    }
    $output->Linebreak(3);
    return $output->GetOutput();
}
Esempio n. 2
0
function search_weblinks()
{
    list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool');
    if (empty($active_weblinks)) {
        return;
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    $output->SetInputMode(_PNH_VERBATIMINPUT);
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    }
    if (isset($total) && !is_numeric($total)) {
        unset($total);
    }
    $w = search_split_query($q);
    $flag = false;
    $column =& $pntable['links_links_column'];
    $query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n              FROM {$pntable['links_links']}\n              WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                    break;
                case 'OR':
                default:
                    $query .= ' OR ';
                    break;
            }
        }
        $query .= '(';
        // web links
        $query .= "{$column['description']} LIKE '{$word}' OR \n";
        $query .= "{$column['url']} LIKE '{$word}' OR \n";
        $query .= "{$column['submitter']} LIKE '{$word}' OR \n";
        $query .= "{$column['title']} LIKE '{$word}' \n";
        $query .= ')';
        $flag = true;
    }
    $query .= " ORDER BY {$column['lid']}";
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            // we have a link id so get its category
            $column2 =& $pntable['links_categories_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
            list($title) = $result2->fields;
            if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
                $total++;
            }
            $countres->MoveNext();
        }
    }
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS);
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_weblinks=1&amp;bool={$bool}&amp;q={$q}";
        $output->Text("<ul>");
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            // we have a link id so get its category
            $column2 =& $pntable['links_categories_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
            list($title) = $result2->fields;
            if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>");
            }
            $result->MoveNext();
        }
        $output->Text("</ul>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>');
        $output->SetInputMode(_PNH_PARSEINPUT);
    }
    $output->Linebreak(3);
    return $output->GetOutput();
}
Esempio n. 3
0
function search_comments()
{
    list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q');
    if (empty($active_comments)) {
        return;
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    $output->SetInputMode(_PNH_VERBATIMINPUT);
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    }
    if (isset($total) && !is_numeric($total)) {
        unset($total);
    }
    $w = search_split_query($q);
    $flag = false;
    $column =& $pntable['comments_column'];
    $query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, ";
    $query .= "{$column['sid']} as sid, {$column['pid']} as pid FROM {$pntable['comments']} WHERE ";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                    break;
                case 'OR':
                default:
                    $query .= ' OR ';
                    break;
            }
        }
        $query .= '(';
        $query .= "{$column['subject']} LIKE '{$word}' OR ";
        $query .= "{$column['comment']} LIKE '{$word}'";
        $query .= ')';
        $flag = true;
    }
    $query .= " ORDER BY {$column['subject']}";
    if (empty($total)) {
        $countres = $dbconn->Execute($query);
        $total = $countres->PO_RecordCount();
        $countres->Close();
    }
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS);
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_comments=1&amp;bool={$bool}&amp;q={$q}";
        $output->Text("<ul>");
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            if ($row[pid] != 0) {
                // comment with parent posting
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=NS-Comments&amp;file=index&amp;req=showreply&amp;tid={$row['tid']}&amp;sid={$row['sid']}&amp;pid={$row['pid']}\">{$row['subject']}</a></li>");
            } else {
                // comment without parent posting
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=NS-Comments&amp;file=index&amp;tid={$row['tid']}&amp;sid={$row['sid']}#{$row['tid']}\">{$row['subject']}</a></li>");
            }
            $result->MoveNext();
        }
        $output->Text("</ul>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_COMMENTS . '</font>');
        $output->SetInputMode(_PNH_PARSEINPUT);
    }
    $output->Linebreak(3);
    return $output->GetOutput();
}
function search_downloads()
{
    list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total');
    if (empty($active_downloads)) {
        return;
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    }
    if (isset($total) && !is_numeric($total)) {
        unset($total);
    }
    $w = search_split_query($q);
    $flag = false;
    // fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't.  We use the column names in assoc array later...
