/**
* Find an extension by title, author name or extension key
* This is the function used by the TER search. It is using a
* scoring for the matches to sort the extension with an
* exact key match on top
*
* @param string $searchString The string to search for extensions
* @return mixed
*/
public function findByTitleOrAuthorNameOrExtensionKey($searchString)
{
$quotedSearchString = $this->databaseConnection->escapeStrForLike($this->databaseConnection->quoteStr($searchString, 'tx_extensionmanager_domain_model_extension'), 'tx_extensionmanager_domain_model_extension');
$quotedSearchStringForLike = '\'%' . $quotedSearchString . '%\'';
$quotedSearchString = '\'' . $quotedSearchString . '\'';
$select = 'tx_extensionmanager_domain_model_extension.*,
(
(extension_key like ' . $quotedSearchString . ') * 8 +
(extension_key like ' . $quotedSearchStringForLike . ') * 4 +
(title like ' . $quotedSearchStringForLike . ') * 2 +
(author_name like ' . $quotedSearchStringForLike . ')
) as position';
$from = 'tx_extensionmanager_domain_model_extension';
$where = '(
extension_key = ' . $quotedSearchString . '
OR
extension_key LIKE ' . $quotedSearchStringForLike . '
OR
title LIKE ' . $quotedSearchStringForLike . '
OR
description LIKE ' . $quotedSearchStringForLike . '
OR
author_name LIKE ' . $quotedSearchStringForLike . '
)
AND current_version=1 AND review_state >= 0
HAVING position > 0';
$order = 'position desc';
$result = $this->databaseConnection->exec_SELECTgetRows($select, $from, $where, '', $order);
return $this->dataMapper->map('TYPO3\\CMS\\Extensionmanager\\Domain\\Model\\Extension', $result);
}
/**
* Search for users and returns usernames as result
*
* @param string $sword search string
* @return array Array of usernames
*/
public function search($sword)
{
$result = array();
if (!$this->is_init) {
$this->init();
}
if (!$this->validateName($this->field)) {
return $result;
}
/** @see https://buzz.typo3.org/teams/security/article/correct-usage-of-typo3-database-api/ */
$sword = '"' . $this->databaseHandle->escapeStrForLike($this->databaseHandle->quoteStr($sword, 'fe_users'), 'fe_users') . '%"';
$res = $this->databaseHandle->exec_SELECTquery($this->field, 'fe_users', 'disable=0 AND deleted=0 AND ' . $this->field . ' LIKE ' . $sword . ' AND pid=' . $this->pid . ' AND FIND_IN_SET(' . $this->group_id . ', usergroup)', '', $this->field . ' ASC', '8');
while (list($item) = $this->databaseHandle->sql_fetch_row($res)) {
array_push($result, $item);
}
return $result;
}
/**
* Find an extension by title, author name or extension key
* This is the function used by the TER search. It is using a
* scoring for the matches to sort the extension with an
* exact key match on top
*
* @param string $searchString The string to search for extensions
* @return mixed
*/
public function findByTitleOrAuthorNameOrExtensionKey($searchString)
{
$quotedSearchString = $this->databaseConnection->escapeStrForLike($this->databaseConnection->quoteStr($searchString, 'tx_extensionmanager_domain_model_extension'), 'tx_extensionmanager_domain_model_extension');
$quotedSearchStringForLike = '\'%' . $quotedSearchString . '%\'';
$quotedSearchString = '\'' . $quotedSearchString . '\'';
$select = self::TABLE_NAME . '.*, ' . 'CASE ' . 'WHEN extension_key = ' . $quotedSearchString . ' THEN 16 ' . 'WHEN extension_key LIKE ' . $quotedSearchStringForLike . ' THEN 8 ' . 'WHEN title LIKE ' . $quotedSearchStringForLike . ' THEN 4 ' . 'WHEN description LIKE ' . $quotedSearchStringForLike . ' THEN 2 ' . 'WHEN author_name LIKE ' . $quotedSearchStringForLike . ' THEN 1 ' . 'END AS position';
$where = '(
extension_key = ' . $quotedSearchString . ' OR
extension_key LIKE ' . $quotedSearchStringForLike . ' OR
title LIKE ' . $quotedSearchStringForLike . ' OR
description LIKE ' . $quotedSearchStringForLike . ' OR
author_name LIKE ' . $quotedSearchStringForLike . '
)
AND current_version = 1 AND review_state >= 0';
$order = 'position DESC';
$result = $this->databaseConnection->exec_SELECTgetRows($select, self::TABLE_NAME, $where, '', $order);
return $this->dataMapper->map(\TYPO3\CMS\Extensionmanager\Domain\Model\Extension::class, $result);
}
/**
*
* Displays the user administration interface.
* This includes a list of all registered users ordered descending by
* username. The list includes the usergroups a user is member in and the
* user's age. A search function is also included.
