[ Index ]

PHP Cross Reference of MyBB 1.8.28

title

Body

[close]

/ -> search.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'search.php');
  14  
  15  $templatelist = "search,forumdisplay_thread_gotounread,search_results_threads_thread,search_results_threads,search_results_posts,search_results_posts_post,search_results_icon,search_forumlist_forum,search_forumlist";
  16  $templatelist .= ",multipage,multipage_breadcrumb,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  17  $templatelist .= ",search_results_posts_inlinecheck,search_results_posts_nocheck,search_results_threads_inlinecheck,search_results_threads_nocheck,search_results_inlinemodcol,search_results_inlinemodcol_empty,search_results_posts_inlinemoderation_custom_tool";
  18  $templatelist .= ",search_results_posts_inlinemoderation_custom,search_results_posts_inlinemoderation,search_results_threads_inlinemoderation_custom_tool,search_results_threads_inlinemoderation_custom,search_results_threads_inlinemoderation";
  19  $templatelist .= ",forumdisplay_thread_attachment_count,search_threads_inlinemoderation_selectall,search_posts_inlinemoderation_selectall,post_prefixselect_prefix,post_prefixselect_multiple,search_orderarrow";
  20  $templatelist .= ",search_results_posts_forumlink,search_results_threads_forumlink,forumdisplay_thread_multipage_more,forumdisplay_thread_multipage_page,forumdisplay_thread_multipage,search_moderator_options";
  21  
  22  require_once  "./global.php";
  23  require_once  MYBB_ROOT."inc/functions_post.php";
  24  require_once  MYBB_ROOT."inc/functions_search.php";
  25  require_once  MYBB_ROOT."inc/class_parser.php";
  26  $parser = new postParser;
  27  
  28  // Load global language phrases
  29  $lang->load("search");
  30  
  31  add_breadcrumb($lang->nav_search, "search.php");
  32  
  33  $mybb->input['action'] = $mybb->get_input('action');
  34  switch($mybb->input['action'])
  35  {
  36      case "results":
  37          add_breadcrumb($lang->nav_results);
  38          break;
  39      default:
  40          break;
  41  }
  42  
  43  if($mybb->usergroup['cansearch'] == 0)
  44  {
  45      error_no_permission();
  46  }
  47  
  48  $now = TIME_NOW;
  49  $mybb->input['keywords'] = trim($mybb->get_input('keywords'));
  50  
  51  $limitsql = "";
  52  if((int)$mybb->settings['searchhardlimit'] > 0)
  53  {
  54      $limitsql = "LIMIT ".(int)$mybb->settings['searchhardlimit'];
  55  }
  56  
  57  if($mybb->input['action'] == "results")
  58  {
  59      $sid = $db->escape_string($mybb->get_input('sid'));
  60      $query = $db->simple_select("searchlog", "*", "sid='$sid'");
  61      $search = $db->fetch_array($query);
  62  
  63      if(!$search['sid'])
  64      {
  65          error($lang->error_invalidsearch);
  66      }
  67  
  68      $plugins->run_hooks("search_results_start");
  69  
  70      // Decide on our sorting fields and sorting order.
  71      $order = my_strtolower(htmlspecialchars_uni($mybb->get_input('order')));
  72      $sortby = my_strtolower(htmlspecialchars_uni($mybb->get_input('sortby')));
  73  
  74      switch($sortby)
  75      {
  76          case "replies":
  77              $sortfield = "t.replies";
  78              break;
  79          case "views":
  80              $sortfield = "t.views";
  81              break;
  82          case "subject":
  83              if($search['resulttype'] == "threads")
  84              {
  85                  $sortfield = "t.subject";
  86              }
  87              else
  88              {
  89                  $sortfield = "p.subject";
  90              }
  91              break;
  92          case "forum":
  93              $sortfield = "f.name";
  94              break;
  95          case "starter":
  96              if($search['resulttype'] == "threads")
  97              {
  98                  $sortfield = "t.username";
  99              }
 100              else
 101              {
 102                  $sortfield = "p.username";
 103              }
 104              break;
 105          case "lastpost":
 106          default:
 107              if($search['resulttype'] == "threads")
 108              {
 109                  $sortfield = "t.lastpost";
 110                  $sortby = "lastpost";
 111              }
 112              else
 113              {
 114                  $sortfield = "p.dateline";
 115                  $sortby = "dateline";
 116              }
 117              break;
 118      }
 119  
 120      if($order != "asc")
 121      {
 122          $order = "desc";
 123          $oppsortnext = "asc";
 124          $oppsort = $lang->asc;
 125      }
 126      else
 127      {
 128          $oppsortnext = "desc";
 129          $oppsort = $lang->desc;
 130      }
 131  
 132      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 133      {
 134          $mybb->settings['threadsperpage'] = 20;
 135      }
 136  
 137      // Work out pagination, which page we're at, as well as the limits.
 138      $perpage = $mybb->settings['threadsperpage'];
 139      $page = $mybb->get_input('page');
 140      if($page > 0)
 141      {
 142          $start = ($page-1) * $perpage;
 143      }
 144      else
 145      {
 146          $start = 0;
 147          $page = 1;
 148      }
 149      $end = $start + $perpage;
 150      $lower = $start+1;
 151      $upper = $end;
 152  
 153      // Work out if we have terms to highlight
 154      $highlight = "";
 155      if($search['keywords'])
 156      {
 157          if($mybb->seo_support == true)
 158          {
 159              $highlight = "?highlight=".urlencode($search['keywords']);
 160          }
 161          else
 162          {
 163              $highlight = "&amp;highlight=".urlencode($search['keywords']);
 164          }
 165      }
 166  
 167      $sorturl = "search.php?action=results&amp;sid={$sid}";
 168      $thread_url = "";
 169      $post_url = "";
 170  
 171      $orderarrow = array('replies' => '', 'views' => '', 'subject' => '', 'forum' => '', 'starter' => '', 'lastpost' => '', 'dateline' => '');
 172  
 173      eval("\$orderarrow['$sortby'] = \"".$templates->get("search_orderarrow")."\";");
 174  
 175      // Read some caches we will be using
 176      $forumcache = $cache->read("forums");
 177      $icon_cache = $cache->read("posticons");
 178  
 179      $threads = array();
 180  
 181      if($mybb->user['uid'] == 0)
 182      {
 183          // Build a forum cache.
 184          $query = $db->query("
 185              SELECT fid
 186              FROM ".TABLE_PREFIX."forums
 187              WHERE active != 0
 188              ORDER BY pid, disporder
 189          ");
 190  
 191          if(isset($mybb->cookies['mybb']['forumread']))
 192          {
 193              $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
 194          }
 195          else
 196          {
 197              $forumsread = array();
 198          }
 199      }
 200      else
 201      {
 202          // Build a forum cache.