    $column =& $pntable['downloads_downloads_column'];
    $query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['totalvotes']} as totalvotes, {$column['hits']} as hits, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                    break;
                case 'OR':
                default:
                    $query .= ' OR ';
                    break;
            }
        }
        $query .= '(';
        // downloads
        $query .= "{$column['description']} LIKE '{$word}' OR \n";
        $query .= "{$column['title']} LIKE '{$word}' OR \n";
        $query .= "{$column['submitter']} LIKE '{$word}' OR \n";
        $query .= "{$column['name']} LIKE '{$word}' OR \n";
        $query .= "{$column['homepage']} LIKE '{$word}' \n";
        $query .= ')';
        $flag = true;
    }
    $query .= " ORDER BY {$column['lid']}";
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            // we have a download id so get its category
            $column2 =& $pntable['downloads_categories_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
            list($title) = $result2->fields;
            if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
                $total++;
            }
            $countres->MoveNext();
        }
    }
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS);
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_downloads=1&amp;bool={$bool}&amp;q={$q}";
        $output->Text("<ul>");
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            // we have a download id so get its category
            $column2 =& $pntable['downloads_categories_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
            list($title) = $result2->fields;
            if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Downloads&amp;file=index&amp;req=getit&lid={$row['lid']}\">{$row['title']}</a> <font class=\"pn-normal\">(votes: {$row['totalvotes']} - hits: {$row['hits']})</font><br>Uploader: {$row['name']}<br>{$row['description']}</li>");
            }
            $result->MoveNext();
        }
        $output->Text("</ul>");
        // Mung URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_DOWNLOADS . '</font>');
        $output->SetInputMode(_PNH_PARSEINPUT);
    }
    $output->Linebreak(3);
    return $output->GetOutput();
}
Esempio n. 5
0
/**
 * view items
 */
function template_admin_view()
{
    // Get parameters from whatever input we need.  All arguments to this
    // function should be obtained from pnVarCleanFromInput(), getting them
    // from other places such as the environment is not allowed, as that makes
    // assumptions that will not hold in future versions of PostNuke
    $startnum = pnVarCleanFromInput('startnum');
    // Create output object - this object will store all of our output so that
    // we can return it easily when required
    $output = new pnHTML();
    if (!pnSecAuthAction(0, 'Template::', '::', ACCESS_EDIT)) {
        $output->Text(_TEMPLATENOAUTH);
        return $output->GetOutput();
    }
    // Add menu to output - it helps if all of the module pages have a standard
    // menu at their head to aid in navigation
    $output->SetInputMode(_PNH_VERBATIMINPUT);
    $output->Text(template_adminmenu());
    $output->SetInputMode(_PNH_PARSEINPUT);
    // Title - putting a title ad the head of each page reminds the user what
    // they are doing
    $output->Title(_VIEWTEMPLATE);
    // Load API.  Note that this is loading the user API, that is because the
    // user API contains the function to obtain item information which is the
    // first thing that we need to do.  If the API fails to load an appropriate
    // error message is posted and the function returns
    if (!pnModAPILoad('Template', 'user')) {
        $output->Text(_LOADFAILED);
        return $output->GetOutput();
    }
    // The user API function is called.  This takes the number of items
    // required and the first number in the list of all items, which we
    // obtained from the input and gets us the information on the appropriate
    // items.
    $items = pnModAPIFunc('Template', 'user', 'getall', array('startnum' => $startnum, 'numitems' => pnModGetVar('Template', 'itemsperpage')));
    // Start output table
    $output->TableStart('', array(_TEMPLATENAME, _TEMPLATENUMBER, _TEMPLATEOPTIONS), 3);
    foreach ($items as $item) {
        $row = array();
        if (pnSecAuthAction(0, 'Template::', "{$item['name']}::{$item['tid']}", ACCESS_READ)) {
            // Name and number.  Note that unlike the user function we do not
            // censor the text that is being displayed.  This is so the
            // administrator can see the text as exists in the database rather
            // than the munged output version
            $row[] = $item['name'];
            $row[] = $item['number'];
            // Options for the item.  Note that each item has the appropriate
            // levels of authentication checked to ensure that it is suitable
            // for display
            $options = array();
            $output->SetOutputMode(_PNH_RETURNOUTPUT);
            if (pnSecAuthAction(0, 'Template::', "{$item['name']}::{$item['tid']}", ACCESS_EDIT)) {
                $options[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'modify', array('tid' => $item['tid']))), _EDIT);
                if (pnSecAuthAction(0, 'Template::', "{$item['name']}::{$item['tid']}", ACCESS_DELETE)) {
                    $options[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'delete', array('tid' => $item['tid']))), _DELETE);
                }
            }
            $options = join(' | ', $options);
            $output->SetInputMode(_PNH_VERBATIMINPUT);
            $row[] = $output->Text($options);
            $output->SetOutputMode(_PNH_KEEPOUTPUT);
            $output->TableAddRow($row);
            $output->SetInputMode(_PNH_PARSEINPUT);
        }
    }
    $output->TableEnd();
    // Call the pnHTML helper function to produce a pager in case of there
    // being many items to display.