*
* @return string The HTML output.
* @todo Outsource user management into own class!
*/
function userManagement()
{
/* Get template */
$template = file_get_contents(GeneralUtility::getFileAbsFileName('EXT:mm_forum/res/tmpl/mod1/users.html'));
$template = tx_mmforum_BeTools::getSubpart($template, '###USERS_LIST###');
$uTemplate = tx_mmforum_BeTools::getSubpart($template, '###USERS_LIST_ITEM###');
// Retrieve global variables
global $LANG, $BACK_PATH, $BE_USER;
/** @var $LANG \TYPO3\CMS\Lang\LanguageService */
// Generate SQL query
$ug = $this->feGroups2Array();
$mmforum = GeneralUtility::_GP('mmforum');
if ($mmforum['no_filter']) {
unset($mmforum['sword']);
unset($mmforum['old_sword']);
}
if ($mmforum['old_sword'] && !$mmforum['sword']) {
$mmforum['sword'] = $mmforum['old_sword'];
}
$gp = '';
if ($mmforum['sword']) {
$gp = '&mmforum[sword]=' . $mmforum['sword'];
}
$groups = implode(',', array(intval($this->confArr['userGroup']), intval($this->confArr['modGroup']), intval($this->confArr['adminGroup'])));
if ($sword = $mmforum['sword']) {
$sword = $this->databaseHandle->escapeStrForLike($sword, 'fe_users');
$sword = $this->databaseHandle->fullQuoteStr($sword . '%', 'fe_users');
$filter = 'username like ' . $sword;
} else {
$filter = '1';
}
// Determine sort order. The default is "ASC" order.
switch (strtoupper(GeneralUtility::_GP('mmforum_style'))) {
case 'DESC':
$orderBy = 'DESC';
break;
case 'ASC':
default:
$orderBy = 'ASC';
break;
}
if (GeneralUtility::_GP('mmforum_sort') == 'username') {
$order = 'username ' . $orderBy . '';
$uOrder = $orderBy == 'ASC' ? 'DESC' : 'ASC';
$aOrder = 'ASC';
} elseif (GeneralUtility::_GP('mmforum_sort') == 'age') {
$order = 'crdate ' . $orderBy . '';
$aOrder = $orderBy == 'ASC' ? 'DESC' : 'ASC';
$uOrder = 'ASC';
} else {
$order = 'username ' . $orderBy . '';
$aOrder = 'ASC';
$uOrder = 'DESC';
}
#$userGroup_query = "(".$this->confArr['userGroup']." IN (usergroup) OR ".$this->confArr['modGroup']." IN (usergroup) OR ".$this->confArr['adminGroup']." IN (usergroup))";
$userGroup_query = "(FIND_IN_SET('" . $this->confArr['userGroup'] . "',usergroup) OR FIND_IN_SET('" . $this->confArr['modGroup'] . "',usergroup) OR FIND_IN_SET('" . $this->confArr['adminGroup'] . "',usergroup))";
#$userGroup_query = "1";
$res = $this->databaseHandle->exec_SELECTquery('count(*)', 'fe_users', "{$filter} and pid='" . $this->confArr['userPID'] . "' and " . $userGroup_query . " and deleted=0");
$row = $this->databaseHandle->sql_fetch_row($res);
$records = $row[0];
$pages = ceil($records / $this->confArr['recordsPerPage']);
$offset = intval($mmforum['offset']);
// Page navigation
$pb = $LANG->getLL('page.page') . ' <a href="index.php?mmforum[offset]=0' . $gp . '">[' . $LANG->getLL('page.first') . ']</a> ';
$end = $offset + 6 >= $pages ? $pages : $offset + 6;
$start = $offset - 5;
if ($start < 0) {
$start = 0;
}
if ($start > 0) {
$pb .= '... ';
}
for ($i = $start; $i < $end; $i++) {
$pb .= '<a href="index.php?mmforum[offset]=' . $i . $gp . '">' . ($i == $offset ? '<b>' . ($i + 1) . '</b>' : $i + 1) . '</a> ';
}
if ($offset + 11 < $pages) {
$pb .= ' ... <a href="index.php?mmforum[offset]=' . ($pages - 1) . $gp . '">[' . $LANG->getLL('page.last') . ']</a> ';
}
// Generate header table
if ($records < $this->confArr['recordsPerPage']) {
$mDisp = $records;
} else {
$mDisp = $offset * $this->confArr['recordsPerPage'] + $this->confArr['recordsPerPage'];
}
$userString = sprintf($LANG->getLL('useradmin.usercount'), $offset * $this->confArr['recordsPerPage'] + 1, $mDisp, $records);
$out = '<table width="733"><tr>';
$out .= '<td width="420">' . $pb . '</td>';
$out .= '<td width="120" align="center"><b>' . $userString . '</b></td>';
$out .= '<td align="right">' . $LANG->getLL('useradmin.searchfor') . ': <input type="text" id="sword" size="20" name="mmforum[sword]" /></td>';