 203          $query = $db->query("
 204              SELECT f.fid, fr.dateline AS lastread
 205              FROM ".TABLE_PREFIX."forums f
 206              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
 207              WHERE f.active != 0
 208              ORDER BY pid, disporder
 209          ");
 210      }
 211  
 212      while($forum = $db->fetch_array($query))
 213      {
 214          if($mybb->user['uid'] == 0)
 215          {
 216              if(!empty($forumsread[$forum['fid']]))
 217              {
 218                  $forum['lastread'] = $forumsread[$forum['fid']];
 219              }
 220          }
 221  
 222          if(isset($forum['lastread']))
 223          {
 224              $readforums[$forum['fid']] = $forum['lastread'];
 225          }
 226          else
 227          {
 228              $readforums[$forum['fid']] = '';
 229          }
 230      }
 231      $fpermissions = forum_permissions();
 232  
 233      // Inline Mod Column for moderators
 234      $inlinemodcol = $inlinecookie = $inline_edit_js = '';
 235      $is_mod = $is_supermod = $show_inline_moderation = false;
 236      if($mybb->usergroup['issupermod'])
 237      {
 238          $is_supermod = true;
 239      }
 240      if($is_supermod || is_moderator())
 241      {
 242          $inlinecookie = "inlinemod_search".$sid;
 243          $inlinecount = 0;
 244          $is_mod = true;
 245          $return_url = 'search.php?'.htmlspecialchars_uni($_SERVER['QUERY_STRING']);
 246      }
 247  
 248      // Show search results as 'threads'
 249      if($search['resulttype'] == "threads")
 250      {
 251          $threadcount = 0;
 252  
 253          // Moderators can view unapproved threads and deleted threads from forums they moderate
 254          $unapproved_where_t = get_visible_where('t');
 255  
 256          // If we have saved WHERE conditions, execute them
 257          if($search['querycache'] != "")
 258          {
 259              $where_conditions = $search['querycache'];
 260              $query = $db->simple_select("threads t", "t.tid", $where_conditions. " AND ({$unapproved_where_t}) AND t.closed NOT LIKE 'moved|%' ORDER BY t.lastpost DESC {$limitsql}");
 261              while($thread = $db->fetch_array($query))
 262              {
 263                  $threads[$thread['tid']] = $thread['tid'];
 264                  $threadcount++;
 265              }
 266              // Build our list of threads.
 267              if($threadcount > 0)
 268              {
 269                  $search['threads'] = implode(",", $threads);
 270              }
 271              // No results.
 272              else
 273              {
 274                  error($lang->error_nosearchresults);
 275              }
 276              $where_conditions = "t.tid IN (".$search['threads'].")";
 277          }
 278          // This search doesn't use a query cache, results stored in search table.
 279          else
 280          {
 281              $where_conditions = "t.tid IN (".$search['threads'].")";
 282              $query = $db->simple_select("threads t", "COUNT(t.tid) AS resultcount", $where_conditions. " AND ({$unapproved_where_t}) AND t.closed NOT LIKE 'moved|%' {$limitsql}");
 283              $count = $db->fetch_array($query);
 284  
 285              if(!$count['resultcount'])
 286              {
 287                  error($lang->error_nosearchresults);
 288              }
 289              $threadcount = $count['resultcount'];
 290          }
 291  
 292          $permsql = "";
 293          $onlyusfids = array();
 294  
 295          // Check group permissions if we can't view threads not started by us
 296          $group_permissions = forum_permissions();
 297          foreach($group_permissions as $fid => $forum_permissions)
 298          {
 299              if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 300              {
 301                  $onlyusfids[] = $fid;
 302              }
 303          }
 304          if(!empty($onlyusfids))
 305          {
 306              $permsql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 307          }
 308  
 309          $unsearchforums = get_unsearchable_forums();
 310          if($unsearchforums)
 311          {
 312              $permsql .= " AND t.fid NOT IN ($unsearchforums)";
 313          }
 314          $inactiveforums = get_inactive_forums();
 315          if($inactiveforums)
 316          {
 317              $permsql .= " AND t.fid NOT IN ($inactiveforums)";
 318          }
 319  
 320          $pages = ceil($threadcount / $perpage);
 321          if($page > $pages)
 322          {
 323              $start = 0;
 324              $page = 1;
 325          }
 326  
 327          // Begin selecting matching threads, cache them.
 328          $sqlarray = array(
 329              'order_by' => $sortfield,
 330              'order_dir' => $order,
 331              'limit_start' => $start,
 332              'limit' => $perpage
 333          );
 334          $query = $db->query("
 335              SELECT t.*, u.username AS userusername
 336              FROM ".TABLE_PREFIX."threads t
 337              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
 338              LEFT JOIN ".TABLE_PREFIX."forums f ON (t.fid=f.fid)
 339              WHERE $where_conditions AND ({$unapproved_where_t}) {$permsql} AND t.closed NOT LIKE 'moved|%'
 340              ORDER BY $sortfield $order
 341              LIMIT $start, $perpage
 342          ");
 343  
 344          $threadprefixes = build_prefixes();
 345          $thread_cache = array();
 346          while($thread = $db->fetch_array($query))
 347          {
 348              $thread['threadprefix'] = '';
 349              if($thread['prefix'] && !empty($threadprefixes[$thread['prefix']]))
 350              {
 351                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'];
 352              }
 353              $thread_cache[$thread['tid']] = $thread;
 354          }
 355          $thread_ids = implode(",", array_keys($thread_cache));
 356  
 357          if(empty($thread_ids))
 358          {
 359              error($lang->error_nosearchresults);
 360          }
 361  
 362          // Fetch dot icons if enabled
 363          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] && $thread_cache)
 364          {
 365              $unapproved_where_p = str_replace('t.', '', $unapproved_where_t);
 366              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$thread_ids}) AND ({$unapproved_where_p})");
 367              while($thread = $db->fetch_array($query))
 368              {
 369                  $thread_cache[$thread['tid']]['dot_icon'] = 1;
 370              }
 371          }
 372  
 373          // Fetch the read threads.