    //
    // Note that this function includes another user API function.  The
    // function returns a simple count of the total number of items in the item
    // table so that the pager function can do its job properly
    $output->Pager($startnum, pnModAPIFunc('Template', 'user', 'countitems'), pnModURL('Template', 'admin', 'view', array('startnum' => '%%')), pnModGetVar('Template', 'itemsperpage'));
    // Return the output that has been generated by this function
    return $output->GetOutput();
}
Esempio n. 6
0
function search_sections()
{
    list($active_sections, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_sections', 'startnum', 'total', 'bool', 'q');
    if (empty($active_sections)) {
        return;
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    $output->SetInputMode(_PNH_VERBATIMINPUT);
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    }
    if (isset($total) && !is_numeric($total)) {
        unset($total);
    }
    $w = search_split_query($q);
    $flag = false;
    $seccol =& $pntable['seccont_column'];
    $query = "SELECT {$seccol['artid']} as id, {$seccol['title']} as title, {$seccol['secid']} as secid\n              FROM {$pntable['seccont']}\n              WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                    break;
                case 'OR':
                default:
                    $query .= ' OR ';
                    break;
            }
        }
        $query .= '(';
        $query .= "{$seccol['title']} LIKE '{$word}' OR \n";
        $query .= "{$seccol['content']} LIKE '{$word}')\n";
        $flag = true;
    }
    if (pnConfigGetVar('multilingual') == 1) {
        $query .= " AND ({$seccol['slanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$seccol['slanguage']}='')";
    }
    $query .= " ORDER BY {$seccol['artid']}";
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            // we know about the section id so let's get the section name
            $column2 =& $pntable['sections_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
            list($secname) = $result2->fields;
            if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
                $total++;
            }
            $countres->MoveNext();
        }
    }
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_SECTIONS . ': ' . $total . ' ' . _SEARCHRESULTS);
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_sections=1&amp;bool={$bool}&amp;q={$q}";
        $output->Text('<ul>');
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            // we know about the section id so let's get the section name
            $column2 =& $pntable['sections_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
            list($secname) = $result2->fields;
            if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Sections&amp;file=index&amp;req=viewarticle&amp;artid={$row['id']}\">{$row['title']}</a><br></li>");
            }
            $result->MoveNext();
        }
        $output->Text('</ul>');
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_SECTIONS . '</font>');
        $output->SetInputMode(_PNH_PARSEINPUT);
    }
    $output->Linebreak(3);
    return $output->GetOutput();
}
Esempio n. 7
0
function search_faqs()
{
    list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs');
    if (empty($active_faqs)) {
        return;
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    $output->SetInputMode(_PNH_VERBATIMINPUT);
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    }
    if (isset($total) && !is_numeric($total)) {
        unset($total);
    }
    $w = search_split_query($q);
    $flag = false;
    $column =& $pntable['faqanswer_column'];
    $faqcatcol =& $pntable['faqcategories_column'];
    $query = "SELECT {$column['id_cat']} as id_cat, \n    \t\t\t\t{$column['question']} as question, \n    \t\t\t\t{$column['answer']} as answer,\n    \t\t\t\t{$faqcatcol['categories']} as categories\n              FROM {$pntable['faqanswer']} \n              LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n              WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                    break;
                case 'OR':
                default:
                    $query .= ' OR ';
                    break;
            }
        }
        $query .= '(';
        // faqs
        $query .= "{$column['question']} LIKE '{$word}' OR \n";
        $query .= "{$column['answer']} LIKE '{$word}'\n";
        $query .= ')';
        $flag = true;
    }
    if (pnConfigGetVar('multilingual') == 1) {
        $query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')";
    }
    $query .= " ORDER BY {$column['id']}";
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
                $total++;
            }
            $countres->MoveNext();
        }
    }
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS);
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_faqs=1&amp;bool={$bool}&amp;q={$q}";
        $output->Text("<ul>");
