[ Index ]

PHP Cross Reference of MyBB 1.8.17

title

Body

[close]

/ -> search.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'search.php');
  14  
  15  $templatelist = "search,forumdisplay_thread_gotounread,search_results_threads_thread,search_results_threads,search_results_posts,search_results_posts_post,search_results_icon,search_forumlist_forum,search_forumlist";
  16  $templatelist .= ",multipage,multipage_breadcrumb,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  17  $templatelist .= ",search_results_posts_inlinecheck,search_results_posts_nocheck,search_results_threads_inlinecheck,search_results_threads_nocheck,search_results_inlinemodcol,search_results_inlinemodcol_empty,search_results_posts_inlinemoderation_custom_tool";
  18  $templatelist .= ",search_results_posts_inlinemoderation_custom,search_results_posts_inlinemoderation,search_results_threads_inlinemoderation_custom_tool,search_results_threads_inlinemoderation_custom,search_results_threads_inlinemoderation";
  19  $templatelist .= ",forumdisplay_thread_attachment_count,search_threads_inlinemoderation_selectall,search_posts_inlinemoderation_selectall,post_prefixselect_prefix,post_prefixselect_multiple,search_orderarrow";
  20  $templatelist .= ",search_results_posts_forumlink,search_results_threads_forumlink,forumdisplay_thread_multipage_more,forumdisplay_thread_multipage_page,forumdisplay_thread_multipage,search_moderator_options";
  21  
  22  require_once  "./global.php";
  23  require_once  MYBB_ROOT."inc/functions_post.php";
  24  require_once  MYBB_ROOT."inc/functions_search.php";
  25  require_once  MYBB_ROOT."inc/class_parser.php";
  26  $parser = new postParser;
  27  
  28  // Load global language phrases
  29  $lang->load("search");
  30  
  31  add_breadcrumb($lang->nav_search, "search.php");
  32  
  33  $mybb->input['action'] = $mybb->get_input('action');
  34  switch($mybb->input['action'])
  35  {
  36      case "results":
  37          add_breadcrumb($lang->nav_results);
  38          break;
  39      default:
  40          break;
  41  }
  42  
  43  if($mybb->usergroup['cansearch'] == 0)
  44  {
  45      error_no_permission();
  46  }
  47  
  48  $now = TIME_NOW;
  49  $mybb->input['keywords'] = trim($mybb->get_input('keywords'));
  50  
  51  $limitsql = "";
  52  if((int)$mybb->settings['searchhardlimit'] > 0)
  53  {
  54      $limitsql = "LIMIT ".(int)$mybb->settings['searchhardlimit'];
  55  }
  56  
  57  if($mybb->input['action'] == "results")
  58  {
  59      $sid = $db->escape_string($mybb->get_input('sid'));
  60      $query = $db->simple_select("searchlog", "*", "sid='$sid'");
  61      $search = $db->fetch_array($query);
  62  
  63      if(!$search['sid'])
  64      {
  65          error($lang->error_invalidsearch);
  66      }
  67  
  68      $plugins->run_hooks("search_results_start");
  69  
  70      // Decide on our sorting fields and sorting order.
  71      $order = my_strtolower(htmlspecialchars_uni($mybb->get_input('order')));
  72      $sortby = my_strtolower(htmlspecialchars_uni($mybb->get_input('sortby')));
  73  
  74      switch($sortby)
  75      {
  76          case "replies":
  77              $sortfield = "t.replies";
  78              break;
  79          case "views":
  80              $sortfield = "t.views";
  81              break;
  82          case "subject":
  83              if($search['resulttype'] == "threads")
  84              {
  85                  $sortfield = "t.subject";
  86              }
  87              else
  88              {
  89                  $sortfield = "p.subject";
  90              }
  91              break;
  92          case "forum":
  93              $sortfield = "f.name";
  94              break;
  95          case "starter":
  96              if($search['resulttype'] == "threads")
  97              {
  98                  $sortfield = "t.username";
  99              }
 100              else
 101              {
 102                  $sortfield = "p.username";
 103              }
 104              break;
 105          case "lastpost":
 106          default:
 107              if($search['resulttype'] == "threads")
 108              {
 109                  $sortfield = "t.lastpost";
 110                  $sortby = "lastpost";
 111              }
 112              else
 113              {
 114                  $sortfield = "p.dateline";
 115                  $sortby = "dateline";
 116              }
 117              break;
 118      }
 119  
 120      if($order != "asc")
 121      {
 122          $order = "desc";
 123          $oppsortnext = "asc";
 124          $oppsort = $lang->asc;
 125      }
 126      else
 127      {
 128          $oppsortnext = "desc";
 129          $oppsort = $lang->desc;
 130      }
 131  
 132      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 133      {
 134          $mybb->settings['threadsperpage'] = 20;
 135      }
 136  
 137      // Work out pagination, which page we're at, as well as the limits.
 138      $perpage = $mybb->settings['threadsperpage'];
 139      $page = $mybb->get_input('page');
 140      if($page > 0)
 141      {
 142          $start = ($page-1) * $perpage;
 143      }
 144      else
 145      {
 146          $start = 0;
 147          $page = 1;
 148      }
 149      $end = $start + $perpage;
 150      $lower = $start+1;
 151      $upper = $end;
 152  
 153      // Work out if we have terms to highlight
 154      $highlight = "";
 155      if($search['keywords'])
 156      {
 157          if($mybb->seo_support == true)
 158          {
 159              $highlight = "?highlight=".urlencode($search['keywords']);
 160          }
 161          else
 162          {
 163              $highlight = "&amp;highlight=".urlencode($search['keywords']);
 164          }
 165      }
 166  
 167      $sorturl = "search.php?action=results&amp;sid={$sid}";
 168      $thread_url = "";
 169      $post_url = "";
 170  
 171      $orderarrow = array('replies' => '', 'views' => '', 'subject' => '', 'forum' => '', 'starter' => '', 'lastpost' => '', 'dateline' => '');
 172  
 173      eval("\$orderarrow['$sortby'] = \"".$templates->get("search_orderarrow")."\";");
 174  
 175      // Read some caches we will be using
 176      $forumcache = $cache->read("forums");
 177      $icon_cache = $cache->read("posticons");
 178  
 179      $threads = array();
 180  
 181      if($mybb->user['uid'] == 0)
 182      {
 183          // Build a forum cache.
 184          $query = $db->query("
 185              SELECT fid
 186              FROM ".TABLE_PREFIX."forums
 187              WHERE active != 0
 188              ORDER BY pid, disporder
 189          ");
 190  
 191          $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
 192      }
 193      else
 194      {
 195          // Build a forum cache.