 374          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 375          {
 376              $query = $db->simple_select("threadsread", "tid,dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$thread_ids.")");
 377              while($readthread = $db->fetch_array($query))
 378              {
 379                  $thread_cache[$readthread['tid']]['lastread'] = $readthread['dateline'];
 380              }
 381          }
 382  
 383          if(!$mybb->settings['maxmultipagelinks'])
 384          {
 385              $mybb->settings['maxmultipagelinks'] = 5;
 386          }
 387  
 388          $results = '';
 389  
 390          foreach($thread_cache as $thread)
 391          {
 392              $bgcolor = alt_trow();
 393              $folder = '';
 394              $prefix = '';
 395  
 396              // Unapproved colour
 397              if($thread['visible'] == 0)
 398              {
 399                  $bgcolor = 'trow_shaded';
 400              }
 401              elseif($thread['visible'] == -1)
 402              {
 403                  $bgcolor = 'trow_shaded trow_deleted';
 404              }
 405  
 406              if($thread['userusername'])
 407              {
 408                  $thread['username'] = $thread['userusername'];
 409              }
 410              $thread['username'] = htmlspecialchars_uni($thread['username']);
 411              $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
 412  
 413              // If this thread has a prefix, insert a space between prefix and subject
 414              if($thread['prefix'] != 0)
 415              {
 416                  $thread['threadprefix'] .= '&nbsp;';
 417              }
 418  
 419              $thread['subject'] = $parser->parse_badwords($thread['subject']);
 420              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
 421  
 422              if(isset($icon_cache[$thread['icon']]))
 423              {
 424                  $posticon = $icon_cache[$thread['icon']];
 425                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 426                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 427                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 428                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 429              }
 430              else
 431              {
 432                  $icon = "&nbsp;";
 433              }
 434              if($thread['poll'])
 435              {
 436                  $prefix = $lang->poll_prefix;
 437              }
 438  
 439              // Determine the folder
 440              $folder = '';
 441              $folder_label = '';
 442              if(isset($thread['dot_icon']))
 443              {
 444                  $folder = "dot_";
 445                  $folder_label .= $lang->icon_dot;
 446              }
 447              $gotounread = '';
 448              $isnew = 0;
 449              $donenew = 0;
 450              $last_read = 0;
 451  
 452              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 453              {
 454                  $forum_read = $readforums[$thread['fid']];
 455  
 456                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 457                  if($forum_read == 0 || $forum_read < $read_cutoff)
 458                  {
 459                      $forum_read = $read_cutoff;
 460                  }
 461              }
 462              else
 463              {
 464                  if(isset($forumsread[$thread['fid']]))
 465                  {
 466                      $forum_read = $forumsread[$thread['fid']];
 467                  }
 468                  else
 469                  {
 470                      $forum_read = '';
 471                  }
 472              }
 473  
 474              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $thread['lastpost'] > $forum_read)
 475              {
 476                  if($thread['lastread'])
 477                  {
 478                      $last_read = $thread['lastread'];
 479                  }
 480                  else
 481                  {
 482                      $last_read = $read_cutoff;
 483                  }
 484              }
 485              else
 486              {
 487                  $last_read = my_get_array_cookie("threadread", $thread['tid']);
 488              }
 489  
 490              if($forum_read > $last_read)
 491              {
 492                  $last_read = $forum_read;
 493              }
 494  
 495              if($thread['lastpost'] > $last_read && $last_read)
 496              {
 497                  $folder .= "new";
 498                  $new_class = "subject_new";
 499                  $folder_label .= $lang->icon_new;
 500                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost").$highlight;
 501                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 502                  $unreadpost = 1;
 503              }
 504              else
 505              {
 506                  $new_class = 'subject_old';
 507                  $folder_label .= $lang->icon_no_new;
 508              }
 509  
 510              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
 511              {
 512                  $folder .= "hot";
 513                  $folder_label .= $lang->icon_hot;
 514              }
 515              if($thread['closed'] == 1)
 516              {
 517                  $folder .= "close";
 518                  $folder_label .= $lang->icon_close;
 519              }
 520              $folder .= "folder";
 521  
 522              if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 523              {
 524                  $mybb->settings['postsperpage'] = 20;
 525              }
 526  
 527              $thread['pages'] = 0;
 528              $thread['multipage'] = '';
 529              $threadpages = '';
 530              $morelink = '';
 531              $thread['posts'] = $thread['replies'] + 1;
 532              if(is_moderator($thread['fid'], "canviewdeleted") == true || is_moderator($thread['fid'], "canviewunapprove") == true)
 533              {
 534                  if(is_moderator($thread['fid'], "canviewdeleted") == true)
 535                  {
 536                      $thread['posts'] += $thread['deletedposts'];
 537                  }
 538                  if(is_moderator($thread['fid'], "canviewunapprove") == true)
 539                  {
 540                      $thread['posts'] += $thread['unapprovedposts'];
 541                  }
 542              }
 543              elseif($group_permissions[$thread['fid']]['canviewdeletionnotice'] != 0)
 544              {
 545                  $thread['posts'] += $thread['deletedposts'];
 546              }
 547  
 548              if($thread['posts'] > $mybb->settings['postsperpage'])
 549              {
 550                  $thread['pages'] = $thread['posts'] / $mybb->settings['postsperpage'];
 551                  $thread['pages'] = ceil($thread['pages']);
 552                  if($thread['pages'] > $mybb->settings['maxmultipagelinks'])
 553                  {
 554                      $pagesstop = $mybb->settings['maxmultipagelinks'] - 1;
 555                      $page_link = get_thread_link($thread['tid'], $thread['pages']).$highlight;
 556                      eval("\$morelink = \"".$templates->get("forumdisplay_thread_multipage_more")."\";");
 557                  }
 558                  else
 559                  {
 560                      $pagesstop = $thread['pages'];
 561                  }
 562                  for($i = 1; $i <= $pagesstop; ++$i)
 563                  {
 564                      $page_link = get_thread_link($thread['tid'], $i).$highlight;
 565                      eval("\$threadpages .= \"".$templates->get("forumdisplay_thread_multipage_page")."\";");
 566                  }
 567                  eval("\$thread['multipage'] = \"".$templates->get("forumdisplay_thread_multipage")."\";");
 568              }
 569              else
 570              {
 571                  $threadpages = '';
 572                  $morelink = '';
 573                  $thread['multipage'] = '';
 574              }
 575              $lastpostdate = my_date('relative', $thread['lastpost']);
 576              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
 577              $lastposteruid = $thread['lastposteruid'];
 578              if(!$lastposteruid && !$thread['lastposter'])
 579              {
 580                  $lastposter = htmlspecialchars_uni($lang->guest);
 581              }
 582              else
 583              {
 584                  $lastposter = htmlspecialchars_uni($thread['lastposter']);
 585              }
 586              $thread_link = get_thread_link($thread['tid']);
 587  
 588              // Don't link to guest's profiles (they have no profile).