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=FAQ&amp;file=index&amp;myfaq=yes&id_cat={$row['id_cat']}\">{$row['question']}</a><br>Answer: " . nl2br($row[answer]) . "</li>");
            }
            $result->MoveNext();
        }
        $output->Text('</ul>');
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_FAQS . '</font>');
        $output->SetInputMode(_PNH_PARSEINPUT);
    }
    $output->Linebreak(3);
    return $output->GetOutput();
}
Esempio n. 8
0
function search_stories()
{
    list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool');
    if (!isset($active_stories) || !$active_stories) {
        return;
    }
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    }
    if (isset($total) && !is_numeric($total)) {
        unset($total);
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (empty($bool)) {
        $bool = 'OR';
    }
    $flag = false;
    $storcol =& $pntable['stories_column'];
    $stcatcol =& $pntable['stories_cat_column'];
    $topcol =& $pntable['topics_column'];
    $query = "";
    $query1 = "SELECT {$storcol['sid']} as sid,\n                     {$topcol['tid']} as topicid,\n                     {$topcol['topicname']} as topicname,\n                     {$topcol['topictext']} as topictext,\n                     {$storcol['catid']} as catid,\n                     {$storcol['time']} AS fdate,\n                     {$storcol['title']} AS story_title,\n                     {$storcol['aid']} AS aid,\n                     {$stcatcol['title']} AS cat_title\n               FROM {$pntable['stories']}\n               LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n               LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n               WHERE ";
    // hack to get this to work, but much better than what we had before
    //$query .= " 1 = 1 ";
    // words
    $w = search_split_query($q);
    if (isset($w)) {
        foreach ($w as $word) {
            if ($flag) {
                switch ($bool) {
                    case 'AND':
                        $query .= ' AND ';
                        break;
                    case 'OR':
                    default:
                        $query .= ' OR ';
                        break;
                }
            }
            $query .= '(';
            $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
            $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
            $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
            //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR ";
            $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
            $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'";
            $query .= ')';
            $flag = true;
            $no_flag = false;
        }
    } else {
        $no_flag = true;
    }
    // topics
    if (isset($stories_topics) && !empty($stories_topics)) {
        $flag = false;
        $start_flag = false;
        // dont set AND/OR if nothing is in front
        foreach ($stories_topics as $v) {
            if (empty($v)) {
                continue;
            }
            if (!$no_flag and !$start_flag) {
                $query .= " AND (";
                $start_flag = true;
            }
            if ($flag) {
                $query .= " OR ";
            }
            $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'";
            $flag = true;
        }
        if (!$no_flag and $start_flag) {
            $query .= ") ";
            $no_flag = false;
        }
    }
    // categories
    if (!is_array($stories_cat)) {
        $stories_cat[0] = '';
    }
    if (isset($stories_cat[0]) && !empty($stories_cat[0])) {
        if (!$no_flag) {
            $query .= " AND (";
        }
        $flag = false;
        foreach ($stories_cat as $v) {
            if ($flag) {
                $query .= " OR ";
            }
            $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'";
            $flag = true;
        }
        if (!$no_flag) {
            $query .= ") ";
            $no_flag = false;
        }
    }
    // authors
    if (isset($stories_author) && $stories_author != "") {
        if (!$no_flag) {
            $query .= " AND (";
        }
        $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'";
        $result = $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'");
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            $query .= " OR {$storcol['aid']}={$row['pn_uid']}";
            $result->MoveNext();
        }
        if (!$no_flag) {
            $query .= ") ";
            $no_flag = false;
        }
    } else {
        $stories_author = '';
    }
    if (pnConfigGetVar('multilingual') == 1) {
        if (!empty($query)) {
            $query .= " AND";
        }
        $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')";
    }
    if (empty($query)) {
        $query = "1";
    }
    $query .= " ORDER BY {$storcol['time']} DESC";