 196          $query = $db->query("
 197              SELECT f.fid, fr.dateline AS lastread
 198              FROM ".TABLE_PREFIX."forums f
 199              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
 200              WHERE f.active != 0
 201              ORDER BY pid, disporder
 202          ");
 203      }
 204  
 205      while($forum = $db->fetch_array($query))
 206      {
 207          if($mybb->user['uid'] == 0)
 208          {
 209              if($forumsread[$forum['fid']])
 210              {
 211                  $forum['lastread'] = $forumsread[$forum['fid']];
 212              }
 213          }
 214          $readforums[$forum['fid']] = $forum['lastread'];
 215      }
 216      $fpermissions = forum_permissions();
 217  
 218      // Inline Mod Column for moderators
 219      $inlinemodcol = $inlinecookie = '';
 220      $is_mod = $is_supermod = $show_inline_moderation = false;
 221      if($mybb->usergroup['issupermod'])
 222      {
 223          $is_supermod = true;
 224      }
 225      if($is_supermod || is_moderator())
 226      {
 227          $inlinecookie = "inlinemod_search".$sid;
 228          $inlinecount = 0;
 229          $is_mod = true;
 230          $return_url = 'search.php?'.htmlspecialchars_uni($_SERVER['QUERY_STRING']);
 231      }
 232  
 233      // Show search results as 'threads'
 234      if($search['resulttype'] == "threads")
 235      {
 236          $threadcount = 0;
 237  
 238          // Moderators can view unapproved threads
 239          $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 240          if($mybb->usergroup['issupermod'] == 1)
 241          {
 242              // Super moderators (and admins)
 243              $unapproved_where = "t.visible>=-1";
 244          }
 245          elseif($db->num_rows($query))
 246          {
 247              // Normal moderators
 248              $unapprove_forums = array();
 249              $deleted_forums = array();
 250              $unapproved_where = '(t.visible = 1';
 251              while($moderator = $db->fetch_array($query))
 252              {
 253                  if($moderator['canviewunapprove'] == 1)
 254                  {
 255                      $unapprove_forums[] = $moderator['fid'];
 256                  }
 257  
 258                  if($moderator['canviewdeleted'] == 1)
 259                  {
 260                      $deleted_forums[] = $moderator['fid'];
 261                  }
 262              }
 263  
 264              if(!empty($unapprove_forums))
 265              {
 266                  $unapproved_where .= " OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
 267              }
 268              if(!empty($deleted_forums))
 269              {
 270                  $unapproved_where .= " OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
 271              }
 272              $unapproved_where .= ')';
 273          }
 274          else
 275          {
 276              // Normal users
 277              $unapproved_where = 't.visible>0';
 278          }
 279  
 280          // If we have saved WHERE conditions, execute them
 281          if($search['querycache'] != "")
 282          {
 283              $where_conditions = $search['querycache'];
 284              $query = $db->simple_select("threads t", "t.tid", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' ORDER BY t.lastpost DESC {$limitsql}");
 285              while($thread = $db->fetch_array($query))
 286              {
 287                  $threads[$thread['tid']] = $thread['tid'];
 288                  $threadcount++;
 289              }
 290              // Build our list of threads.
 291              if($threadcount > 0)
 292              {
 293                  $search['threads'] = implode(",", $threads);
 294              }
 295              // No results.
 296              else
 297              {
 298                  error($lang->error_nosearchresults);
 299              }
 300              $where_conditions = "t.tid IN (".$search['threads'].")";
 301          }
 302          // This search doesn't use a query cache, results stored in search table.
 303          else
 304          {
 305              $where_conditions = "t.tid IN (".$search['threads'].")";
 306              $query = $db->simple_select("threads t", "COUNT(t.tid) AS resultcount", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' {$limitsql}");
 307              $count = $db->fetch_array($query);
 308  
 309              if(!$count['resultcount'])
 310              {
 311                  error($lang->error_nosearchresults);
 312              }
 313              $threadcount = $count['resultcount'];
 314          }
 315  
 316          $permsql = "";
 317          $onlyusfids = array();
 318  
 319          // Check group permissions if we can't view threads not started by us
 320          $group_permissions = forum_permissions();
 321          foreach($group_permissions as $fid => $forum_permissions)
 322          {
 323              if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 324              {
 325                  $onlyusfids[] = $fid;
 326              }
 327          }
 328          if(!empty($onlyusfids))
 329          {
 330              $permsql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 331          }
 332  
 333          $unsearchforums = get_unsearchable_forums();
 334          if($unsearchforums)
 335          {
 336              $permsql .= " AND t.fid NOT IN ($unsearchforums)";
 337          }
 338          $inactiveforums = get_inactive_forums();
 339          if($inactiveforums)
 340          {
 341              $permsql .= " AND t.fid NOT IN ($inactiveforums)";
 342          }
 343  
 344          // Begin selecting matching threads, cache them.
 345          $sqlarray = array(
 346              'order_by' => $sortfield,
 347              'order_dir' => $order,
 348              'limit_start' => $start,
 349              'limit' => $perpage
 350          );
 351          $query = $db->query("
 352              SELECT t.*, u.username AS userusername
 353              FROM ".TABLE_PREFIX."threads t
 354              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
 355              LEFT JOIN ".TABLE_PREFIX."forums f ON (t.fid=f.fid)
 356              WHERE $where_conditions AND {$unapproved_where} {$permsql} AND t.closed NOT LIKE 'moved|%'
 357              ORDER BY $sortfield $order
 358              LIMIT $start, $perpage
 359          ");
 360  
 361          $threadprefixes = build_prefixes();
 362          $thread_cache = array();
 363          while($thread = $db->fetch_array($query))
 364          {
 365              $thread['threadprefix'] = '';
 366              if($thread['prefix'] && !empty($threadprefixes[$thread['prefix']]))
 367              {
 368                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'];
 369              }
 370              $thread_cache[$thread['tid']] = $thread;
 371          }
 372          $thread_ids = implode(",", array_keys($thread_cache));
 373  
 374          if(empty($thread_ids))
 375          {
 376              error($lang->error_nosearchresults);
 377          }
 378  
 379          // Fetch dot icons if enabled
 380          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] && $thread_cache)
 381          {
 382              $p_unapproved_where = str_replace('t.', '', $unapproved_where);
 383              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$thread_ids}) AND {$p_unapproved_where}");
 384              while($thread = $db->fetch_array($query))
 385              {
 386                  $thread_cache[$thread['tid']]['dot_icon'] = 1;
 387              }
 388          }
 389  
 390          // Fetch the read threads.