 589              if($lastposteruid == 0)
 590              {
 591                  $lastposterlink = $lastposter;
 592              }
 593              else
 594              {
 595                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
 596              }
 597  
 598              $thread['replies'] = my_number_format($thread['replies']);
 599              $thread['views'] = my_number_format($thread['views']);
 600  
 601              $thread['forumlink'] = '';
 602              if($forumcache[$thread['fid']])
 603              {
 604                  $thread['forumlink_link'] = get_forum_link($thread['fid']);
 605                  $thread['forumlink_name'] = $forumcache[$thread['fid']]['name'];
 606                  eval("\$thread['forumlink'] = \"".$templates->get("search_results_threads_forumlink")."\";");
 607              }
 608  
 609              // If this user is the author of the thread and it is not closed or they are a moderator, they can edit
 610              if(($thread['uid'] == $mybb->user['uid'] && $thread['closed'] != 1 && $mybb->user['uid'] != 0 && $fpermissions[$thread['fid']]['caneditposts'] == 1) || is_moderator($thread['fid'], "caneditposts"))
 611              {
 612                  $inline_edit_class = "subject_editable";
 613              }
 614              else
 615              {
 616                  $inline_edit_class = "";
 617              }
 618  
 619              // If this thread has 1 or more attachments show the papperclip
 620              if($mybb->settings['enableattachments'] == 1 && $thread['attachmentcount'] > 0)
 621              {
 622                  if($thread['attachmentcount'] > 1)
 623                  {
 624                      $attachment_count = $lang->sprintf($lang->attachment_count_multiple, $thread['attachmentcount']);
 625                  }
 626                  else
 627                  {
 628                      $attachment_count = $lang->attachment_count;
 629                  }
 630  
 631                  eval("\$attachment_count = \"".$templates->get("forumdisplay_thread_attachment_count")."\";");
 632              }
 633              else
 634              {
 635                  $attachment_count = '';
 636              }
 637  
 638              $inline_edit_tid = $thread['tid'];
 639  
 640              // Inline thread moderation
 641              $inline_mod_checkbox = '';
 642              if($is_supermod || is_moderator($thread['fid']))
 643              {
 644                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$thread['tid']}|") !== false)
 645                  {
 646                      $inlinecheck = "checked=\"checked\"";
 647                      ++$inlinecount;
 648                  }
 649                  else
 650                  {
 651                      $inlinecheck = '';
 652                  }
 653  
 654                  // If this user is allowed to use the inline moderation tools for at least one thread, include the necessary scripts
 655                  $show_inline_moderation = true;
 656  
 657                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_inlinecheck")."\";");
 658              }
 659              elseif($is_mod)
 660              {
 661                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_nocheck")."\";");
 662              }
 663  
 664              $plugins->run_hooks("search_results_thread");
 665              eval("\$results .= \"".$templates->get("search_results_threads_thread")."\";");
 666          }
 667          if(!$results)
 668          {
 669              error($lang->error_nosearchresults);
 670          }
 671          $multipage = multipage($threadcount, $perpage, $page, "search.php?action=results&amp;sid=$sid&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
 672          if($upper > $threadcount)
 673          {
 674              $upper = $threadcount;
 675          }
 676  
 677          $selectall = '';
 678          $inlinemod = '';
 679  
 680          // Inline Thread Moderation Options
 681          if($show_inline_moderation)
 682          {
 683              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
 684  
 685              // If user has moderation tools available, prepare the Select All feature
 686              $lang->page_selected = $lang->sprintf($lang->page_selected, count($thread_cache));
 687              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$threadcount);
 688              $lang->select_all = $lang->sprintf($lang->select_all, (int)$threadcount);
 689              eval("\$selectall = \"".$templates->get("search_threads_inlinemoderation_selectall")."\";");
 690  
 691              $customthreadtools = '';
 692              switch($db->type)
 693              {
 694                  case "pgsql":
 695                  case "sqlite":
 696                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
 697                      break;
 698                  default:
 699                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
 700              }
 701  
 702              while($tool = $db->fetch_array($query))
 703              {
 704                  $tool['name'] = htmlspecialchars_uni($tool['name']);
 705                  eval("\$customthreadtools .= \"".$templates->get("search_results_threads_inlinemoderation_custom_tool")."\";");
 706              }
 707              // Build inline moderation dropdown
 708              if(!empty($customthreadtools))
 709              {
 710                  eval("\$customthreadtools = \"".$templates->get("search_results_threads_inlinemoderation_custom")."\";");
 711              }
 712              eval("\$inlinemod = \"".$templates->get("search_results_threads_inlinemoderation")."\";");
 713          }
 714          elseif($is_mod)
 715          {
 716              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
 717          }
 718  
 719          $plugins->run_hooks("search_results_end");
 720  
 721          eval("\$searchresults = \"".$templates->get("search_results_threads")."\";");
 722          output_page($searchresults);
 723      }
 724      else // Displaying results as posts
 725      {
 726          if(!$search['posts'])
 727          {
 728              error($lang->error_nosearchresults);
 729          }
 730  
 731          $postcount = 0;
 732  
 733          // Moderators can view unapproved threads and deleted threads from forums they moderate
 734          $unapproved_where = get_visible_where();
 735  
 736          $post_cache_options = array();
 737          if((int)$mybb->settings['searchhardlimit'] > 0)
 738          {
 739              $post_cache_options['limit'] = (int)$mybb->settings['searchhardlimit'];
 740          }
 741  
 742          if(strpos($sortfield, 'p.') !== false)
 743          {
 744              $post_cache_options['order_by'] = str_replace('p.', '', $sortfield);
 745              $post_cache_options['order_dir'] = $order;
 746          }
 747  
 748          $tids = array();
 749          $pids = array();
 750          // Make sure the posts we're viewing we have permission to view.
 751          $query = $db->simple_select("posts", "pid, tid", "pid IN(".$db->escape_string($search['posts']).") AND ({$unapproved_where})", $post_cache_options);
 752          while($post = $db->fetch_array($query))
 753          {
 754              $pids[$post['pid']] = $post['tid'];
 755              $tids[$post['tid']][$post['pid']] = $post['pid'];
 756          }
 757  
 758          if(!empty($pids))
 759          {
 760              $temp_pids = array();
 761  
 762              $group_permissions = forum_permissions();
 763              $permsql = '';
 764              $onlyusfids = array();
 765  
 766              foreach($group_permissions as $fid => $forum_permissions)
 767              {
 768                  if(!empty($forum_permissions['canonlyviewownthreads']))
 769                  {
 770                      $onlyusfids[] = $fid;
 771                  }
 772              }
 773  
 774              if($onlyusfids)
 775              {
 776                  $permsql .= " OR (fid IN(".implode(',', $onlyusfids).") AND uid!={$mybb->user['uid']})";
 777              }
 778              $unsearchforums = get_unsearchable_forums();
 779              if($unsearchforums)
 780              {
 781                  $permsql .= " OR fid IN ($unsearchforums)";
 782              }
 783              $inactiveforums = get_inactive_forums();
 784              if($inactiveforums)
 785              {
 786                  $permsql .= " OR fid IN ($inactiveforums)";
 787              }
 788  
 789              // Find threads in our list that we don't have permission to view and remove them
 790              $query = $db->simple_select("threads", "tid", "tid IN(".$db->escape_string(implode(',', array_keys($tids))).") AND (NOT ({$unapproved_where}){$permsql} OR closed LIKE 'moved|%')");
 791              while($thread = $db->fetch_array($query))
 792              {
 793                  if(array_key_exists($thread['tid'], $tids))
 794                  {
 795                      $temp_pids = $tids[$thread['tid']];
 796                      foreach($temp_pids as $pid)
 797                      {
 798                          unset($pids[$pid]);
 799                          unset($tids[$thread['tid']]);
 800                      }
 801                      unset($tids[$thread['tid']]);
 802                  }
 803              }
 804              unset($temp_pids);
 805          }
 806  
 807          // Declare our post count
 808          $postcount = count($pids);
 809  
 810          if(!$postcount)
 811          {
 812              error($lang->error_nosearchresults);
 813          }
 814  
 815          // And now we have our sanatized post list
 816          $search['posts'] = implode(',', array_keys($pids));
 817  
 818          $tids = implode(",", array_keys($tids));
 819  
 820          // Read threads
 821          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 822          {
 823              $query = $db->simple_select("threadsread", "tid, dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$db->escape_string($tids).")");
 824              while($readthread = $db->fetch_array($query))
 825              {
 826                  $readthreads[$readthread['tid']] = $readthread['dateline'];
 827              }
 828          }
 829  
 830          $dot_icon = array();
 831          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] != 0)
 832          {
 833              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$db->escape_string($tids)}) AND ({$unapproved_where})");
 834              while($post = $db->fetch_array($query))
 835              {
 836                  $dot_icon[$post['tid']] = true;
 837              }
 838          }
 839  
 840          $results = '';
 841  
 842          $pages = ceil($postcount / $perpage);
 843          if($page > $pages)
 844          {
 845              $start = 0;
 846              $page = 1;
 847          }
 848  
 849          $query = $db->query("
 850              SELECT p.*, u.username AS userusername, t.subject AS thread_subject, t.replies AS thread_replies, t.views AS thread_views, t.lastpost AS thread_lastpost, t.closed AS thread_closed, t.uid as thread_uid
 851              FROM ".TABLE_PREFIX."posts p
 852              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 853              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 854              LEFT JOIN ".TABLE_PREFIX."forums f ON (t.fid=f.fid)