$out .= '</tr></table>';
if ($mmforum['sword'] || $mmforum['old_sword']) {
$out .= '<p>' . $LANG->getLL('useradmin.filter') . ': ' . $mmforum['sword'] . '* <a href="index.php?mmforum[no_filter]=1&' . $this->linkParams($mmforum) . '">' . $LANG->getLL('useradmin.filter.clear') . '</a></p>';
$out .= '<input type="hidden" name="mmforum[old_sword]" value="' . $mmforum['sword'] . '" />';
}
// Display userdata table
// Execute database query
$res = $this->databaseHandle->exec_SELECTquery('*', 'fe_users', "{$filter} and pid='" . $this->confArr['userPID'] . "' and deleted=0 AND " . $userGroup_query, '', $order, $offset * $this->confArr['recordsPerPage'] . "," . $this->confArr['recordsPerPage']);
if ($res) {
$marker = array('###USERS_LLL_TITLE###' => $LANG->getLL('users.title'), '###USERS_LLL_USERNAME###' => '<a href="index.php?mmforum_sort=username&mmforum_style=' . $uOrder . '">' . $LANG->getLL('useradmin.username') . '</a>', '###USERS_LLL_REGISTERED###' => '<a href="index.php?mmforum_sort=age&mmforum_style=' . $aOrder . '">' . $LANG->getLL('useradmin.age') . '</a>', '###USERS_LLL_GROUPS###' => $LANG->getLL('useradmin.usergroup'), '###USERS_LLL_OPTIONS###' => ' ');
$i = 0;
$uContent = '';
while ($row = $this->databaseHandle->sql_fetch_assoc($res)) {
// Display user groups
$g = explode(',', $row['usergroup']);
$outg = '';
foreach ($g as $sg) {
$outg .= $ug[$sg] . ', ';
}
$iconAltText = BackendUtility::getRecordIconAltText($row, $table);
$elementTitle = BackendUtility::getRecordPath($row['uid'], '1=1', 0);
$elementTitle = GeneralUtility::fixed_lgd_cs($elementTitle, -$BE_USER->uc['titleLen']);
$elementIcon = IconUtility::getIconImage($table, $row, $BACK_PATH, 'class="c-recicon" title="' . $iconAltText . '"');
$params = '&edit[fe_users][' . $row['uid'] . ']=edit';
$editOnClick = BackendUtility::editOnClick($params, $BACK_PATH);
// Generate row item
$class_suffix = $i++ % 2 == 0 ? '2' : '';
$link = "index.php?mmforum[cid]=" . $row['uid'];
$js = 'onmouseover="this.className=\'mm_forum-listrow_active\'; this.style.cursor=\'pointer\';" onmouseout="this.className=\'mm_forum-listrow' . $class_suffix . '\'" onclick="' . htmlspecialchars($editOnClick) . '"';
$icon = '<img src="../icon_tx_mmforum_forums.gif" />';
$hidden = $row['hidden'] == 1 ? '<span style="color:blue;">[' . $LANG->getLL('boardadmin.hidden') . ']</span> ' : '';
$uMarker = array('###USER_USERNAME###' => htmlspecialchars($row['username']), '###USER_REGISTERED###' => BackendUtility::dateTimeAge($row['crdate'], 1), '###USER_GROUPS###' => substr($outg, -2) == ', ' ? substr($outg, 0, strlen($outg) - 2) : $outg, '###USER_OPTIONS###' => '<img src="img/edit.png" onclick="' . htmlspecialchars($editOnClick) . '" style="cursor:pointer;" />');
$uContent .= tx_mmforum_BeTools::substituteMarkerArray($uTemplate, $uMarker);
}
$template = tx_mmforum_BeTools::substituteSubpart($template, '###USERS_LIST_ITEM###', $uContent);
$template = tx_mmforum_BeTools::substituteMarkerArray($template, $marker);
$out .= $template;
}
return $out;
}
/**
* Go through the soft refindex and find all occurences where the old filename
* is still written in the ref_string
*
* @return array Entries from sys_refindex
*/
protected function findMagicImagesInOldLocation()
{
$records = $this->db->exec_SELECTgetRows('hash, tablename, recuid, field, ref_table, ref_uid, ref_string', 'sys_refindex', 'ref_string LIKE ' . $this->db->fullQuoteStr($this->db->escapeStrForLike($this->oldPrefix, 'sys_refindex') . '%', 'sys_refindex'), '', 'ref_string ASC');
return $records;
}
/**
* @test
*/
public function escapeStringForLikeComparison()
{
$this->assertEquals('foo\\_bar\\%', $this->fixture->escapeStrForLike('foo_bar%', 'table'));
}