    $query = $query1 . $query;
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
                $total++;
            }
            $countres->MoveNext();
        }
    }
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS);
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_stories=1&amp;stories_author=" . $stories_author;
        if (isset($stories_cat) && $stories_cat) {
            foreach ($stories_cat as $v) {
                $url .= "&amp;stories_cat%5B%5D={$v}";
            }
        }
        if (isset($stories_topics) && $stories_topics) {
            foreach ($stories_topics as $v) {
                $url .= "&amp;stories_topics%5B%5D={$v}";
            }
        }
        $url .= "&amp;bool=" . $bool;
        if (isset($q)) {
            $url .= "&amp;q=" . $q;
        }
        $output->Text("<ul>");
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
                $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
                $output->Text("<li>");
                if (!empty($row['topicid'])) {
                    $output->Text("<b><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_stories=1&amp;stories_topics[0]=" . $row['topicid'] . "\">" . $row['topictext'] . "</a></b> - ");
                }
                if (!empty($row['catid'])) {
                    $output->Text("<a href=\"modules.php?op=modload&amp;name=News&amp;file=index&amp;catid=" . $row['catid'] . "\">" . $row['cat_title'] . "</a>: ");
                }
                if ($row['story_title'] == '') {
                    $row['story_title'] = 'No Title';
                }
                $output->Text('<i><a class="pn-normal" href="modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=' . $row['sid'] . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></i> - ' . $row['fdate'] . "</li>");
            }
            $result->MoveNext();
        }
        $output->Text("</ul>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_STORIES_TOPICS . '</font>');
        $output->SetInputMode(_PNH_PARSEINPUT);
    }
    $output->Linebreak(3);
    return $output->GetOutput();
}
Esempio n. 9
0
function search_reviews()
{
    list($active_reviews, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_reviews', 'startnum', 'total', 'bool', 'q');
    if (empty($active_reviews)) {
        return;
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    $output->SetInputMode(_PNH_VERBATIMINPUT);
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    }
    if (isset($total) && !is_numeric($total)) {
        unset($total);
    }
    $w = search_split_query($q);
    $flag = false;
    $revcol =& $pntable['reviews_column'];
    $comcol =& $pntable['reviews_comments_column'];
    $query = "SELECT DISTINCT {$revcol['id']} as id, {$revcol['title']} as title, {$revcol['score']} as score, {$revcol['hits']} as hits, {$revcol['reviewer']} as reviewer, {$revcol['date']} AS fdate\n              FROM {$pntable['reviews']} LEFT JOIN {$pntable['reviews_comments']} ON {$comcol['rid']}={$revcol['id']}\n              WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                    break;
                case 'OR':
                default:
                    $query .= ' OR ';
                    break;
            }
        }
        $query .= '(';
        // reviews
        $query .= "{$revcol['title']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['text']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['reviewer']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['cover']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['url']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['url_title']} LIKE '{$word}' OR \n";
        // reviews_comments
        $query .= "{$comcol['comments']} LIKE '{$word}'\n";
        $query .= ')';
        $flag = true;
    }
    if (pnConfigGetVar('multilingual') == 1) {
        $query .= " AND ({$revcol['rlanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$revcol['rlanguage']}='')";
    }
    $query .= " ORDER BY {$revcol['date']}";
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
                $total++;
            }
            $countres->MoveNext();
        }
    }
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_REVIEWS . ': ' . $total . ' ' . _SEARCHRESULTS);
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_reviews=1&amp;bool={$bool}&amp;q={$q}";
        $output->Text("<ul>");
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
            if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Reviews&amp;file=index&amp;req=showcontent&id={$row['id']}\">{$row['title']}</a> <font class=\"pn-sub\">(score: {$row['score']} - hits: {$row['hits']})</font><br>{$row['reviewer']}<br>{$row['fdate']}</li>");
            }
            $result->MoveNext();
        }
        $output->Text("</ul>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_REVIEWS . '</font>');
        $output->SetInputMode(_PNH_PARSEINPUT);
    }
    $output->Linebreak(3);
    return $output->GetOutput();
}