 855              WHERE p.pid IN (".$db->escape_string($search['posts']).")
 856              ORDER BY $sortfield $order
 857              LIMIT $start, $perpage
 858          ");
 859          while($post = $db->fetch_array($query))
 860          {
 861              $bgcolor = alt_trow();
 862              if($post['visible'] == 0)
 863              {
 864                  $bgcolor = 'trow_shaded';
 865              }
 866              elseif($post['visible'] == -1)
 867              {
 868                  $bgcolor = 'trow_shaded trow_deleted';
 869              }
 870              if($post['userusername'])
 871              {
 872                  $post['username'] = $post['userusername'];
 873              }
 874              $post['username'] = htmlspecialchars_uni($post['username']);
 875              $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
 876              $post['subject'] = $parser->parse_badwords($post['subject']);
 877              $post['thread_subject'] = $parser->parse_badwords($post['thread_subject']);
 878              $post['thread_subject'] = htmlspecialchars_uni($post['thread_subject']);
 879  
 880              if(isset($icon_cache[$post['icon']]))
 881              {
 882                  $posticon = $icon_cache[$post['icon']];
 883                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 884                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 885                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 886                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 887              }
 888              else
 889              {
 890                  $icon = "&nbsp;";
 891              }
 892  
 893              $post['forumlink'] = '';
 894              if(!empty($forumcache[$post['fid']]))
 895              {
 896                  $post['forumlink_link'] = get_forum_link($post['fid']);
 897                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
 898                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
 899              }
 900  
 901              // Determine the folder
 902              $folder = '';
 903              $folder_label = '';
 904              $gotounread = '';
 905              $isnew = 0;
 906              $donenew = 0;
 907              $last_read = 0;
 908  
 909              if(isset($readthreads[$post['tid']]))
 910              {
 911                  $post['thread_lastread'] = $readthreads[$post['tid']];
 912              }
 913              else
 914              {
 915                  $post['thread_lastread'] = '';
 916              }
 917  
 918              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 919              {
 920                  $forum_read = $readforums[$post['fid']];
 921  
 922                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 923                  if($forum_read == 0 || $forum_read < $read_cutoff)
 924                  {
 925                      $forum_read = $read_cutoff;
 926                  }
 927              }
 928              else
 929              {
 930                  if(isset($forumsread[$post['fid']]))
 931                  {
 932                      $forum_read = $forumsread[$post['fid']];
 933                  }
 934                  else
 935                  {
 936                      $forum_read = '';
 937                  }
 938              }
 939  
 940              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $post['thread_lastpost'] > $forum_read)
 941              {
 942                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 943                  if($post['thread_lastpost'] > $cutoff)
 944                  {
 945                      if($post['thread_lastread'])
 946                      {
 947                          $last_read = $post['thread_lastread'];
 948                      }
 949                      else
 950                      {
 951                          $last_read = 1;
 952                      }
 953                  }
 954              }
 955  
 956              if(isset($dot_icon[$post['tid']]))
 957              {
 958                  $folder = "dot_";
 959                  $folder_label .= $lang->icon_dot;
 960              }
 961  
 962              if(!$last_read)
 963              {
 964                  $readcookie = $threadread = my_get_array_cookie("threadread", $post['tid']);
 965                  if($readcookie > $forum_read)
 966                  {
 967                      $last_read = $readcookie;
 968                  }
 969                  elseif($forum_read > $mybb->user['lastvisit'])
 970                  {
 971                      $last_read = $forum_read;
 972                  }
 973                  else
 974                  {
 975                      $last_read = $mybb->user['lastvisit'];
 976                  }
 977              }
 978  
 979              if($post['thread_lastpost'] > $last_read && $last_read)
 980              {
 981                  $folder .= "new";
 982                  $folder_label .= $lang->icon_new;
 983                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 984                  $unreadpost = 1;
 985              }
 986              else
 987              {
 988                  $folder_label .= $lang->icon_no_new;
 989              }
 990  
 991              if($post['thread_replies'] >= $mybb->settings['hottopic'] || $post['thread_views'] >= $mybb->settings['hottopicviews'])
 992              {
 993                  $folder .= "hot";
 994                  $folder_label .= $lang->icon_hot;
 995              }
 996              if($post['thread_closed'] == 1)
 997              {
 998                  $folder .= "close";
 999                  $folder_label .= $lang->icon_close;
1000              }
1001              $folder .= "folder";
1002  
1003              $post['thread_replies'] = my_number_format($post['thread_replies']);
1004              $post['thread_views'] = my_number_format($post['thread_views']);
1005  
1006              $post['forumlink'] = '';
1007              if($forumcache[$post['fid']])
1008              {
1009                  $post['forumlink_link'] = get_forum_link($post['fid']);
1010                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
1011                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
1012              }
1013  
1014              if(!$post['subject'])
1015              {
1016                  $post['subject'] = $post['message'];
1017              }
1018              if(my_strlen($post['subject']) > 50)
1019              {
1020                  $post['subject'] = htmlspecialchars_uni(my_substr($post['subject'], 0, 50)."...");
1021              }
1022              else
1023              {
1024                  $post['subject'] = htmlspecialchars_uni($post['subject']);
1025              }
1026              // What we do here is parse the post using our post parser, then strip the tags from it
1027              $parser_options = array(
1028                  'allow_html' => 0,
1029                  'allow_mycode' => 1,
1030                  'allow_smilies' => 0,
1031                  'allow_imgcode' => 0,
1032                  'me_username' => $post['username'],
1033                  'filter_badwords' => 1
1034              );
1035              $post['message'] = strip_tags($parser->text_parse_message($post['message'], $parser_options));
1036              if(my_strlen($post['message']) > 200)
1037              {
1038                  $prev = my_substr($post['message'], 0, 200)."...";
1039              }
1040              else
1041              {
1042                  $prev = $post['message'];
1043              }
1044              $posted = my_date('relative', $post['dateline']);
1045  
1046              $thread_url = get_thread_link($post['tid']);