 391          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 392          {
 393              $query = $db->simple_select("threadsread", "tid,dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$thread_ids.")");
 394              while($readthread = $db->fetch_array($query))
 395              {
 396                  $thread_cache[$readthread['tid']]['lastread'] = $readthread['dateline'];
 397              }
 398          }
 399  
 400          if(!$mybb->settings['maxmultipagelinks'])
 401          {
 402              $mybb->settings['maxmultipagelinks'] = 5;
 403          }
 404  
 405          $results = '';
 406  
 407          foreach($thread_cache as $thread)
 408          {
 409              $bgcolor = alt_trow();
 410              $folder = '';
 411              $prefix = '';
 412  
 413              // Unapproved colour
 414              if($thread['visible'] == 0)
 415              {
 416                  $bgcolor = 'trow_shaded';
 417              }
 418              elseif($thread['visible'] == -1)
 419              {
 420                  $bgcolor = 'trow_shaded trow_deleted';
 421              }
 422  
 423              if($thread['userusername'])
 424              {
 425                  $thread['username'] = $thread['userusername'];
 426              }
 427              $thread['username'] = htmlspecialchars_uni($thread['username']);
 428              $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
 429  
 430              // If this thread has a prefix, insert a space between prefix and subject
 431              if($thread['prefix'] != 0)
 432              {
 433                  $thread['threadprefix'] .= '&nbsp;';
 434              }
 435  
 436              $thread['subject'] = $parser->parse_badwords($thread['subject']);
 437              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
 438  
 439              if(isset($icon_cache[$thread['icon']]))
 440              {
 441                  $posticon = $icon_cache[$thread['icon']];
 442                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 443                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 444                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 445                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 446              }
 447              else
 448              {
 449                  $icon = "&nbsp;";
 450              }
 451              if($thread['poll'])
 452              {
 453                  $prefix = $lang->poll_prefix;
 454              }
 455  
 456              // Determine the folder
 457              $folder = '';
 458              $folder_label = '';
 459              if(isset($thread['dot_icon']))
 460              {
 461                  $folder = "dot_";
 462                  $folder_label .= $lang->icon_dot;
 463              }
 464              $gotounread = '';
 465              $isnew = 0;
 466              $donenew = 0;
 467              $last_read = 0;
 468  
 469              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 470              {
 471                  $forum_read = $readforums[$thread['fid']];
 472  
 473                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 474                  if($forum_read == 0 || $forum_read < $read_cutoff)
 475                  {
 476                      $forum_read = $read_cutoff;
 477                  }
 478              }
 479              else
 480              {
 481                  $forum_read = $forumsread[$thread['fid']];
 482              }
 483  
 484              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $thread['lastpost'] > $forum_read)
 485              {
 486                  if($thread['lastread'])
 487                  {
 488                      $last_read = $thread['lastread'];
 489                  }
 490                  else
 491                  {
 492                      $last_read = $read_cutoff;
 493                  }
 494              }
 495              else
 496              {
 497                  $last_read = my_get_array_cookie("threadread", $thread['tid']);
 498              }
 499  
 500              if($forum_read > $last_read)
 501              {
 502                  $last_read = $forum_read;
 503              }
 504  
 505              if($thread['lastpost'] > $last_read && $last_read)
 506              {
 507                  $folder .= "new";
 508                  $new_class = "subject_new";
 509                  $folder_label .= $lang->icon_new;
 510                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost").$highlight;
 511                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 512                  $unreadpost = 1;
 513              }
 514              else
 515              {
 516                  $new_class = 'subject_old';
 517                  $folder_label .= $lang->icon_no_new;
 518              }
 519  
 520              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
 521              {
 522                  $folder .= "hot";
 523                  $folder_label .= $lang->icon_hot;
 524              }
 525              if($thread['closed'] == 1)
 526              {
 527                  $folder .= "close";
 528                  $folder_label .= $lang->icon_close;
 529              }
 530              $folder .= "folder";
 531  
 532              if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 533              {
 534                  $mybb->settings['postsperpage'] = 20;
 535              }
 536  
 537              $thread['pages'] = 0;
 538              $thread['multipage'] = '';
 539              $threadpages = '';
 540              $morelink = '';
 541              $thread['posts'] = $thread['replies'] + 1;
 542              if(is_moderator($thread['fid'], "canviewdeleted") == true || is_moderator($thread['fid'], "canviewunapprove") == true)
 543              {
 544                  if(is_moderator($thread['fid'], "canviewdeleted") == true)
 545                  {
 546                      $thread['posts'] += $thread['deletedposts'];
 547                  }
 548                  if(is_moderator($thread['fid'], "canviewunapprove") == true)
 549                  {
 550                      $thread['posts'] += $thread['unapprovedposts'];
 551                  }
 552              }
 553              elseif($group_permissions[$thread['fid']]['canviewdeletionnotice'] != 0)
 554              {
 555                  $thread['posts'] += $thread['deletedposts'];
 556              }
 557  
 558              if($thread['posts'] > $mybb->settings['postsperpage'])
 559              {
 560                  $thread['pages'] = $thread['posts'] / $mybb->settings['postsperpage'];
 561                  $thread['pages'] = ceil($thread['pages']);
 562                  if($thread['pages'] > $mybb->settings['maxmultipagelinks'])
 563                  {
 564                      $pagesstop = $mybb->settings['maxmultipagelinks'] - 1;
 565                      $page_link = get_thread_link($thread['tid'], $thread['pages']).$highlight;
 566                      eval("\$morelink = \"".$templates->get("forumdisplay_thread_multipage_more")."\";");
 567                  }
 568                  else
 569                  {
 570                      $pagesstop = $thread['pages'];
 571                  }
 572                  for($i = 1; $i <= $pagesstop; ++$i)
 573                  {
 574                      $page_link = get_thread_link($thread['tid'], $i).$highlight;
 575                      eval("\$threadpages .= \"".$templates->get("forumdisplay_thread_multipage_page")."\";");
 576                  }
 577                  eval("\$thread['multipage'] = \"".$templates->get("forumdisplay_thread_multipage")."\";");
 578              }
 579              else
 580              {
 581                  $threadpages = '';
 582                  $morelink = '';
 583                  $thread['multipage'] = '';
 584              }
 585              $lastpostdate = my_date('relative', $thread['lastpost']);
 586              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
 587              $lastposteruid = $thread['lastposteruid'];
 588              if(!$lastposteruid && !$thread['lastposter'])
 589              {
 590                  $lastposter = htmlspecialchars_uni($lang->guest);
 591              }
 592              else
 593              {
 594                  $lastposter = htmlspecialchars_uni($thread['lastposter']);
 595              }
 596              $thread_link = get_thread_link($thread['tid']);
 597  
 598              // Don't link to guest's profiles (they have no profile).