1047              $post_url = get_post_link($post['pid'], $post['tid']);
1048  
1049              // Inline post moderation
1050              $inline_mod_checkbox = '';
1051              if($is_supermod || is_moderator($post['fid']))
1052              {
1053                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$post['pid']}|") !== false)
1054                  {
1055                      $inlinecheck = "checked=\"checked\"";
1056                      ++$inlinecount;
1057                  }
1058                  else
1059                  {
1060                      $inlinecheck = '';
1061                  }
1062  
1063                  $show_inline_moderation = true;
1064  
1065                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_inlinecheck")."\";");
1066              }
1067              elseif($is_mod)
1068              {
1069                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_nocheck")."\";");
1070              }
1071  
1072              $plugins->run_hooks("search_results_post");
1073              eval("\$results .= \"".$templates->get("search_results_posts_post")."\";");
1074          }
1075          if(!$results)
1076          {
1077              error($lang->error_nosearchresults);
1078          }
1079          $multipage = multipage($postcount, $perpage, $page, "search.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
1080          if($upper > $postcount)
1081          {
1082              $upper = $postcount;
1083          }
1084  
1085          $selectall = '';
1086          $inlinemod = '';
1087  
1088          // Inline Post Moderation Options
1089          if($show_inline_moderation)
1090          {
1091              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
1092  
1093              // If user has moderation tools available, prepare the Select All feature
1094              $num_results = $db->num_rows($query);
1095              $lang->page_selected = $lang->sprintf($lang->page_selected, (int)$num_results);
1096              $lang->select_all = $lang->sprintf($lang->select_all, (int)$postcount);
1097              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$postcount);
1098              eval("\$selectall = \"".$templates->get("search_posts_inlinemoderation_selectall")."\";");
1099  
1100              $customthreadtools = $customposttools = '';
1101              switch($db->type)
1102              {
1103                  case "pgsql":
1104                  case "sqlite":
1105                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
1106                      break;
1107                  default:
1108                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
1109              }
1110  
1111              while($tool = $db->fetch_array($query))
1112              {
1113                  eval("\$customposttools .= \"".$templates->get("search_results_posts_inlinemoderation_custom_tool")."\";");
1114              }
1115              // Build inline moderation dropdown
1116              if(!empty($customposttools))
1117              {
1118                  eval("\$customposttools = \"".$templates->get("search_results_posts_inlinemoderation_custom")."\";");
1119              }
1120              eval("\$inlinemod = \"".$templates->get("search_results_posts_inlinemoderation")."\";");
1121          }
1122          elseif($is_mod)
1123          {
1124              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
1125          }
1126  
1127          $plugins->run_hooks("search_results_end");
1128  
1129          eval("\$searchresults = \"".$templates->get("search_results_posts")."\";");
1130          output_page($searchresults);
1131      }
1132  }
1133  elseif($mybb->input['action'] == "findguest")
1134  {
1135      $where_sql = "uid='0'";
1136  
1137      $unsearchforums = get_unsearchable_forums();
1138      if($unsearchforums)
1139      {
1140          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1141      }
1142      $inactiveforums = get_inactive_forums();
1143      if($inactiveforums)
1144      {
1145          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1146      }
1147  
1148      // Moderators can view unapproved threads and deleted threads from forums they moderate
1149      $unapproved_where = get_visible_where();
1150      $where_sql .= " AND ({$unapproved_where})";
1151  
1152      $permsql = "";
1153      $onlyusfids = array();
1154  
1155      // Check group permissions if we can't view threads not started by us
1156      $group_permissions = forum_permissions();
1157      foreach($group_permissions as $fid => $forum_permissions)
1158      {
1159          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1160          {
1161              $onlyusfids[] = $fid;
1162          }
1163      }
1164      if(!empty($onlyusfids))
1165      {
1166          $where_sql .= " AND fid NOT IN(".implode(',', $onlyusfids).")";
1167      }
1168  
1169      $options = array(
1170          'order_by' => 'dateline DESC, pid DESC',
1171      );
1172  
1173      // Do we have a hard search limit?
1174      if($mybb->settings['searchhardlimit'] > 0)
1175      {
1176          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1177      }
1178  
1179      $pids = '';
1180      $comma = '';
1181      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1182      while($pid = $db->fetch_field($query, "pid"))
1183      {
1184          $pids .= $comma.$pid;
1185          $comma = ',';
1186      }
1187  
1188      $tids = '';
1189      $comma = '';
1190      $query = $db->simple_select("threads", "tid", $where_sql);
1191      while($tid = $db->fetch_field($query, "tid"))
1192      {
1193          $tids .= $comma.$tid;
1194          $comma = ',';
1195      }
1196  
1197      $sid = md5(uniqid(microtime(), true));
1198      $searcharray = array(
1199          "sid" => $db->escape_string($sid),
1200          "uid" => $mybb->user['uid'],
1201          "dateline" => TIME_NOW,
1202          "ipaddress" => $db->escape_binary($session->packedip),
1203          "threads" => $db->escape_string($tids),
1204          "posts" => $db->escape_string($pids),
1205          "resulttype" => "posts",
1206          "querycache" => '',
1207          "keywords" => ''
1208      );
1209      $plugins->run_hooks("search_do_search_process");
1210      $db->insert_query("searchlog", $searcharray);
1211      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1212  }
1213  elseif($mybb->input['action'] == "finduser")
1214  {
1215      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1216  
1217      $unsearchforums = get_unsearchable_forums();
1218      if($unsearchforums)
1219      {
1220          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1221      }
1222      $inactiveforums = get_inactive_forums();
1223      if($inactiveforums)
1224      {
1225          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1226      }
1227  
1228      // Moderators can view unapproved threads and deleted threads from forums they moderate
1229      $unapproved_where = get_visible_where();
1230      $where_sql .= " AND ({$unapproved_where})";
1231  
1232      $permsql = "";
1233      $onlyusfids = array();
1234  
1235      // Check group permissions if we can't view threads not started by us
1236      $group_permissions = forum_permissions();
1237      foreach($group_permissions as $fid => $forum_permissions)
1238      {
1239          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1240          {
1241              $onlyusfids[] = $fid;
1242          }
1243      }
1244      if(!empty($onlyusfids))
1245      {
1246          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1247      }
1248  
1249      $options = array(
1250          'order_by' => 'dateline DESC, pid DESC',
1251      );
1252  
1253      // Do we have a hard search limit?
1254      if($mybb->settings['searchhardlimit'] > 0)
1255      {
1256          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1257      }
1258  
1259      $pids = '';
1260      $comma = '';
1261      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1262      while($pid = $db->fetch_field($query, "pid"))
1263      {
1264          $pids .= $comma.$pid;
1265          $comma = ',';
1266      }
1267  
1268      $tids = '';
1269      $comma = '';
1270      $query = $db->simple_select("threads", "tid", $where_sql);
1271      while($tid = $db->fetch_field($query, "tid"))
1272      {
1273          $tids .= $comma.$tid;
1274          $comma = ',';
1275      }
1276  
1277      $sid = md5(uniqid(microtime(), true));
1278      $searcharray = array(
1279          "sid" => $db->escape_string($sid),
1280          "uid" => $mybb->user['uid'],
1281          "dateline" => TIME_NOW,
1282          "ipaddress" => $db->escape_binary($session->packedip),
1283          "threads" => $db->escape_string($tids),
1284          "posts" => $db->escape_string($pids),
1285          "resulttype" => "posts",
1286          "querycache" => '',
1287          "keywords" => ''
1288      );
1289      $plugins->run_hooks("search_do_search_process");
1290      $db->insert_query("searchlog", $searcharray);
1291      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1292  }
1293  elseif($mybb->input['action'] == "finduserthreads")
1294  {
1295      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1296  
1297      $unsearchforums = get_unsearchable_forums();
1298      if($unsearchforums)
1299      {
1300          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1301      }
1302      $inactiveforums = get_inactive_forums();
1303      if($inactiveforums)
1304      {
1305          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1306      }
1307  
1308      // Moderators can view unapproved threads and deleted threads from forums they moderate
1309      $unapproved_where = get_visible_where();
1310      $where_sql .= " AND ({$unapproved_where})";
1311  
1312      $permsql = "";
1313      $onlyusfids = array();
1314  
1315      // Check group permissions if we can't view threads not started by us
1316      $group_permissions = forum_permissions();
1317      foreach($group_permissions as $fid => $forum_permissions)
1318      {
1319          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1320          {
1321              $onlyusfids[] = $fid;
1322          }
1323      }
1324      if(!empty($onlyusfids))
1325      {
1326          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1327      }
1328  
1329      $tids = '';
1330      $comma = '';
1331      $query = $db->simple_select("threads", "tid", $where_sql);
1332      while($tid = $db->fetch_field($query, "tid"))
1333      {
1334          $tids .= $comma.$tid;
1335          $comma = ',';
1336      }
1337  
1338      $sid = md5(uniqid(microtime(), true));
1339      $searcharray = array(
1340          "sid" => $db->escape_string($sid),
1341          "uid" => $mybb->user['uid'],
1342          "dateline" => TIME_NOW,
1343          "ipaddress" => $db->escape_binary($session->packedip),
1344          "threads" => $db->escape_string($tids),
1345          "posts" => '',
1346          "resulttype" => "threads",
1347          "querycache" => $db->escape_string($where_sql),
1348          "keywords" => ''
1349      );
1350      $plugins->run_hooks("search_do_search_process");
1351      $db->insert_query("searchlog", $searcharray);
1352      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1353  }
1354  elseif($mybb->input['action'] == "getnew")
1355  {
1356  
1357      $where_sql = "lastpost >= '".(int)$mybb->user['lastvisit']."'";
1358  
1359      if($mybb->get_input('fid', MyBB::INPUT_INT))
1360      {
1361          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1362      }
1363      else if($mybb->get_input('fids'))
1364      {
1365          $fids = explode(',', $mybb->get_input('fids'));
1366          foreach($fids as $key => $fid)
1367          {
1368              $fids[$key] = (int)$fid;
1369          }
1370  
1371          if(!empty($fids))
1372          {
1373              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1374          }
1375      }
1376  
1377      $unsearchforums = get_unsearchable_forums();
1378      if($unsearchforums)
1379      {
1380          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1381      }
1382      $inactiveforums = get_inactive_forums();
1383      if($inactiveforums)
1384      {
1385          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1386      }
1387  
1388      // Moderators can view unapproved threads and deleted threads from forums they moderate
1389      $unapproved_where = get_visible_where();
1390      $where_sql .= " AND ({$unapproved_where})";
1391  
1392      $permsql = "";
1393      $onlyusfids = array();
1394  
1395      // Check group permissions if we can't view threads not started by us
1396      $group_permissions = forum_permissions();
1397      foreach($group_permissions as $fid => $forum_permissions)
1398      {
1399          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1400          {
1401              $onlyusfids[] = $fid;
1402          }
1403      }
1404      if(!empty($onlyusfids))
1405      {
1406          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1407      }
1408  
1409      $tids = '';
1410      $comma = '';
1411      $query = $db->simple_select("threads", "tid", $where_sql);
1412      while($tid = $db->fetch_field($query, "tid"))
1413      {
1414          $tids .= $comma.$tid;
1415          $comma = ',';
1416      }
1417  
1418      $sid = md5(uniqid(microtime(), true));
1419      $searcharray = array(
1420          "sid" => $db->escape_string($sid),
1421          "uid" => $mybb->user['uid'],
1422          "dateline" => TIME_NOW,
1423          "ipaddress" => $db->escape_binary($session->packedip),
1424          "threads" => $db->escape_string($tids),
1425          "posts" => '',
1426          "resulttype" => "threads",
1427          "querycache" => $db->escape_string($where_sql),
1428          "keywords" => ''
1429      );
1430  
1431      $plugins->run_hooks("search_do_search_process");
1432      $db->insert_query("searchlog", $searcharray);
1433      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1434  }
1435  elseif($mybb->input['action'] == "getdaily")
1436  {
1437      if($mybb->get_input('days', MyBB::INPUT_INT) < 1)
1438      {
1439          $days = 1;
1440      }
1441      else
1442      {
1443          $days = $mybb->get_input('days', MyBB::INPUT_INT);
1444      }
1445      $datecut = TIME_NOW-(86400*$days);
1446  
1447      $where_sql = "lastpost >='".$datecut."'";
1448  
1449      if($mybb->get_input('fid', MyBB::INPUT_INT))
1450      {
1451          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1452      }
1453      else if($mybb->get_input('fids'))
1454      {
1455          $fids = explode(',', $mybb->get_input('fids'));
1456          foreach($fids as $key => $fid)
1457          {
1458              $fids[$key] = (int)$fid;
1459          }
1460  
1461          if(!empty($fids))
1462          {
1463              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1464          }
1465      }
1466  
1467      $unsearchforums = get_unsearchable_forums();
1468      if($unsearchforums)
1469      {
1470          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1471      }
1472      $inactiveforums = get_inactive_forums();
1473      if($inactiveforums)
1474      {
1475          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1476      }
1477  
1478      // Moderators can view unapproved threads and deleted threads from forums they moderate
1479      $unapproved_where = get_visible_where();
1480      $where_sql .= " AND ({$unapproved_where})";
1481  
1482      $permsql = "";
1483      $onlyusfids = array();
1484  
1485      // Check group permissions if we can't view threads not started by us
1486      $group_permissions = forum_permissions();
1487      foreach($group_permissions as $fid => $forum_permissions)
1488      {
1489          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1490          {
1491              $onlyusfids[] = $fid;
1492          }
1493      }
1494      if(!empty($onlyusfids))
1495      {
1496          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1497      }
1498  
1499      $tids = '';
1500      $comma = '';
1501      $query = $db->simple_select("threads", "tid", $where_sql);
1502      while($tid = $db->fetch_field($query, "tid"))
1503      {
1504          $tids .= $comma.$tid;
1505          $comma = ',';
1506      }
1507  
1508      $sid = md5(uniqid(microtime(), true));
1509      $searcharray = array(
1510          "sid" => $db->escape_string($sid),
1511          "uid" => $mybb->user['uid'],
1512          "dateline" => TIME_NOW,
1513          "ipaddress" => $db->escape_binary($session->packedip),
1514          "threads" => $db->escape_string($tids),
1515          "posts" => '',
1516          "resulttype" => "threads",
1517          "querycache" => $db->escape_string($where_sql),
1518          "keywords" => ''
1519      );
1520  
1521      $plugins->run_hooks("search_do_search_process");