 599              if($lastposteruid == 0)
 600              {
 601                  $lastposterlink = $lastposter;
 602              }
 603              else
 604              {
 605                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
 606              }
 607  
 608              $thread['replies'] = my_number_format($thread['replies']);
 609              $thread['views'] = my_number_format($thread['views']);
 610  
 611              $thread['forumlink'] = '';
 612              if($forumcache[$thread['fid']])
 613              {
 614                  $thread['forumlink_link'] = get_forum_link($thread['fid']);
 615                  $thread['forumlink_name'] = $forumcache[$thread['fid']]['name'];
 616                  eval("\$thread['forumlink'] = \"".$templates->get("search_results_threads_forumlink")."\";");
 617              }
 618  
 619              // If this user is the author of the thread and it is not closed or they are a moderator, they can edit
 620              if(($thread['uid'] == $mybb->user['uid'] && $thread['closed'] != 1 && $mybb->user['uid'] != 0 && $fpermissions[$thread['fid']]['caneditposts'] == 1) || is_moderator($thread['fid'], "caneditposts"))
 621              {
 622                  $inline_edit_class = "subject_editable";
 623              }
 624              else
 625              {
 626                  $inline_edit_class = "";
 627              }
 628  
 629              // If this thread has 1 or more attachments show the papperclip
 630              if($mybb->settings['enableattachments'] == 1 && $thread['attachmentcount'] > 0)
 631              {
 632                  if($thread['attachmentcount'] > 1)
 633                  {
 634                      $attachment_count = $lang->sprintf($lang->attachment_count_multiple, $thread['attachmentcount']);
 635                  }
 636                  else
 637                  {
 638                      $attachment_count = $lang->attachment_count;
 639                  }
 640  
 641                  eval("\$attachment_count = \"".$templates->get("forumdisplay_thread_attachment_count")."\";");
 642              }
 643              else
 644              {
 645                  $attachment_count = '';
 646              }
 647  
 648              $inline_edit_tid = $thread['tid'];
 649  
 650              // Inline thread moderation
 651              $inline_mod_checkbox = '';
 652              if($is_supermod || is_moderator($thread['fid']))
 653              {
 654                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$thread['tid']}|") !== false)
 655                  {
 656                      $inlinecheck = "checked=\"checked\"";
 657                      ++$inlinecount;
 658                  }
 659                  else
 660                  {
 661                      $inlinecheck = '';
 662                  }
 663  
 664                  // If this user is allowed to use the inline moderation tools for at least one thread, include the necessary scripts
 665                  $show_inline_moderation = true;
 666  
 667                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_inlinecheck")."\";");
 668              }
 669              elseif($is_mod)
 670              {
 671                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_nocheck")."\";");
 672              }
 673  
 674              $plugins->run_hooks("search_results_thread");
 675              eval("\$results .= \"".$templates->get("search_results_threads_thread")."\";");
 676          }
 677          if(!$results)
 678          {
 679              error($lang->error_nosearchresults);
 680          }
 681          $multipage = multipage($threadcount, $perpage, $page, "search.php?action=results&amp;sid=$sid&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
 682          if($upper > $threadcount)
 683          {
 684              $upper = $threadcount;
 685          }
 686  
 687          // Inline Thread Moderation Options
 688          if($show_inline_moderation)
 689          {
 690              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
 691  
 692              // If user has moderation tools available, prepare the Select All feature
 693              $lang->page_selected = $lang->sprintf($lang->page_selected, count($thread_cache));
 694              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$threadcount);
 695              $lang->select_all = $lang->sprintf($lang->select_all, (int)$threadcount);
 696              eval("\$selectall = \"".$templates->get("search_threads_inlinemoderation_selectall")."\";");
 697  
 698              $customthreadtools = '';
 699              switch($db->type)
 700              {
 701                  case "pgsql":
 702                  case "sqlite":
 703                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
 704                      break;
 705                  default:
 706                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
 707              }
 708  
 709              while($tool = $db->fetch_array($query))
 710              {
 711                  $tool['name'] = htmlspecialchars_uni($tool['name']);
 712                  eval("\$customthreadtools .= \"".$templates->get("search_results_threads_inlinemoderation_custom_tool")."\";");
 713              }
 714              // Build inline moderation dropdown
 715              if(!empty($customthreadtools))
 716              {
 717                  eval("\$customthreadtools = \"".$templates->get("search_results_threads_inlinemoderation_custom")."\";");
 718              }
 719              eval("\$inlinemod = \"".$templates->get("search_results_threads_inlinemoderation")."\";");
 720          }
 721          elseif($is_mod)
 722          {
 723              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
 724          }
 725  
 726          $plugins->run_hooks("search_results_end");
 727  
 728          eval("\$searchresults = \"".$templates->get("search_results_threads")."\";");
 729          output_page($searchresults);
 730      }
 731      else // Displaying results as posts
 732      {
 733          if(!$search['posts'])
 734          {
 735              error($lang->error_nosearchresults);
 736          }
 737  
 738          $postcount = 0;
 739  
 740          // Moderators can view unapproved threads
 741          $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 742          if($mybb->usergroup['issupermod'] == 1)
 743          {
 744              // Super moderators (and admins)
 745              $unapproved_where = "visible >= -1";
 746          }
 747          elseif($db->num_rows($query))
 748          {
 749              // Normal moderators
 750              $unapprove_forums = array();
 751              $deleted_forums = array();
 752              $unapproved_where = '(visible = 1';
 753  
 754              while($moderator = $db->fetch_array($query))
 755              {
 756                  if($moderator['canviewunapprove'] == 1)
 757                  {
 758                      $unapprove_forums[] = $moderator['fid'];
 759                  }
 760  
 761                  if($moderator['canviewdeleted'] == 1)
 762                  {
 763                      $deleted_forums[] = $moderator['fid'];
 764                  }
 765              }
 766  
 767              if(!empty($unapprove_forums))
 768              {
 769                  $unapproved_where .= " OR (visible = 0 AND fid IN(".implode(',', $unapprove_forums)."))";
 770              }
 771              if(!empty($deleted_forums))
 772              {
 773                  $unapproved_where .= " OR (visible = -1 AND fid IN(".implode(',', $deleted_forums)."))";
 774              }
 775              $unapproved_where .= ')';
 776          }
 777          else
 778          {
 779              // Normal users
 780              $unapproved_where = 'visible = 1';
 781          }
 782  
 783          $post_cache_options = array();
 784          if((int)$mybb->settings['searchhardlimit'] > 0)
 785          {
 786              $post_cache_options['limit'] = (int)$mybb->settings['searchhardlimit'];
 787          }
 788  
 789          if(strpos($sortfield, 'p.') !== false)
 790          {
 791              $post_cache_options['order_by'] = str_replace('p.', '', $sortfield);
 792              $post_cache_options['order_dir'] = $order;
 793          }
 794  
 795          $tids = array();
 796          $pids = array();
 797          // Make sure the posts we're viewing we have permission to view.
 798          $query = $db->simple_select("posts", "pid, tid", "pid IN(".$db->escape_string($search['posts']).") AND {$unapproved_where}", $post_cache_options);
 799          while($post = $db->fetch_array($query))
 800          {
 801              $pids[$post['pid']] = $post['tid'];
 802              $tids[$post['tid']][$post['pid']] = $post['pid'];
 803          }
 804  
 805          if(!empty($pids))
 806          {
 807              $temp_pids = array();
 808  
 809              $group_permissions = forum_permissions();
 810              $permsql = '';
 811              $onlyusfids = array();
 812  
 813              foreach($group_permissions as $fid => $forum_permissions)
 814              {
 815                  if(!empty($forum_permissions['canonlyviewownthreads']))
 816                  {
 817                      $onlyusfids[] = $fid;
 818                  }
 819              }
 820  
 821              if($onlyusfids)
 822              {
 823                  $permsql .= " OR (fid IN(".implode(',', $onlyusfids).") AND uid!={$mybb->user['uid']})";
 824              }
 825              $unsearchforums = get_unsearchable_forums();
 826              if($unsearchforums)
 827              {
 828                  $permsql .= " OR fid IN ($unsearchforums)";
 829              }
 830              $inactiveforums = get_inactive_forums();
 831              if($inactiveforums)
 832              {
 833                  $permsql .= " OR fid IN ($inactiveforums)";
 834              }
 835  
 836              // Check the thread records as well. If we don't have permissions, remove them from the listing.
 837              $query = $db->simple_select("threads", "tid", "tid IN(".$db->escape_string(implode(',', $pids)).") AND ({$unapproved_where}{$permsql} OR closed LIKE 'moved|%')");
 838              while($thread = $db->fetch_array($query))
 839              {
 840                  if(array_key_exists($thread['tid'], $tids) != true)
 841                  {
 842                      $temp_pids = $tids[$thread['tid']];
 843                      foreach($temp_pids as $pid)
 844                      {
 845                          unset($pids[$pid]);
 846                          unset($tids[$thread['tid']]);
 847                      }
 848                  }
 849              }
 850              unset($temp_pids);
 851          }
 852  
 853          // Declare our post count
 854          $postcount = count($pids);
 855  
 856          if(!$postcount)
 857          {
 858              error($lang->error_nosearchresults);
 859          }
 860  
 861          // And now we have our sanatized post list
 862          $search['posts'] = implode(',', array_keys($pids));
 863  
 864          $tids = implode(",", array_keys($tids));
 865  
 866          // Read threads
 867          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 868          {
 869              $query = $db->simple_select("threadsread", "tid, dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$db->escape_string($tids).")");
 870              while($readthread = $db->fetch_array($query))
 871              {
 872                  $readthreads[$readthread['tid']] = $readthread['dateline'];
 873              }
 874          }
 875  
 876          $dot_icon = array();
 877          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] != 0)
 878          {
 879              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$db->escape_string($tids)}) AND {$unapproved_where}");
 880              while($post = $db->fetch_array($query))
 881              {
 882                  $dot_icon[$post['tid']] = true;
 883              }
 884          }
 885  
 886          $results = '';
 887  
 888          $query = $db->query("
 889              SELECT p.*, u.username AS userusername, t.subject AS thread_subject, t.replies AS thread_replies, t.views AS thread_views, t.lastpost AS thread_lastpost, t.closed AS thread_closed, t.uid as thread_uid
 890              FROM ".TABLE_PREFIX."posts p
 891              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 892              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 893              LEFT JOIN ".TABLE_PREFIX."forums f ON (t.fid=f.fid)
 894              WHERE p.pid IN (".$db->escape_string($search['posts']).")
 895              ORDER BY $sortfield $order
 896              LIMIT $start, $perpage
 897          ");
 898          while($post = $db->fetch_array($query))
 899          {
 900              $bgcolor = alt_trow();
 901              if($post['visible'] == 0)
 902              {
 903                  $bgcolor = 'trow_shaded';
 904              }
 905              elseif($post['visible'] == -1)
 906              {
 907                  $bgcolor = 'trow_shaded trow_deleted';
 908              }
 909              if($post['userusername'])
 910              {
 911                  $post['username'] = $post['userusername'];
 912              }
 913              $post['username'] = htmlspecialchars_uni($post['username']);
 914              $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
 915              $post['subject'] = $parser->parse_badwords($post['subject']);
 916              $post['thread_subject'] = $parser->parse_badwords($post['thread_subject']);
 917              $post['thread_subject'] = htmlspecialchars_uni($post['thread_subject']);
 918  
 919              if(isset($icon_cache[$post['icon']]))
 920              {
 921                  $posticon = $icon_cache[$post['icon']];
 922                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 923                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 924                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 925                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 926              }
 927              else
 928              {
 929                  $icon = "&nbsp;";
 930              }
 931  
 932              $post['forumlink'] = '';
 933              if(!empty($forumcache[$thread['fid']]))
 934              {
 935                  $post['forumlink_link'] = get_forum_link($post['fid']);
 936                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
 937                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
 938              }
 939  
 940              // Determine the folder
 941              $folder = '';
 942              $folder_label = '';
 943              $gotounread = '';
 944              $isnew = 0;
 945              $donenew = 0;
 946              $last_read = 0;
 947              $post['thread_lastread'] = $readthreads[$post['tid']];
 948  
 949              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 950              {
 951                  $forum_read = $readforums[$post['fid']];
 952  
 953                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 954                  if($forum_read == 0 || $forum_read < $read_cutoff)
 955                  {
 956                      $forum_read = $read_cutoff;
 957                  }
 958              }
 959              else
 960              {
 961                  $forum_read = $forumsread[$post['fid']];
 962              }
 963  
 964              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $post['thread_lastpost'] > $forum_read)
 965              {
 966                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 967                  if($post['thread_lastpost'] > $cutoff)
 968                  {
 969                      if($post['thread_lastread'])
 970                      {
 971                          $last_read = $post['thread_lastread'];
 972                      }
 973                      else
 974                      {
 975                          $last_read = 1;
 976                      }
 977                  }
 978              }
 979  
 980              if(isset($dot_icon[$post['tid']]))
 981              {
 982                  $folder = "dot_";
 983                  $folder_label .= $lang->icon_dot;
 984              }
 985  
 986              if(!$last_read)
 987              {
 988                  $readcookie = $threadread = my_get_array_cookie("threadread", $post['tid']);
 989                  if($readcookie > $forum_read)
 990                  {
 991                      $last_read = $readcookie;
 992                  }
 993                  elseif($forum_read > $mybb->user['lastvisit'])
 994                  {
 995                      $last_read = $forum_read;
 996                  }
 997                  else
 998                  {
 999                      $last_read = $mybb->user['lastvisit'];
1000                  }
1001              }
1002  
1003              if($post['thread_lastpost'] > $last_read && $last_read)
1004              {
1005                  $folder .= "new";
1006                  $folder_label .= $lang->icon_new;
1007                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
1008                  $unreadpost = 1;
1009              }
1010              else
1011              {
1012                  $folder_label .= $lang->icon_no_new;
1013              }
1014  
1015              if($post['thread_replies'] >= $mybb->settings['hottopic'] || $post['thread_views'] >= $mybb->settings['hottopicviews'])
1016              {
1017                  $folder .= "hot";
1018                  $folder_label .= $lang->icon_hot;
1019              }
1020              if($post['thread_closed'] == 1)
1021              {
1022                  $folder .= "close";
1023                  $folder_label .= $lang->icon_close;
1024              }
1025              $folder .= "folder";
1026  
1027              $post['thread_replies'] = my_number_format($post['thread_replies']);
1028              $post['thread_views'] = my_number_format($post['thread_views']);
1029  
1030              $post['forumlink'] = '';
1031              if($forumcache[$post['fid']])
1032              {
1033                  $post['forumlink_link'] = get_forum_link($post['fid']);
1034                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
1035                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
1036              }
1037  
1038              if(!$post['subject'])
1039              {
1040                  $post['subject'] = $post['message'];
1041              }
1042              if(my_strlen($post['subject']) > 50)
1043              {
1044                  $post['subject'] = htmlspecialchars_uni(my_substr($post['subject'], 0, 50)."...");
1045              }
1046              else
1047              {
1048                  $post['subject'] = htmlspecialchars_uni($post['subject']);
1049              }
1050              // What we do here is parse the post using our post parser, then strip the tags from it
1051              $parser_options = array(
1052                  'allow_html' => 0,
1053                  'allow_mycode' => 1,
1054                  'allow_smilies' => 0,
1055                  'allow_imgcode' => 0,
1056                  'filter_badwords' => 1
1057              );
1058              $post['message'] = strip_tags($parser->parse_message($post['message'], $parser_options));
1059              if(my_strlen($post['message']) > 200)
1060              {
1061                  $prev = my_substr($post['message'], 0, 200)."...";
1062              }
1063              else
1064              {
1065                  $prev = $post['message'];
1066              }
1067              $posted = my_date('relative', $post['dateline']);
1068  
1069              $thread_url = get_thread_link($post['tid']);
1070              $post_url = get_post_link($post['pid'], $post['tid']);
1071  
1072              // Inline post moderation
1073              $inline_mod_checkbox = '';
1074              if($is_supermod || is_moderator($post['fid']))
1075              {
1076                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$post['pid']}|") !== false)
1077                  {
1078                      $inlinecheck = "checked=\"checked\"";
1079                      ++$inlinecount;
1080                  }
1081                  else
1082                  {
1083                      $inlinecheck = '';
1084                  }
1085  
1086                  $show_inline_moderation = true;
1087  
1088                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_inlinecheck")."\";");
1089              }
1090              elseif($is_mod)
1091              {
1092                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_nocheck")."\";");
1093              }
1094  
1095              $plugins->run_hooks("search_results_post");
1096              eval("\$results .= \"".$templates->get("search_results_posts_post")."\";");
1097          }
1098          if(!$results)
1099          {
1100              error($lang->error_nosearchresults);
1101          }
1102          $multipage = multipage($postcount, $perpage, $page, "search.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
1103          if($upper > $postcount)
1104          {
1105              $upper = $postcount;
1106          }
1107  
1108          // Inline Post Moderation Options
1109          if($show_inline_moderation)
1110          {
1111              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
1112  
1113              // If user has moderation tools available, prepare the Select All feature
1114              $num_results = $db->num_rows($query);
1115              $lang->page_selected = $lang->sprintf($lang->page_selected, (int)$num_results);
1116              $lang->select_all = $lang->sprintf($lang->select_all, (int)$postcount);
1117              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$postcount);
1118              eval("\$selectall = \"".$templates->get("search_posts_inlinemoderation_selectall")."\";");
1119  
1120              $customthreadtools = $customposttools = '';
1121              switch($db->type)
1122              {
1123                  case "pgsql":
1124                  case "sqlite":
1125                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
1126                      break;
1127                  default:
1128                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
1129              }
1130  
1131              while($tool = $db->fetch_array($query))
1132              {
1133                  eval("\$customposttools .= \"".$templates->get("search_results_posts_inlinemoderation_custom_tool")."\";");
1134              }
1135              // Build inline moderation dropdown
1136              if(!empty($customposttools))
1137              {
1138                  eval("\$customposttools = \"".$templates->get("search_results_posts_inlinemoderation_custom")."\";");
1139              }
1140              eval("\$inlinemod = \"".$templates->get("search_results_posts_inlinemoderation")."\";");
1141          }
1142          elseif($is_mod)
1143          {
1144              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
1145          }
1146  
1147          $plugins->run_hooks("search_results_end");
1148  
1149          eval("\$searchresults = \"".$templates->get("search_results_posts")."\";");
1150          output_page($searchresults);
1151      }
1152  }
1153  elseif($mybb->input['action'] == "findguest")
1154  {
1155      $where_sql = "uid='0'";
1156  
1157      $unsearchforums = get_unsearchable_forums();
1158      if($unsearchforums)
1159      {
1160          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1161      }
1162      $inactiveforums = get_inactive_forums();
1163      if($inactiveforums)
1164      {
1165          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1166      }
1167  
1168      $permsql = "";
1169      $onlyusfids = array();
1170  
1171      // Check group permissions if we can't view threads not started by us
1172      $group_permissions = forum_permissions();
1173      foreach($group_permissions as $fid => $forum_permissions)
1174      {
1175          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1176          {
1177              $onlyusfids[] = $fid;
1178          }
1179      }
1180      if(!empty($onlyusfids))
1181      {
1182          $where_sql .= " AND fid NOT IN(".implode(',', $onlyusfids).")";
1183      }
1184  
1185      $options = array(
1186          'order_by' => 'dateline',
1187          'order_dir' => 'desc'
1188      );
1189  
1190      // Do we have a hard search limit?
1191      if($mybb->settings['searchhardlimit'] > 0)
1192      {
1193          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1194      }
1195  
1196      $pids = '';
1197      $comma = '';
1198      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1199      while($pid = $db->fetch_field($query, "pid"))
1200      {
1201              $pids .= $comma.$pid;
1202              $comma = ',';
1203      }
1204  
1205      $tids = '';
1206      $comma = '';
1207      $query = $db->simple_select("threads", "tid", $where_sql);
1208      while($tid = $db->fetch_field($query, "tid"))
1209      {
1210              $tids .= $comma.$tid;
1211              $comma = ',';
1212      }
1213  
1214      $sid = md5(uniqid(microtime(), true));
1215      $searcharray = array(
1216          "sid" => $db->escape_string($sid),
1217          "uid" => $mybb->user['uid'],
1218          "dateline" => TIME_NOW,
1219          "ipaddress" => $db->escape_binary($session->packedip),
1220          "threads" => $db->escape_string($tids),
1221          "posts" => $db->escape_string($pids),
1222          "resulttype" => "posts",
1223          "querycache" => '',
1224          "keywords" => ''
1225      );
1226      $plugins->run_hooks("search_do_search_process");
1227      $db->insert_query("searchlog", $searcharray);
1228      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1229  }
1230  elseif($mybb->input['action'] == "finduser")
1231  {
1232      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1233  
1234      $unsearchforums = get_unsearchable_forums();
1235      if($unsearchforums)
1236      {
1237          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1238      }
1239      $inactiveforums = get_inactive_forums();
1240      if($inactiveforums)
1241      {
1242          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1243      }
1244  
1245      $permsql = "";
1246      $onlyusfids = array();
1247  
1248      // Check group permissions if we can't view threads not started by us
1249      $group_permissions = forum_permissions();
1250      foreach($group_permissions as $fid => $forum_permissions)
1251      {
1252          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1253          {
1254              $onlyusfids[] = $fid;
1255          }
1256      }
1257      if(!empty($onlyusfids))
1258      {
1259          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1260      }
1261  
1262      $options = array(
1263          'order_by' => 'dateline',
1264          'order_dir' => 'desc'
1265      );
1266  
1267      // Do we have a hard search limit?
1268      if($mybb->settings['searchhardlimit'] > 0)
1269      {
1270          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1271      }
1272  
1273      $pids = '';
1274      $comma = '';
1275      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1276      while($pid = $db->fetch_field($query, "pid"))
1277      {
1278              $pids .= $comma.$pid;
1279              $comma = ',';
1280      }
1281  
1282      $tids = '';
1283      $comma = '';
1284      $query = $db->simple_select("threads", "tid", $where_sql);
1285      while($tid = $db->fetch_field($query, "tid"))
1286      {
1287              $tids .= $comma.$tid;
1288              $comma = ',';
1289      }
1290  
1291      $sid = md5(uniqid(microtime(), true));
1292      $searcharray = array(
1293          "sid" => $db->escape_string($sid),
1294          "uid" => $mybb->user['uid'],
1295          "dateline" => TIME_NOW,
1296          "ipaddress" => $db->escape_binary($session->packedip),
1297          "threads" => $db->escape_string($tids),
1298          "posts" => $db->escape_string($pids),
1299          "resulttype" => "posts",
1300          "querycache" => '',
1301          "keywords" => ''
1302      );
1303      $plugins->run_hooks("search_do_search_process");
1304      $db->insert_query("searchlog", $searcharray);
1305      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1306  }
1307  elseif($mybb->input['action'] == "finduserthreads")
1308  {
1309      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1310  
1311      $unsearchforums = get_unsearchable_forums();
1312      if($unsearchforums)
1313      {
1314          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1315      }
1316      $inactiveforums = get_inactive_forums();
1317      if($inactiveforums)
1318      {
1319          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1320      }
1321  
1322      $permsql = "";
1323      $onlyusfids = array();
1324  
1325      // Check group permissions if we can't view threads not started by us
1326      $group_permissions = forum_permissions();
1327      foreach($group_permissions as $fid => $forum_permissions)
1328      {
1329          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1330          {
1331              $onlyusfids[] = $fid;
1332          }
1333      }
1334      if(!empty($onlyusfids))
1335      {
1336          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1337      }
1338  
1339      $tids = '';
1340      $comma = '';
1341      $query = $db->simple_select("threads", "tid", $where_sql);
1342      while($tid = $db->fetch_field($query, "tid"))
1343      {
1344              $tids .= $comma.$tid;
1345              $comma = ',';
1346      }
1347  
1348      $sid = md5(uniqid(microtime(), true));
1349      $searcharray = array(
1350          "sid" => $db->escape_string($sid),
1351          "uid" => $mybb->user['uid'],
1352          "dateline" => TIME_NOW,
1353          "ipaddress" => $db->escape_binary($session->packedip),
1354          "threads" => $db->escape_string($tids),
1355          "posts" => '',
1356          "resulttype" => "threads",
1357          "querycache" => $db->escape_string($where_sql),
1358          "keywords" => ''
1359      );
1360      $plugins->run_hooks("search_do_search_process");
1361      $db->insert_query("searchlog", $searcharray);
1362      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1363  }
1364  elseif($mybb->input['action'] == "getnew")
1365  {
1366  
1367      $where_sql = "lastpost >= '".(int)$mybb->user['lastvisit']."'";
1368  
1369      if($mybb->get_input('fid', MyBB::INPUT_INT))
1370      {
1371          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1372      }
1373      else if($mybb->get_input('fids'))
1374      {
1375          $fids = explode(',', $mybb->get_input('fids'));
1376          foreach($fids as $key => $fid)
1377          {
1378              $fids[$key] = (int)$fid;
1379          }
1380  
1381          if(!empty($fids))
1382          {
1383              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1384          }
1385      }
1386  
1387      $unsearchforums = get_unsearchable_forums();
1388      if($unsearchforums)
1389      {
1390          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1391      }
1392      $inactiveforums = get_inactive_forums();
1393      if($inactiveforums)
1394      {
1395          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1396      }
1397  
1398      $permsql = "";
1399      $onlyusfids = array();
1400  
1401      // Check group permissions if we can't view threads not started by us
1402      $group_permissions = forum_permissions();
1403      foreach($group_permissions as $fid => $forum_permissions)
1404      {
1405          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1406          {
1407              $onlyusfids[] = $fid;
1408          }
1409      }
1410      if(!empty($onlyusfids))
1411      {
1412          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1413      }
1414      
1415      $tids = '';
1416      $comma = '';
1417      $query = $db->simple_select("threads", "tid", $where_sql);
1418      while($tid = $db->fetch_field($query, "tid"))
1419      {
1420              $tids .= $comma.$tid;
1421              $comma = ',';
1422      }
1423  
1424      $sid = md5(uniqid(microtime(), true));
1425      $searcharray = array(
1426          "sid" => $db->escape_string($sid),
1427          "uid" => $mybb->user['uid'],
1428          "dateline" => TIME_NOW,
1429          "ipaddress" => $db->escape_binary($session->packedip),
1430          "threads" => $db->escape_string($tids),
1431          "posts" => '',
1432          "resulttype" => "threads",
1433          "querycache" => $db->escape_string($where_sql),
1434          "keywords" => ''
1435      );
1436  
1437      $plugins->run_hooks("search_do_search_process");
1438      $db->insert_query("searchlog", $searcharray);
1439      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1440  }
1441  elseif($mybb->input['action'] == "getdaily")
1442  {
1443      if($mybb->get_input('days', MyBB::INPUT_INT) < 1)
1444      {
1445          $days = 1;
1446      }
1447      else
1448      {
1449          $days = $mybb->get_input('days', MyBB::INPUT_INT);
1450      }
1451      $datecut = TIME_NOW-(86400*$days);
1452  
1453      $where_sql = "lastpost >='".$datecut."'";
1454  
1455      if($mybb->get_input('fid', MyBB::INPUT_INT))
1456      {
1457          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1458      }
1459      else if($mybb->get_input('fids'))
1460      {
1461          $fids = explode(',', $mybb->get_input('fids'));
1462          foreach($fids as $key => $fid)
1463          {
1464              $fids[$key] = (int)$fid;
1465          }
1466  
1467          if(!empty($fids))
1468          {
1469              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1470          }
1471      }
1472  
1473      $unsearchforums = get_unsearchable_forums();
1474      if($unsearchforums)
1475      {
1476          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1477      }
1478      $inactiveforums = get_inactive_forums();
1479      if($inactiveforums)
1480      {
1481          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1482      }
1483  
1484      $permsql = "";
1485      $onlyusfids = array();
1486  
1487      // Check group permissions if we can't view threads not started by us
1488      $group_permissions = forum_permissions();
1489      foreach($group_permissions as $fid => $forum_permissions)
1490      {
1491          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1492          {
1493              $onlyusfids[] = $fid;
1494          }
1495      }
1496      if(!empty($onlyusfids))
1497      {
1498          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1499      }
1500  
1501      $tids = '';
1502      $comma = '';
1503      $query = $db->simple_select("threads", "tid", $where_sql);
1504      while($tid = $db->fetch_field($query, "tid"))
1505      {
1506              $tids .= $comma.$tid;
1507              $comma = ',';
1508      }
1509      
1510      $sid = md5(uniqid(microtime(), true));
1511      $searcharray = array(
1512          "sid" => $db->escape_string($sid),
1513          "uid" => $mybb->user['uid'],
1514          "dateline" => TIME_NOW,
1515          "ipaddress" => $db->escape_binary($session->packedip),
1516          "threads" => $db->escape_string($tids),
1517          "posts" => '',
1518          "resulttype" => "threads",
1519          "querycache" => $db->escape_string($where_sql),
1520          "keywords" => ''
1521      );
1522  
1523      $plugins->run_hooks("search_do_search_process");
1524      $db->insert_query("searchlog", $searcharray);
1525      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1526  }
1527  elseif($mybb->input['action'] == "do_search" && $mybb->request_method == "post")
1528  {
1529      $plugins->run_hooks("search_do_search_start");
1530  
1531      // Check if search flood checking is enabled and user is not admin
1532      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1533      {
1534          // Fetch the time this user last searched
1535          if($mybb->user['uid'])
1536          {
1537              $conditions = "uid='{$mybb->user['uid']}'";
1538          }
1539          else
1540          {
1541              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1542          }
1543          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1544          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1545          $last_search = $db->fetch_array($query);
1546          // Users last search was within the flood time, show the error
1547          if($last_search['sid'])
1548          {
1549              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1550              if($remaining_time == 1)
1551              {
1552                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1553              }
1554              else
1555              {
1556                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1557              }
1558              error($lang->error_searchflooding);
1559          }
1560      }
1561      if($mybb->get_input('showresults') == "threads")
1562      {
1563          $resulttype = "threads";
1564      }
1565      else
1566      {
1567          $resulttype = "posts";
1568      }
1569  
1570      $search_data = array(
1571          "keywords" => $mybb->input['keywords'],
1572          "author" => $mybb->get_input('author'),
1573          "postthread" => $mybb->get_input('postthread', MyBB::INPUT_INT),
1574          "matchusername" => $mybb->get_input('matchusername', MyBB::INPUT_INT),
1575          "postdate" => $mybb->get_input('postdate', MyBB::INPUT_INT),
1576          "pddir" => $mybb->get_input('pddir', MyBB::INPUT_INT),
1577          "forums" => $mybb->input['forums'],
1578          "findthreadst" => $mybb->get_input('findthreadst', MyBB::INPUT_INT),
1579          "numreplies" => $mybb->get_input('numreplies', MyBB::INPUT_INT),
1580          "threadprefix" => $mybb->get_input('threadprefix', MyBB::INPUT_ARRAY)
1581      );
1582  
1583      if(is_moderator() && !empty($mybb->input['visible']))
1584      {
1585          $search_data['visible'] = $mybb->get_input('visible', MyBB::INPUT_INT);
1586      }
1587  
1588      if($db->can_search == true)
1589      {
1590          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1591          {
1592              $search_results = perform_search_mysql_ft($search_data);
1593          }
1594          else
1595          {
1596              $search_results = perform_search_mysql($search_data);
1597          }
1598      }
1599      else
1600      {
1601          error($lang->error_no_search_support);
1602      }
1603      $sid = md5(uniqid(microtime(), true));
1604      $searcharray = array(
1605          "sid" => $db->escape_string($sid),
1606          "uid" => $mybb->user['uid'],
1607          "dateline" => $now,
1608          "ipaddress" => $db->escape_binary($session->packedip),
1609          "threads" => $search_results['threads'],
1610          "posts" => $search_results['posts'],
1611          "resulttype" => $resulttype,
1612          "querycache" => $search_results['querycache'],
1613          "keywords" => $db->escape_string($mybb->input['keywords']),
1614      );
1615      $plugins->run_hooks("search_do_search_process");
1616  
1617      $db->insert_query("searchlog", $searcharray);
1618  
1619      if(my_strtolower($mybb->get_input('sortordr')) == "asc" || my_strtolower($mybb->get_input('sortordr') == "desc"))
1620      {
1621          $sortorder = $mybb->get_input('sortordr');
1622      }
1623      else
1624      {
1625          $sortorder = "desc";
1626      }
1627      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
1628      $plugins->run_hooks("search_do_search_end");
1629      redirect("search.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
1630  }
1631  else if($mybb->input['action'] == "thread")
1632  {
1633      // Fetch thread info
1634      $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
1635      $ismod = is_moderator($thread['fid']);
1636  
1637      if(!$thread || ($thread['visible'] != 1 && $ismod == false && ($thread['visible'] != -1 || $mybb->settings['soft_delete'] != 1 || !$mybb->user['uid'] || $mybb->user['uid'] != $thread['uid'])) || ($thread['visible'] > 1 && $ismod == true))
1638      {
1639          error($lang->error_invalidthread);
1640      }
1641  
1642      // Get forum info
1643      $forum = get_forum($thread['fid']);
1644      if(!$forum)
1645      {
1646          error($lang->error_invalidforum);
1647      }
1648  
1649      $forum_permissions = forum_permissions($forum['fid']);
1650  
1651      if($forum['open'] == 0 || $forum['type'] != "f")
1652      {
1653          error($lang->error_closedinvalidforum);
1654      }
1655      if($forum_permissions['canview'] == 0 || $forum_permissions['canviewthreads'] != 1 || (isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1656      {
1657          error_no_permission();
1658      }
1659  
1660      $plugins->run_hooks("search_thread_start");
1661  
1662      // Check if search flood checking is enabled and user is not admin
1663      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1664      {
1665          // Fetch the time this user last searched
1666          if($mybb->user['uid'])
1667          {
1668              $conditions = "uid='{$mybb->user['uid']}'";
1669          }
1670          else
1671          {
1672              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1673          }
1674          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1675          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1676          $last_search = $db->fetch_array($query);
1677  
1678          // We shouldn't show remaining time if time is 0 or under.
1679          $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1680          // Users last search was within the flood time, show the error.
1681          if($last_search['sid'] && $remaining_time > 0)
1682          {
1683              if($remaining_time == 1)
1684              {
1685                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1686              }
1687              else
1688              {
1689                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1690              }
1691              error($lang->error_searchflooding);
1692          }
1693      }
1694  
1695      $search_data = array(
1696          "keywords" => $mybb->input['keywords'],
1697          "postthread" => 1,
1698          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT)
1699      );
1700  
1701      if($db->can_search == true)
1702      {
1703          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1704          {
1705              $search_results = perform_search_mysql_ft($search_data);
1706          }
1707          else
1708          {
1709              $search_results = perform_search_mysql($search_data);
1710          }
1711      }
1712      else
1713      {
1714          error($lang->error_no_search_support);
1715      }
1716      $sid = md5(uniqid(microtime(), true));
1717      $searcharray = array(
1718          "sid" => $db->escape_string($sid),
1719          "uid" => $mybb->user['uid'],
1720          "dateline" => $now,
1721          "ipaddress" => $db->escape_binary($session->packedip),
1722          "threads" => $search_results['threads'],
1723          "posts" => $search_results['posts'],
1724          "resulttype" => 'posts',
1725          "querycache" => $search_results['querycache'],
1726          "keywords" => $db->escape_string($mybb->input['keywords'])
1727      );
1728      $plugins->run_hooks("search_thread_process");
1729  
1730      $db->insert_query("searchlog", $searcharray);
1731  
1732      $plugins->run_hooks("search_do_search_end");
1733      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1734  }
1735  else
1736  {
1737      $plugins->run_hooks("search_start");
1738      $srchlist = make_searchable_forums();
1739      $prefixselect = build_prefix_select('all', 'any', 1);
1740  
1741      $rowspan = 5;
1742  
1743      $moderator_options = '';
1744      if(is_moderator())
1745      {
1746          $rowspan += 2;
1747          eval("\$moderator_options = \"".$templates->get("search_moderator_options")."\";");
1748      }
1749  
1750      $plugins->run_hooks("search_end");
1751  
1752      eval("\$search = \"".$templates->get("search")."\";");
1753      output_page($search);
1754  }


2005 - 2018 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1