1522      $db->insert_query("searchlog", $searcharray);
1523      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1524  }
1525  elseif($mybb->input['action'] == "do_search")
1526  {
1527      $plugins->run_hooks("search_do_search_start");
1528  
1529      // Check if search flood checking is enabled and user is not admin
1530      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1531      {
1532          // Fetch the time this user last searched
1533          if($mybb->user['uid'])
1534          {
1535              $conditions = "uid='{$mybb->user['uid']}'";
1536          }
1537          else
1538          {
1539              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1540          }
1541          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1542          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1543          $last_search = $db->fetch_array($query);
1544          // Users last search was within the flood time, show the error
1545          if(!empty($last_search['sid']))
1546          {
1547              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1548              if($remaining_time == 1)
1549              {
1550                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1551              }
1552              else
1553              {
1554                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1555              }
1556              error($lang->error_searchflooding);
1557          }
1558      }
1559      if($mybb->get_input('showresults') == "threads")
1560      {
1561          $resulttype = "threads";
1562      }
1563      else
1564      {
1565          $resulttype = "posts";
1566      }
1567  
1568      if(isset($mybb->input['forums']) && is_array($mybb->input['forums']))
1569      {
1570          $forums = $mybb->get_input('forums', MyBB::INPUT_ARRAY);
1571      }
1572      else
1573      {
1574          $forums = array($mybb->get_input('forums'));
1575      }
1576  
1577      $search_data = array(
1578          "keywords" => $mybb->input['keywords'],
1579          "author" => $mybb->get_input('author'),
1580          "postthread" => $mybb->get_input('postthread', MyBB::INPUT_INT),
1581          "matchusername" => $mybb->get_input('matchusername', MyBB::INPUT_INT),
1582          "postdate" => $mybb->get_input('postdate', MyBB::INPUT_INT),
1583          "pddir" => $mybb->get_input('pddir', MyBB::INPUT_INT),
1584          "forums" => $forums,
1585          "findthreadst" => $mybb->get_input('findthreadst', MyBB::INPUT_INT),
1586          "numreplies" => $mybb->get_input('numreplies', MyBB::INPUT_INT),
1587          "threadprefix" => $mybb->get_input('threadprefix', MyBB::INPUT_ARRAY)
1588      );
1589  
1590      if(is_moderator() && !empty($mybb->input['visible']))
1591      {
1592          $search_data['visible'] = $mybb->get_input('visible', MyBB::INPUT_INT);
1593      }
1594  
1595      if($db->can_search == true)
1596      {
1597          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1598          {
1599              $search_results = perform_search_mysql_ft($search_data);
1600          }
1601          else
1602          {
1603              $search_results = perform_search_mysql($search_data);
1604          }
1605      }
1606      else
1607      {
1608          error($lang->error_no_search_support);
1609      }
1610      $sid = md5(uniqid(microtime(), true));
1611      $searcharray = array(
1612          "sid" => $db->escape_string($sid),
1613          "uid" => $mybb->user['uid'],
1614          "dateline" => $now,
1615          "ipaddress" => $db->escape_binary($session->packedip),
1616          "threads" => $search_results['threads'],
1617          "posts" => $search_results['posts'],
1618          "resulttype" => $resulttype,
1619          "querycache" => $search_results['querycache'],
1620          "keywords" => $db->escape_string($mybb->input['keywords']),
1621      );
1622      $plugins->run_hooks("search_do_search_process");
1623  
1624      $db->insert_query("searchlog", $searcharray);
1625  
1626      if(my_strtolower($mybb->get_input('sortordr')) == "asc" || my_strtolower($mybb->get_input('sortordr') == "desc"))
1627      {
1628          $sortorder = $mybb->get_input('sortordr');
1629      }
1630      else
1631      {
1632          $sortorder = "desc";
1633      }
1634      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
1635      $plugins->run_hooks("search_do_search_end");
1636      redirect("search.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
1637  }
1638  else if($mybb->input['action'] == "thread")
1639  {
1640      // Fetch thread info
1641      $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
1642      $ismod = is_moderator($thread['fid']);
1643  
1644      if(!$thread || ($thread['visible'] != 1 && $ismod == false && ($thread['visible'] != -1 || $mybb->settings['soft_delete'] != 1 || !$mybb->user['uid'] || $mybb->user['uid'] != $thread['uid'])) || ($thread['visible'] > 1 && $ismod == true))
1645      {
1646          error($lang->error_invalidthread);
1647      }
1648  
1649      // Get forum info
1650      $forum = get_forum($thread['fid']);
1651      if(!$forum)
1652      {
1653          error($lang->error_invalidforum);
1654      }
1655  
1656      $forum_permissions = forum_permissions($forum['fid']);
1657  
1658      if($forum['open'] == 0 || $forum['type'] != "f")
1659      {
1660          error($lang->error_closedinvalidforum);
1661      }
1662      if($forum_permissions['canview'] == 0 || $forum_permissions['canviewthreads'] != 1 || (isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1663      {
1664          error_no_permission();
1665      }
1666  
1667      $plugins->run_hooks("search_thread_start");
1668  
1669      // Check if search flood checking is enabled and user is not admin
1670      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1671      {
1672          // Fetch the time this user last searched
1673          if($mybb->user['uid'])
1674          {
1675              $conditions = "uid='{$mybb->user['uid']}'";
1676          }
1677          else
1678          {
1679              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1680          }
1681          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1682          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1683          $last_search = $db->fetch_array($query);
1684  
1685          if($last_search)
1686          {
1687              // We shouldn't show remaining time if time is 0 or under.
1688              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1689              // Users last search was within the flood time, show the error.
1690              if($remaining_time > 0)
1691              {
1692                  if($remaining_time == 1)
1693                  {
1694                      $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1695                  }
1696                  else
1697                  {
1698                      $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1699                  }
1700                  error($lang->error_searchflooding);
1701              }
1702          }
1703      }
1704  
1705      $search_data = array(
1706          "keywords" => $mybb->input['keywords'],
1707          "postthread" => 1,
1708          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT)
1709      );
1710  
1711      if($db->can_search == true)
1712      {
1713          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1714          {
1715              $search_results = perform_search_mysql_ft($search_data);
1716          }
1717          else
1718          {
1719              $search_results = perform_search_mysql($search_data);
1720          }
1721      }
1722      else
1723      {
1724          error($lang->error_no_search_support);
1725      }
1726      $sid = md5(uniqid(microtime(), true));
1727      $searcharray = array(
1728          "sid" => $db->escape_string($sid),
1729          "uid" => $mybb->user['uid'],
1730          "dateline" => $now,
1731          "ipaddress" => $db->escape_binary($session->packedip),
1732          "threads" => $search_results['threads'],
1733          "posts" => $search_results['posts'],
1734          "resulttype" => 'posts',
1735          "querycache" => $search_results['querycache'],
1736          "keywords" => $db->escape_string($mybb->input['keywords'])
1737      );
1738      $plugins->run_hooks("search_thread_process");
1739  
1740      $db->insert_query("searchlog", $searcharray);
1741  
1742      $plugins->run_hooks("search_do_search_end");
1743      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1744  }
1745  else
1746  {
1747      $plugins->run_hooks("search_start");
1748      $srchlist = make_searchable_forums();
1749      $prefixselect = build_prefix_select('all', 'any', 1);
1750  
1751      $rowspan = 5;
1752  
1753      $moderator_options = '';
1754      if(is_moderator())
1755      {
1756          $rowspan += 2;
1757          eval("\$moderator_options = \"".$templates->get("search_moderator_options")."\";");
1758      }
1759  
1760      $plugins->run_hooks("search_end");
1761  
1762      eval("\$search = \"".$templates->get("search")."\";");
1763      output_page($search);
1764  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref