[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/ -> search.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'search.php');
  14  
  15  $templatelist = "search,forumdisplay_thread_gotounread,search_results_threads_thread,search_results_threads,search_results_posts,search_results_posts_post,search_results_icon,search_forumlist_forum,search_forumlist";
  16  $templatelist .= ",multipage,multipage_breadcrumb,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  17  $templatelist .= ",search_results_posts_inlinecheck,search_results_posts_nocheck,search_results_threads_inlinecheck,search_results_threads_nocheck,search_results_inlinemodcol,search_results_posts_inlinemoderation_custom_tool";
  18  $templatelist .= ",search_results_posts_inlinemoderation_custom,search_results_posts_inlinemoderation,search_results_threads_inlinemoderation_custom_tool,search_results_threads_inlinemoderation_custom,search_results_threads_inlinemoderation";
  19  $templatelist .= ",forumdisplay_thread_attachment_count,search_threads_inlinemoderation_selectall,search_posts_inlinemoderation_selectall,post_prefixselect_prefix,post_prefixselect_multiple,search_orderarrow";
  20  $templatelist .= ",search_results_posts_forumlink,search_results_threads_forumlink,forumdisplay_thread_multipage_more,forumdisplay_thread_multipage_page,forumdisplay_thread_multipage,search_moderator_options";
  21  
  22  require_once  "./global.php";
  23  require_once  MYBB_ROOT."inc/functions_post.php";
  24  require_once  MYBB_ROOT."inc/functions_search.php";
  25  require_once  MYBB_ROOT."inc/class_parser.php";
  26  $parser = new postParser;
  27  
  28  // Load global language phrases
  29  $lang->load("search");
  30  
  31  add_breadcrumb($lang->nav_search, "search.php");
  32  
  33  $mybb->input['action'] = $mybb->get_input('action');
  34  switch($mybb->input['action'])
  35  {
  36      case "results":
  37          add_breadcrumb($lang->nav_results);
  38          break;
  39      default:
  40          break;
  41  }
  42  
  43  if($mybb->usergroup['cansearch'] == 0)
  44  {
  45      error_no_permission();
  46  }
  47  
  48  $now = TIME_NOW;
  49  $mybb->input['keywords'] = trim($mybb->get_input('keywords'));
  50  
  51  $limitsql = "";
  52  if((int)$mybb->settings['searchhardlimit'] > 0)
  53  {
  54      $limitsql = "LIMIT ".(int)$mybb->settings['searchhardlimit'];
  55  }
  56  
  57  if($mybb->input['action'] == "results")
  58  {
  59      $sid = $db->escape_string($mybb->get_input('sid'));
  60      $query = $db->simple_select("searchlog", "*", "sid='$sid'");
  61      $search = $db->fetch_array($query);
  62  
  63      if(!$search['sid'])
  64      {
  65          error($lang->error_invalidsearch);
  66      }
  67  
  68      $plugins->run_hooks("search_results_start");
  69  
  70      // Decide on our sorting fields and sorting order.
  71      $order = my_strtolower(htmlspecialchars_uni($mybb->get_input('order')));
  72      $sortby = my_strtolower(htmlspecialchars_uni($mybb->get_input('sortby')));
  73  
  74      switch($sortby)
  75      {
  76          case "replies":
  77              $sortfield = "t.replies";
  78              break;
  79          case "views":
  80              $sortfield = "t.views";
  81              break;
  82          case "subject":
  83              if($search['resulttype'] == "threads")
  84              {
  85                  $sortfield = "t.subject";
  86              }
  87              else
  88              {
  89                  $sortfield = "p.subject";
  90              }
  91              break;
  92          case "forum":
  93              $sortfield = "t.fid";
  94              break;
  95          case "starter":
  96              if($search['resulttype'] == "threads")
  97              {
  98                  $sortfield = "t.username";
  99              }
 100              else
 101              {
 102                  $sortfield = "p.username";
 103              }
 104              break;
 105          case "lastpost":
 106          default:
 107              if($search['resulttype'] == "threads")
 108              {
 109                  $sortfield = "t.lastpost";
 110                  $sortby = "lastpost";
 111              }
 112              else
 113              {
 114                  $sortfield = "p.dateline";
 115                  $sortby = "dateline";
 116              }
 117              break;
 118      }
 119  
 120      if($order != "asc")
 121      {
 122          $order = "desc";
 123          $oppsortnext = "asc";
 124          $oppsort = $lang->asc;
 125      }
 126      else
 127      {
 128          $oppsortnext = "desc";
 129          $oppsort = $lang->desc;
 130      }
 131  
 132      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 133      {
 134          $mybb->settings['threadsperpage'] = 20;
 135      }
 136  
 137      // Work out pagination, which page we're at, as well as the limits.
 138      $perpage = $mybb->settings['threadsperpage'];
 139      $page = $mybb->get_input('page');
 140      if($page > 0)
 141      {
 142          $start = ($page-1) * $perpage;
 143      }
 144      else
 145      {
 146          $start = 0;
 147          $page = 1;
 148      }
 149      $end = $start + $perpage;
 150      $lower = $start+1;
 151      $upper = $end;
 152  
 153      // Work out if we have terms to highlight
 154      $highlight = "";
 155      if($search['keywords'])
 156      {
 157          if($mybb->seo_support == true)
 158          {
 159              $highlight = "?highlight=".urlencode($search['keywords']);
 160          }
 161          else
 162          {
 163              $highlight = "&amp;highlight=".urlencode($search['keywords']);
 164          }
 165      }
 166  
 167      $sorturl = "search.php?action=results&amp;sid={$sid}";
 168      $thread_url = "";
 169      $post_url = "";
 170  
 171      $orderarrow = array('replies' => '', 'views' => '', 'subject' => '', 'forum' => '', 'starter' => '', 'lastpost' => '', 'dateline' => '');
 172  
 173      eval("\$orderarrow['$sortby'] = \"".$templates->get("search_orderarrow")."\";");
 174  
 175      // Read some caches we will be using
 176      $forumcache = $cache->read("forums");
 177      $icon_cache = $cache->read("posticons");
 178  
 179      $threads = array();
 180  
 181      if($mybb->user['uid'] == 0)
 182      {
 183          // Build a forum cache.
 184          $query = $db->query("
 185              SELECT fid
 186              FROM ".TABLE_PREFIX."forums
 187              WHERE active != 0
 188              ORDER BY pid, disporder
 189          ");
 190  
 191          $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
 192      }
 193      else
 194      {
 195          // Build a forum cache.
 196          $query = $db->query("
 197              SELECT f.fid, fr.dateline AS lastread
 198              FROM ".TABLE_PREFIX."forums f
 199              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
 200              WHERE f.active != 0
 201              ORDER BY pid, disporder
 202          ");
 203      }
 204  
 205      while($forum = $db->fetch_array($query))
 206      {
 207          if($mybb->user['uid'] == 0)
 208          {
 209              if($forumsread[$forum['fid']])
 210              {
 211                  $forum['lastread'] = $forumsread[$forum['fid']];
 212              }
 213          }
 214          $readforums[$forum['fid']] = $forum['lastread'];
 215      }
 216      $fpermissions = forum_permissions();
 217  
 218      // Inline Mod Column for moderators
 219      $inlinemodcol = $inlinecookie = '';
 220      $is_mod = $is_supermod = false;
 221      if($mybb->usergroup['issupermod'])
 222      {
 223          $is_supermod = true;
 224      }
 225      if($is_supermod || is_moderator())
 226      {
 227          eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
 228          $inlinecookie = "inlinemod_search".$sid;
 229          $inlinecount = 0;
 230          $is_mod = true;
 231          $return_url = 'search.php?'.htmlspecialchars_uni($_SERVER['QUERY_STRING']);
 232      }
 233  
 234      // Show search results as 'threads'
 235      if($search['resulttype'] == "threads")
 236      {
 237          $threadcount = 0;
 238  
 239          // Moderators can view unapproved threads
 240          $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 241          if($mybb->usergroup['issupermod'] == 1)
 242          {
 243              // Super moderators (and admins)
 244              $unapproved_where = "t.visible>=-1";
 245          }
 246          elseif($db->num_rows($query))
 247          {
 248              // Normal moderators
 249              $unapprove_forums = array();
 250              $deleted_forums = array();
 251              $unapproved_where = '(t.visible = 1';
 252              while($moderator = $db->fetch_array($query))
 253              {
 254                  if($moderator['canviewunapprove'] == 1)
 255                  {
 256                      $unapprove_forums[] = $moderator['fid'];
 257                  }
 258  
 259                  if($moderator['canviewdeleted'] == 1)
 260                  {
 261                      $deleted_forums[] = $moderator['fid'];
 262                  }
 263              }
 264  
 265              if(!empty($unapprove_forums))
 266              {
 267                  $unapproved_where .= " OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
 268              }
 269              if(!empty($deleted_forums))
 270              {
 271                  $unapproved_where .= " OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
 272              }
 273              $unapproved_where .= ')';
 274          }
 275          else
 276          {
 277              // Normal users
 278              $unapproved_where = 't.visible>0';
 279          }
 280  
 281          // If we have saved WHERE conditions, execute them
 282          if($search['querycache'] != "")
 283          {
 284              $where_conditions = $search['querycache'];
 285              $query = $db->simple_select("threads t", "t.tid", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' ORDER BY t.lastpost DESC {$limitsql}");
 286              while($thread = $db->fetch_array($query))
 287              {
 288                  $threads[$thread['tid']] = $thread['tid'];
 289                  $threadcount++;
 290              }
 291              // Build our list of threads.
 292              if($threadcount > 0)
 293              {
 294                  $search['threads'] = implode(",", $threads);
 295              }
 296              // No results.
 297              else
 298              {
 299                  error($lang->error_nosearchresults);
 300              }
 301              $where_conditions = "t.tid IN (".$search['threads'].")";
 302          }
 303          // This search doesn't use a query cache, results stored in search table.
 304          else
 305          {
 306              $where_conditions = "t.tid IN (".$search['threads'].")";
 307              $query = $db->simple_select("threads t", "COUNT(t.tid) AS resultcount", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' {$limitsql}");
 308              $count = $db->fetch_array($query);
 309  
 310              if(!$count['resultcount'])
 311              {
 312                  error($lang->error_nosearchresults);
 313              }
 314              $threadcount = $count['resultcount'];
 315          }
 316  
 317          $permsql = "";
 318          $onlyusfids = array();
 319  
 320          // Check group permissions if we can't view threads not started by us
 321          $group_permissions = forum_permissions();
 322          foreach($group_permissions as $fid => $forum_permissions)
 323          {
 324              if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 325              {
 326                  $onlyusfids[] = $fid;
 327              }
 328          }
 329          if(!empty($onlyusfids))
 330          {
 331              $permsql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 332          }
 333  
 334          $unsearchforums = get_unsearchable_forums();
 335          if($unsearchforums)
 336          {
 337              $permsql .= " AND t.fid NOT IN ($unsearchforums)";
 338          }
 339          $inactiveforums = get_inactive_forums();
 340          if($inactiveforums)
 341          {
 342              $permsql .= " AND t.fid NOT IN ($inactiveforums)";
 343          }
 344  
 345          // Begin selecting matching threads, cache them.
 346          $sqlarray = array(
 347              'order_by' => $sortfield,
 348              'order_dir' => $order,
 349              'limit_start' => $start,
 350              'limit' => $perpage
 351          );
 352          $query = $db->query("
 353              SELECT t.*, u.username AS userusername
 354              FROM ".TABLE_PREFIX."threads t
 355              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
 356              WHERE $where_conditions AND {$unapproved_where} {$permsql} AND t.closed NOT LIKE 'moved|%'
 357              ORDER BY $sortfield $order
 358              LIMIT $start, $perpage
 359          ");
 360  
 361          $threadprefixes = build_prefixes();
 362          $thread_cache = array();
 363          while($thread = $db->fetch_array($query))
 364          {
 365              $thread['threadprefix'] = '';
 366              if($thread['prefix'] && !empty($threadprefixes[$thread['prefix']]))
 367              {
 368                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'];
 369              }
 370              $thread_cache[$thread['tid']] = $thread;
 371          }
 372          $thread_ids = implode(",", array_keys($thread_cache));
 373  
 374          if(empty($thread_ids))
 375          {
 376              error($lang->error_nosearchresults);
 377          }
 378  
 379          // Fetch dot icons if enabled
 380          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] && $thread_cache)
 381          {
 382              $p_unapproved_where = str_replace('t.', '', $unapproved_where);
 383              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$thread_ids}) AND {$p_unapproved_where}");
 384              while($thread = $db->fetch_array($query))
 385              {
 386                  $thread_cache[$thread['tid']]['dot_icon'] = 1;
 387              }
 388          }
 389  
 390          // Fetch the read threads.
 391          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 392          {
 393              $query = $db->simple_select("threadsread", "tid,dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$thread_ids.")");
 394              while($readthread = $db->fetch_array($query))
 395              {
 396                  $thread_cache[$readthread['tid']]['lastread'] = $readthread['dateline'];
 397              }
 398          }
 399  
 400          if(!$mybb->settings['maxmultipagelinks'])
 401          {
 402              $mybb->settings['maxmultipagelinks'] = 5;
 403          }
 404  
 405          $results = '';
 406  
 407          foreach($thread_cache as $thread)
 408          {
 409              $bgcolor = alt_trow();
 410              $folder = '';
 411              $prefix = '';
 412  
 413              // Unapproved colour
 414              if($thread['visible'] == 0)
 415              {
 416                  $bgcolor = 'trow_shaded';
 417              }
 418              elseif($thread['visible'] == -1)
 419              {
 420                  $bgcolor = 'trow_shaded trow_deleted';
 421              }
 422  
 423              if($thread['userusername'])
 424              {
 425                  $thread['username'] = $thread['userusername'];
 426              }
 427              $thread['username'] = htmlspecialchars_uni($thread['username']);
 428              $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
 429  
 430              // If this thread has a prefix, insert a space between prefix and subject
 431              if($thread['prefix'] != 0)
 432              {
 433                  $thread['threadprefix'] .= '&nbsp;';
 434              }
 435  
 436              $thread['subject'] = $parser->parse_badwords($thread['subject']);
 437              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
 438  
 439              if(isset($icon_cache[$thread['icon']]))
 440              {
 441                  $posticon = $icon_cache[$thread['icon']];
 442                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 443                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 444                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 445                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 446              }
 447              else
 448              {
 449                  $icon = "&nbsp;";
 450              }
 451              if($thread['poll'])
 452              {
 453                  $prefix = $lang->poll_prefix;
 454              }
 455  
 456              // Determine the folder
 457              $folder = '';
 458              $folder_label = '';
 459              if(isset($thread['dot_icon']))
 460              {
 461                  $folder = "dot_";
 462                  $folder_label .= $lang->icon_dot;
 463              }
 464              $gotounread = '';
 465              $isnew = 0;
 466              $donenew = 0;
 467              $last_read = 0;
 468  
 469              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 470              {
 471                  $forum_read = $readforums[$thread['fid']];
 472  
 473                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 474                  if($forum_read == 0 || $forum_read < $read_cutoff)
 475                  {
 476                      $forum_read = $read_cutoff;
 477                  }
 478              }
 479              else
 480              {
 481                  $forum_read = $forumsread[$thread['fid']];
 482              }
 483  
 484              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $thread['lastpost'] > $forum_read)
 485              {
 486                  if($thread['lastread'])
 487                  {
 488                      $last_read = $thread['lastread'];
 489                  }
 490                  else
 491                  {
 492                      $last_read = $read_cutoff;
 493                  }
 494              }
 495              else
 496              {
 497                  $last_read = my_get_array_cookie("threadread", $thread['tid']);
 498              }
 499  
 500              if($forum_read > $last_read)
 501              {
 502                  $last_read = $forum_read;
 503              }
 504  
 505              if($thread['lastpost'] > $last_read && $last_read)
 506              {
 507                  $folder .= "new";
 508                  $new_class = "subject_new";
 509                  $folder_label .= $lang->icon_new;
 510                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost").$highlight;
 511                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 512                  $unreadpost = 1;
 513              }
 514              else
 515              {
 516                  $new_class = 'subject_old';
 517                  $folder_label .= $lang->icon_no_new;
 518              }
 519  
 520              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
 521              {
 522                  $folder .= "hot";
 523                  $folder_label .= $lang->icon_hot;
 524              }
 525              if($thread['closed'] == 1)
 526              {
 527                  $folder .= "lock";
 528                  $folder_label .= $lang->icon_lock;
 529              }
 530              $folder .= "folder";
 531  
 532              if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 533              {
 534                  $mybb->settings['postsperpage'] = 20;
 535              }
 536  
 537              $thread['pages'] = 0;
 538              $thread['multipage'] = '';
 539              $threadpages = '';
 540              $morelink = '';
 541              $thread['posts'] = $thread['replies'] + 1;
 542              if(is_moderator($thread['fid'], "canviewunapprove"))
 543              {
 544                  $thread['posts'] += $thread['unapprovedposts'];
 545              }
 546              if(is_moderator($thread['fid'], "canviewdeleted"))
 547              {
 548                  $thread['posts'] += $thread['deletedposts'];
 549              }
 550  
 551              if($thread['posts'] > $mybb->settings['postsperpage'])
 552              {
 553                  $thread['pages'] = $thread['posts'] / $mybb->settings['postsperpage'];
 554                  $thread['pages'] = ceil($thread['pages']);
 555                  if($thread['pages'] > $mybb->settings['maxmultipagelinks'])
 556                  {
 557                      $pagesstop = $mybb->settings['maxmultipagelinks'] - 1;
 558                      $page_link = get_thread_link($thread['tid'], $thread['pages']).$highlight;
 559                      eval("\$morelink = \"".$templates->get("forumdisplay_thread_multipage_more")."\";");
 560                  }
 561                  else
 562                  {
 563                      $pagesstop = $thread['pages'];
 564                  }
 565                  for($i = 1; $i <= $pagesstop; ++$i)
 566                  {
 567                      $page_link = get_thread_link($thread['tid'], $i).$highlight;
 568                      eval("\$threadpages .= \"".$templates->get("forumdisplay_thread_multipage_page")."\";");
 569                  }
 570                  eval("\$thread['multipage'] = \"".$templates->get("forumdisplay_thread_multipage")."\";");
 571              }
 572              else
 573              {
 574                  $threadpages = '';
 575                  $morelink = '';
 576                  $thread['multipage'] = '';
 577              }
 578              $lastpostdate = my_date('relative', $thread['lastpost']);
 579              $lastposter = htmlspecialchars_uni($thread['lastposter']);
 580              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
 581              $lastposteruid = $thread['lastposteruid'];
 582              $thread_link = get_thread_link($thread['tid']);
 583  
 584              // Don't link to guest's profiles (they have no profile).
 585              if($lastposteruid == 0)
 586              {
 587                  $lastposterlink = $lastposter;
 588              }
 589              else
 590              {
 591                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
 592              }
 593  
 594              $thread['replies'] = my_number_format($thread['replies']);
 595              $thread['views'] = my_number_format($thread['views']);
 596  
 597              $thread['forumlink'] = '';
 598              if($forumcache[$thread['fid']])
 599              {
 600                  $thread['forumlink_link'] = get_forum_link($thread['fid']);
 601                  $thread['forumlink_name'] = $forumcache[$thread['fid']]['name'];
 602                  eval("\$thread['forumlink'] = \"".$templates->get("search_results_threads_forumlink")."\";");
 603              }
 604  
 605              // If this user is the author of the thread and it is not closed or they are a moderator, they can edit
 606              if(($thread['uid'] == $mybb->user['uid'] && $thread['closed'] != 1 && $mybb->user['uid'] != 0 && $fpermissions[$thread['fid']]['caneditposts'] == 1) || is_moderator($thread['fid'], "caneditposts"))
 607              {
 608                  $inline_edit_class = "subject_editable";
 609              }
 610              else
 611              {
 612                  $inline_edit_class = "";
 613              }
 614  
 615              // If this thread has 1 or more attachments show the papperclip
 616              if($mybb->settings['enableattachments'] == 1 && $thread['attachmentcount'] > 0)
 617              {
 618                  if($thread['attachmentcount'] > 1)
 619                  {
 620                      $attachment_count = $lang->sprintf($lang->attachment_count_multiple, $thread['attachmentcount']);
 621                  }
 622                  else
 623                  {
 624                      $attachment_count = $lang->attachment_count;
 625                  }
 626  
 627                  eval("\$attachment_count = \"".$templates->get("forumdisplay_thread_attachment_count")."\";");
 628              }
 629              else
 630              {
 631                  $attachment_count = '';
 632              }
 633  
 634              $inline_edit_tid = $thread['tid'];
 635  
 636              // Inline thread moderation
 637              $inline_mod_checkbox = '';
 638              if($is_supermod || is_moderator($thread['fid']))
 639              {
 640                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$thread['tid']}|"))
 641                  {
 642                      $inlinecheck = "checked=\"checked\"";
 643                      ++$inlinecount;
 644                  }
 645                  else
 646                  {
 647                      $inlinecheck = '';
 648                  }
 649                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_inlinecheck")."\";");
 650              }
 651              elseif($is_mod)
 652              {
 653                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_nocheck")."\";");
 654              }
 655  
 656              $plugins->run_hooks("search_results_thread");
 657              eval("\$results .= \"".$templates->get("search_results_threads_thread")."\";");
 658          }
 659          if(!$results)
 660          {
 661              error($lang->error_nosearchresults);
 662          }
 663          $multipage = multipage($threadcount, $perpage, $page, "search.php?action=results&amp;sid=$sid&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
 664          if($upper > $threadcount)
 665          {
 666              $upper = $threadcount;
 667          }
 668  
 669          // Inline Thread Moderation Options
 670          if($is_mod)
 671          {
 672              // If user has moderation tools available, prepare the Select All feature
 673              $lang->page_selected = $lang->sprintf($lang->page_selected, count($thread_cache));
 674              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$threadcount);
 675              $lang->select_all = $lang->sprintf($lang->select_all, (int)$threadcount);
 676              eval("\$selectall = \"".$templates->get("search_threads_inlinemoderation_selectall")."\";");
 677  
 678              $customthreadtools = '';
 679              switch($db->type)
 680              {
 681                  case "pgsql":
 682                  case "sqlite":
 683                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
 684                      break;
 685                  default:
 686                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
 687              }
 688  
 689              while($tool = $db->fetch_array($query))
 690              {
 691                  eval("\$customthreadtools .= \"".$templates->get("search_results_threads_inlinemoderation_custom_tool")."\";");
 692              }
 693              // Build inline moderation dropdown
 694              if(!empty($customthreadtools))
 695              {
 696                  eval("\$customthreadtools = \"".$templates->get("search_results_threads_inlinemoderation_custom")."\";");
 697              }
 698              eval("\$inlinemod = \"".$templates->get("search_results_threads_inlinemoderation")."\";");
 699          }
 700  
 701          $plugins->run_hooks("search_results_end");
 702  
 703          eval("\$searchresults = \"".$templates->get("search_results_threads")."\";");
 704          output_page($searchresults);
 705      }
 706      else // Displaying results as posts
 707      {
 708          if(!$search['posts'])
 709          {
 710              error($lang->error_nosearchresults);
 711          }
 712  
 713          $postcount = 0;
 714  
 715          // Moderators can view unapproved threads
 716          $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 717          if($mybb->usergroup['issupermod'] == 1)
 718          {
 719              // Super moderators (and admins)
 720              $unapproved_where = "visible >= -1";
 721          }
 722          elseif($db->num_rows($query))
 723          {
 724              // Normal moderators
 725              $unapprove_forums = array();
 726              $deleted_forums = array();
 727              $unapproved_where = '(visible = 1';
 728  
 729              while($moderator = $db->fetch_array($query))
 730              {
 731                  if($moderator['canviewunapprove'] == 1)
 732                  {
 733                      $unapprove_forums[] = $moderator['fid'];
 734                  }
 735  
 736                  if($moderator['canviewdeleted'] == 1)
 737                  {
 738                      $deleted_forums[] = $moderator['fid'];
 739                  }
 740              }
 741  
 742              if(!empty($unapprove_forums))
 743              {
 744                  $unapproved_where .= " OR (visible = 0 AND fid IN(".implode(',', $unapprove_forums)."))";
 745              }
 746              if(!empty($deleted_forums))
 747              {
 748                  $unapproved_where .= " OR (visible = -1 AND fid IN(".implode(',', $deleted_forums)."))";
 749              }
 750              $unapproved_where .= ')';
 751          }
 752          else
 753          {
 754              // Normal users
 755              $unapproved_where = 'visible = 1';
 756          }
 757  
 758          $post_cache_options = array();
 759          if((int)$mybb->settings['searchhardlimit'] > 0)
 760          {
 761              $post_cache_options['limit'] = (int)$mybb->settings['searchhardlimit'];
 762          }
 763  
 764          if(strpos($sortfield, 'p.') !== false)
 765          {
 766              $post_cache_options['order_by'] = str_replace('p.', '', $sortfield);
 767              $post_cache_options['order_dir'] = $order;
 768          }
 769  
 770          $tids = array();
 771          $pids = array();
 772          // Make sure the posts we're viewing we have permission to view.
 773          $query = $db->simple_select("posts", "pid, tid", "pid IN(".$db->escape_string($search['posts']).") AND {$unapproved_where}", $post_cache_options);
 774          while($post = $db->fetch_array($query))
 775          {
 776              $pids[$post['pid']] = $post['tid'];
 777              $tids[$post['tid']][$post['pid']] = $post['pid'];
 778          }
 779  
 780          if(!empty($pids))
 781          {
 782              $temp_pids = array();
 783  
 784              $group_permissions = forum_permissions();
 785              $permsql = '';
 786              $onlyusfids = array();
 787  
 788              foreach($group_permissions as $fid => $forum_permissions)
 789              {
 790                  if(!empty($forum_permissions['canonlyviewownthreads']))
 791                  {
 792                      $onlyusfids[] = $fid;
 793                  }
 794              }
 795  
 796              if($onlyusfids)
 797              {
 798                  $permsql .= " OR (fid IN(".implode(',', $onlyusfids).") AND uid!={$mybb->user['uid']})";
 799              }
 800              $unsearchforums = get_unsearchable_forums();
 801              if($unsearchforums)
 802              {
 803                  $permsql .= " OR fid IN ($unsearchforums)";
 804              }
 805              $inactiveforums = get_inactive_forums();
 806              if($inactiveforums)
 807              {
 808                  $permsql .= " OR fid IN ($inactiveforums)";
 809              }
 810  
 811              // Check the thread records as well. If we don't have permissions, remove them from the listing.
 812              $query = $db->simple_select("threads", "tid", "tid IN(".$db->escape_string(implode(',', $pids)).") AND ({$unapproved_where}{$permsql} OR closed LIKE 'moved|%')");
 813              while($thread = $db->fetch_array($query))
 814              {
 815                  if(array_key_exists($thread['tid'], $tids) != true)
 816                  {
 817                      $temp_pids = $tids[$thread['tid']];
 818                      foreach($temp_pids as $pid)
 819                      {
 820                          unset($pids[$pid]);
 821                          unset($tids[$thread['tid']]);
 822                      }
 823                  }
 824              }
 825              unset($temp_pids);
 826          }
 827  
 828          // Declare our post count
 829          $postcount = count($pids);
 830  
 831          if(!$postcount)
 832          {
 833              error($lang->error_nosearchresults);
 834          }
 835  
 836          // And now we have our sanatized post list
 837          $search['posts'] = implode(',', array_keys($pids));
 838  
 839          $tids = implode(",", array_keys($tids));
 840  
 841          // Read threads
 842          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 843          {
 844              $query = $db->simple_select("threadsread", "tid, dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$db->escape_string($tids).")");
 845              while($readthread = $db->fetch_array($query))
 846              {
 847                  $readthreads[$readthread['tid']] = $readthread['dateline'];
 848              }
 849          }
 850  
 851          $dot_icon = array();
 852          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] != 0)
 853          {
 854              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$db->escape_string($tids)}) AND {$unapproved_where}");
 855              while($post = $db->fetch_array($query))
 856              {
 857                  $dot_icon[$post['tid']] = true;
 858              }
 859          }
 860  
 861          $results = '';
 862  
 863          $query = $db->query("
 864              SELECT p.*, u.username AS userusername, t.subject AS thread_subject, t.replies AS thread_replies, t.views AS thread_views, t.lastpost AS thread_lastpost, t.closed AS thread_closed, t.uid as thread_uid
 865              FROM ".TABLE_PREFIX."posts p
 866              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 867              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 868              WHERE p.pid IN (".$db->escape_string($search['posts']).")
 869              ORDER BY $sortfield $order
 870              LIMIT $start, $perpage
 871          ");
 872          while($post = $db->fetch_array($query))
 873          {
 874              $bgcolor = alt_trow();
 875              if($post['visible'] == 0)
 876              {
 877                  $bgcolor = 'trow_shaded';
 878              }
 879              elseif($post['visible'] == -1)
 880              {
 881                  $bgcolor = 'trow_shaded trow_deleted';
 882              }
 883              if($post['userusername'])
 884              {
 885                  $post['username'] = $post['userusername'];
 886              }
 887              $post['username'] = htmlspecialchars_uni($post['username']);
 888              $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
 889              $post['subject'] = $parser->parse_badwords($post['subject']);
 890              $post['thread_subject'] = $parser->parse_badwords($post['thread_subject']);
 891              $post['thread_subject'] = htmlspecialchars_uni($post['thread_subject']);
 892  
 893              if(isset($icon_cache[$post['icon']]))
 894              {
 895                  $posticon = $icon_cache[$post['icon']];
 896                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 897                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 898                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 899                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 900              }
 901              else
 902              {
 903                  $icon = "&nbsp;";
 904              }
 905  
 906              $post['forumlink'] = '';
 907              if(!empty($forumcache[$thread['fid']]))
 908              {
 909                  $post['forumlink_link'] = get_forum_link($post['fid']);
 910                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
 911                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
 912              }
 913  
 914              // Determine the folder
 915              $folder = '';
 916              $folder_label = '';
 917              $gotounread = '';
 918              $isnew = 0;
 919              $donenew = 0;
 920              $last_read = 0;
 921              $post['thread_lastread'] = $readthreads[$post['tid']];
 922  
 923              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 924              {
 925                  $forum_read = $readforums[$post['fid']];
 926  
 927                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 928                  if($forum_read == 0 || $forum_read < $read_cutoff)
 929                  {
 930                      $forum_read = $read_cutoff;
 931                  }
 932              }
 933              else
 934              {
 935                  $forum_read = $forumsread[$post['fid']];
 936              }
 937  
 938              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $post['thread_lastpost'] > $forum_read)
 939              {
 940                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 941                  if($post['thread_lastpost'] > $cutoff)
 942                  {
 943                      if($post['thread_lastread'])
 944                      {
 945                          $last_read = $post['thread_lastread'];
 946                      }
 947                      else
 948                      {
 949                          $last_read = 1;
 950                      }
 951                  }
 952              }
 953  
 954              if(isset($dot_icon[$post['tid']]))
 955              {
 956                  $folder = "dot_";
 957                  $folder_label .= $lang->icon_dot;
 958              }
 959  
 960              if(!$last_read)
 961              {
 962                  $readcookie = $threadread = my_get_array_cookie("threadread", $post['tid']);
 963                  if($readcookie > $forum_read)
 964                  {
 965                      $last_read = $readcookie;
 966                  }
 967                  elseif($forum_read > $mybb->user['lastvisit'])
 968                  {
 969                      $last_read = $forum_read;
 970                  }
 971                  else
 972                  {
 973                      $last_read = $mybb->user['lastvisit'];
 974                  }
 975              }
 976  
 977              if($post['thread_lastpost'] > $last_read && $last_read)
 978              {
 979                  $folder .= "new";
 980                  $folder_label .= $lang->icon_new;
 981                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 982                  $unreadpost = 1;
 983              }
 984              else
 985              {
 986                  $folder_label .= $lang->icon_no_new;
 987              }
 988  
 989              if($post['thread_replies'] >= $mybb->settings['hottopic'] || $post['thread_views'] >= $mybb->settings['hottopicviews'])
 990              {
 991                  $folder .= "hot";
 992                  $folder_label .= $lang->icon_hot;
 993              }
 994              if($post['thread_closed'] == 1)
 995              {
 996                  $folder .= "lock";
 997                  $folder_label .= $lang->icon_lock;
 998              }
 999              $folder .= "folder";
1000  
1001              $post['thread_replies'] = my_number_format($post['thread_replies']);
1002              $post['thread_views'] = my_number_format($post['thread_views']);
1003  
1004              $post['forumlink'] = '';
1005              if($forumcache[$post['fid']])
1006              {
1007                  $post['forumlink_link'] = get_forum_link($post['fid']);
1008                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
1009                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
1010              }
1011  
1012              if(!$post['subject'])
1013              {
1014                  $post['subject'] = $post['message'];
1015              }
1016              if(my_strlen($post['subject']) > 50)
1017              {
1018                  $post['subject'] = htmlspecialchars_uni(my_substr($post['subject'], 0, 50)."...");
1019              }
1020              else
1021              {
1022                  $post['subject'] = htmlspecialchars_uni($post['subject']);
1023              }
1024              // What we do here is parse the post using our post parser, then strip the tags from it
1025              $parser_options = array(
1026                  'allow_html' => 0,
1027                  'allow_mycode' => 1,
1028                  'allow_smilies' => 0,
1029                  'allow_imgcode' => 0,
1030                  'filter_badwords' => 1
1031              );
1032              $post['message'] = strip_tags($parser->parse_message($post['message'], $parser_options));
1033              if(my_strlen($post['message']) > 200)
1034              {
1035                  $prev = my_substr($post['message'], 0, 200)."...";
1036              }
1037              else
1038              {
1039                  $prev = $post['message'];
1040              }
1041              $posted = my_date('relative', $post['dateline']);
1042  
1043              $thread_url = get_thread_link($post['tid']);
1044              $post_url = get_post_link($post['pid'], $post['tid']);
1045  
1046              // Inline post moderation
1047              $inline_mod_checkbox = '';
1048              if($is_supermod || is_moderator($post['fid']))
1049              {
1050                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$post['pid']}|"))
1051                  {
1052                      $inlinecheck = "checked=\"checked\"";
1053                      ++$inlinecount;
1054                  }
1055                  else
1056                  {
1057                      $inlinecheck = '';
1058                  }
1059                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_inlinecheck")."\";");
1060              }
1061              elseif($is_mod)
1062              {
1063                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_nocheck")."\";");
1064              }
1065  
1066              $plugins->run_hooks("search_results_post");
1067              eval("\$results .= \"".$templates->get("search_results_posts_post")."\";");
1068          }
1069          if(!$results)
1070          {
1071              error($lang->error_nosearchresults);
1072          }
1073          $multipage = multipage($postcount, $perpage, $page, "search.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
1074          if($upper > $postcount)
1075          {
1076              $upper = $postcount;
1077          }
1078  
1079          // Inline Post Moderation Options
1080          if($is_mod)
1081          {
1082              // If user has moderation tools available, prepare the Select All feature
1083              $num_results = $db->num_rows($query);
1084              $lang->page_selected = $lang->sprintf($lang->page_selected, (int)$num_results);
1085              $lang->select_all = $lang->sprintf($lang->select_all, (int)$postcount);
1086              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$postcount);
1087              eval("\$selectall = \"".$templates->get("search_posts_inlinemoderation_selectall")."\";");
1088  
1089              $customthreadtools = $customposttools = '';
1090              switch($db->type)
1091              {
1092                  case "pgsql":
1093                  case "sqlite":
1094                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
1095                      break;
1096                  default:
1097                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
1098              }
1099  
1100              while($tool = $db->fetch_array($query))
1101              {
1102                  eval("\$customposttools .= \"".$templates->get("search_results_posts_inlinemoderation_custom_tool")."\";");
1103              }
1104              // Build inline moderation dropdown
1105              if(!empty($customposttools))
1106              {
1107                  eval("\$customposttools = \"".$templates->get("search_results_posts_inlinemoderation_custom")."\";");
1108              }
1109              eval("\$inlinemod = \"".$templates->get("search_results_posts_inlinemoderation")."\";");
1110          }
1111  
1112          $plugins->run_hooks("search_results_end");
1113  
1114          eval("\$searchresults = \"".$templates->get("search_results_posts")."\";");
1115          output_page($searchresults);
1116      }
1117  }
1118  elseif($mybb->input['action'] == "findguest")
1119  {
1120      $where_sql = "uid='0'";
1121  
1122      $unsearchforums = get_unsearchable_forums();
1123      if($unsearchforums)
1124      {
1125          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1126      }
1127      $inactiveforums = get_inactive_forums();
1128      if($inactiveforums)
1129      {
1130          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1131      }
1132  
1133      $permsql = "";
1134      $onlyusfids = array();
1135  
1136      // Check group permissions if we can't view threads not started by us
1137      $group_permissions = forum_permissions();
1138      foreach($group_permissions as $fid => $forum_permissions)
1139      {
1140          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1141          {
1142              $onlyusfids[] = $fid;
1143          }
1144      }
1145      if(!empty($onlyusfids))
1146      {
1147          $where_sql .= " AND fid NOT IN(".implode(',', $onlyusfids).")";
1148      }
1149  
1150      $options = array(
1151          'order_by' => 'dateline',
1152          'order_dir' => 'desc'
1153      );
1154  
1155      // Do we have a hard search limit?
1156      if($mybb->settings['searchhardlimit'] > 0)
1157      {
1158          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1159      }
1160  
1161      $pids = '';
1162      $comma = '';
1163      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1164      while($pid = $db->fetch_field($query, "pid"))
1165      {
1166              $pids .= $comma.$pid;
1167              $comma = ',';
1168      }
1169  
1170      $tids = '';
1171      $comma = '';
1172      $query = $db->simple_select("threads", "tid", $where_sql);
1173      while($tid = $db->fetch_field($query, "tid"))
1174      {
1175              $tids .= $comma.$tid;
1176              $comma = ',';
1177      }
1178  
1179      $sid = md5(uniqid(microtime(), true));
1180      $searcharray = array(
1181          "sid" => $db->escape_string($sid),
1182          "uid" => $mybb->user['uid'],
1183          "dateline" => TIME_NOW,
1184          "ipaddress" => $db->escape_binary($session->packedip),
1185          "threads" => $db->escape_string($tids),
1186          "posts" => $db->escape_string($pids),
1187          "resulttype" => "posts",
1188          "querycache" => '',
1189          "keywords" => ''
1190      );
1191      $plugins->run_hooks("search_do_search_process");
1192      $db->insert_query("searchlog", $searcharray);
1193      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1194  }
1195  elseif($mybb->input['action'] == "finduser")
1196  {
1197      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1198  
1199      $unsearchforums = get_unsearchable_forums();
1200      if($unsearchforums)
1201      {
1202          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1203      }
1204      $inactiveforums = get_inactive_forums();
1205      if($inactiveforums)
1206      {
1207          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1208      }
1209  
1210      $permsql = "";
1211      $onlyusfids = array();
1212  
1213      // Check group permissions if we can't view threads not started by us
1214      $group_permissions = forum_permissions();
1215      foreach($group_permissions as $fid => $forum_permissions)
1216      {
1217          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1218          {
1219              $onlyusfids[] = $fid;
1220          }
1221      }
1222      if(!empty($onlyusfids))
1223      {
1224          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1225      }
1226  
1227      $options = array(
1228          'order_by' => 'dateline',
1229          'order_dir' => 'desc'
1230      );
1231  
1232      // Do we have a hard search limit?
1233      if($mybb->settings['searchhardlimit'] > 0)
1234      {
1235          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1236      }
1237  
1238      $pids = '';
1239      $comma = '';
1240      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1241      while($pid = $db->fetch_field($query, "pid"))
1242      {
1243              $pids .= $comma.$pid;
1244              $comma = ',';
1245      }
1246  
1247      $tids = '';
1248      $comma = '';
1249      $query = $db->simple_select("threads", "tid", $where_sql);
1250      while($tid = $db->fetch_field($query, "tid"))
1251      {
1252              $tids .= $comma.$tid;
1253              $comma = ',';
1254      }
1255  
1256      $sid = md5(uniqid(microtime(), true));
1257      $searcharray = array(
1258          "sid" => $db->escape_string($sid),
1259          "uid" => $mybb->user['uid'],
1260          "dateline" => TIME_NOW,
1261          "ipaddress" => $db->escape_binary($session->packedip),
1262          "threads" => $db->escape_string($tids),
1263          "posts" => $db->escape_string($pids),
1264          "resulttype" => "posts",
1265          "querycache" => '',
1266          "keywords" => ''
1267      );
1268      $plugins->run_hooks("search_do_search_process");
1269      $db->insert_query("searchlog", $searcharray);
1270      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1271  }
1272  elseif($mybb->input['action'] == "finduserthreads")
1273  {
1274      $where_sql = "t.uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1275  
1276      $unsearchforums = get_unsearchable_forums();
1277      if($unsearchforums)
1278      {
1279          $where_sql .= " AND t.fid NOT IN ($unsearchforums)";
1280      }
1281      $inactiveforums = get_inactive_forums();
1282      if($inactiveforums)
1283      {
1284          $where_sql .= " AND t.fid NOT IN ($inactiveforums)";
1285      }
1286  
1287      $permsql = "";
1288      $onlyusfids = array();
1289  
1290      // Check group permissions if we can't view threads not started by us
1291      $group_permissions = forum_permissions();
1292      foreach($group_permissions as $fid => $forum_permissions)
1293      {
1294          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1295          {
1296              $onlyusfids[] = $fid;
1297          }
1298      }
1299      if(!empty($onlyusfids))
1300      {
1301          $where_sql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
1302      }
1303  
1304      $sid = md5(uniqid(microtime(), true));
1305      $searcharray = array(
1306          "sid" => $db->escape_string($sid),
1307          "uid" => $mybb->user['uid'],
1308          "dateline" => TIME_NOW,
1309          "ipaddress" => $db->escape_binary($session->packedip),
1310          "threads" => '',
1311          "posts" => '',
1312          "resulttype" => "threads",
1313          "querycache" => $db->escape_string($where_sql),
1314          "keywords" => ''
1315      );
1316      $plugins->run_hooks("search_do_search_process");
1317      $db->insert_query("searchlog", $searcharray);
1318      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1319  }
1320  elseif($mybb->input['action'] == "getnew")
1321  {
1322  
1323      $where_sql = "t.lastpost >= '".(int)$mybb->user['lastvisit']."'";
1324  
1325      if($mybb->get_input('fid', MyBB::INPUT_INT))
1326      {
1327          $where_sql .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1328      }
1329      else if($mybb->get_input('fids'))
1330      {
1331          $fids = explode(',', $mybb->get_input('fids'));
1332          foreach($fids as $key => $fid)
1333          {
1334              $fids[$key] = (int)$fid;
1335          }
1336  
1337          if(!empty($fids))
1338          {
1339              $where_sql .= " AND t.fid IN (".implode(',', $fids).")";
1340          }
1341      }
1342  
1343      $unsearchforums = get_unsearchable_forums();
1344      if($unsearchforums)
1345      {
1346          $where_sql .= " AND t.fid NOT IN ($unsearchforums)";
1347      }
1348      $inactiveforums = get_inactive_forums();
1349      if($inactiveforums)
1350      {
1351          $where_sql .= " AND t.fid NOT IN ($inactiveforums)";
1352      }
1353  
1354      $permsql = "";
1355      $onlyusfids = array();
1356  
1357      // Check group permissions if we can't view threads not started by us
1358      $group_permissions = forum_permissions();
1359      foreach($group_permissions as $fid => $forum_permissions)
1360      {
1361          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1362          {
1363              $onlyusfids[] = $fid;
1364          }
1365      }
1366      if(!empty($onlyusfids))
1367      {
1368          $where_sql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
1369      }
1370  
1371      $sid = md5(uniqid(microtime(), true));
1372      $searcharray = array(
1373          "sid" => $db->escape_string($sid),
1374          "uid" => $mybb->user['uid'],
1375          "dateline" => TIME_NOW,
1376          "ipaddress" => $db->escape_binary($session->packedip),
1377          "threads" => '',
1378          "posts" => '',
1379          "resulttype" => "threads",
1380          "querycache" => $db->escape_string($where_sql),
1381          "keywords" => ''
1382      );
1383  
1384      $plugins->run_hooks("search_do_search_process");
1385      $db->insert_query("searchlog", $searcharray);
1386      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1387  }
1388  elseif($mybb->input['action'] == "getdaily")
1389  {
1390      if($mybb->get_input('days', MyBB::INPUT_INT) < 1)
1391      {
1392          $days = 1;
1393      }
1394      else
1395      {
1396          $days = $mybb->get_input('days', MyBB::INPUT_INT);
1397      }
1398      $datecut = TIME_NOW-(86400*$days);
1399  
1400      $where_sql = "t.lastpost >='".$datecut."'";
1401  
1402      if($mybb->get_input('fid', MyBB::INPUT_INT))
1403      {
1404          $where_sql .= " AND t.fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1405      }
1406      else if($mybb->get_input('fids'))
1407      {
1408          $fids = explode(',', $mybb->get_input('fids'));
1409          foreach($fids as $key => $fid)
1410          {
1411              $fids[$key] = (int)$fid;
1412          }
1413  
1414          if(!empty($fids))
1415          {
1416              $where_sql .= " AND t.fid IN (".implode(',', $fids).")";
1417          }
1418      }
1419  
1420      $unsearchforums = get_unsearchable_forums();
1421      if($unsearchforums)
1422      {
1423          $where_sql .= " AND t.fid NOT IN ($unsearchforums)";
1424      }
1425      $inactiveforums = get_inactive_forums();
1426      if($inactiveforums)
1427      {
1428          $where_sql .= " AND t.fid NOT IN ($inactiveforums)";
1429      }
1430  
1431      $permsql = "";
1432      $onlyusfids = array();
1433  
1434      // Check group permissions if we can't view threads not started by us
1435      $group_permissions = forum_permissions();
1436      foreach($group_permissions as $fid => $forum_permissions)
1437      {
1438          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1439          {
1440              $onlyusfids[] = $fid;
1441          }
1442      }
1443      if(!empty($onlyusfids))
1444      {
1445          $where_sql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
1446      }
1447  
1448      $sid = md5(uniqid(microtime(), true));
1449      $searcharray = array(
1450          "sid" => $db->escape_string($sid),
1451          "uid" => $mybb->user['uid'],
1452          "dateline" => TIME_NOW,
1453          "ipaddress" => $db->escape_binary($session->packedip),
1454          "threads" => '',
1455          "posts" => '',
1456          "resulttype" => "threads",
1457          "querycache" => $db->escape_string($where_sql),
1458          "keywords" => ''
1459      );
1460  
1461      $plugins->run_hooks("search_do_search_process");
1462      $db->insert_query("searchlog", $searcharray);
1463      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1464  }
1465  elseif($mybb->input['action'] == "do_search" && $mybb->request_method == "post")
1466  {
1467      $plugins->run_hooks("search_do_search_start");
1468  
1469      // Check if search flood checking is enabled and user is not admin
1470      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1471      {
1472          // Fetch the time this user last searched
1473          if($mybb->user['uid'])
1474          {
1475              $conditions = "uid='{$mybb->user['uid']}'";
1476          }
1477          else
1478          {
1479              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1480          }
1481          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1482          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1483          $last_search = $db->fetch_array($query);
1484          // Users last search was within the flood time, show the error
1485          if($last_search['sid'])
1486          {
1487              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1488              if($remaining_time == 1)
1489              {
1490                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1491              }
1492              else
1493              {
1494                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1495              }
1496              error($lang->error_searchflooding);
1497          }
1498      }
1499      if($mybb->get_input('showresults') == "threads")
1500      {
1501          $resulttype = "threads";
1502      }
1503      else
1504      {
1505          $resulttype = "posts";
1506      }
1507  
1508      $search_data = array(
1509          "keywords" => $mybb->input['keywords'],
1510          "author" => $mybb->get_input('author'),
1511          "postthread" => $mybb->get_input('postthread', MyBB::INPUT_INT),
1512          "matchusername" => $mybb->get_input('matchusername', MyBB::INPUT_INT),
1513          "postdate" => $mybb->get_input('postdate', MyBB::INPUT_INT),
1514          "pddir" => $mybb->get_input('pddir', MyBB::INPUT_INT),
1515          "forums" => $mybb->input['forums'],
1516          "findthreadst" => $mybb->get_input('findthreadst', MyBB::INPUT_INT),
1517          "numreplies" => $mybb->get_input('numreplies', MyBB::INPUT_INT),
1518          "threadprefix" => $mybb->get_input('threadprefix', MyBB::INPUT_ARRAY)
1519      );
1520  
1521      if(is_moderator() && !empty($mybb->input['visible']))
1522      {
1523          $search_data['visible'] = $mybb->get_input('visible', MyBB::INPUT_INT);
1524      }
1525  
1526      if($db->can_search == true)
1527      {
1528          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1529          {
1530              $search_results = perform_search_mysql_ft($search_data);
1531          }
1532          else
1533          {
1534              $search_results = perform_search_mysql($search_data);
1535          }
1536      }
1537      else
1538      {
1539          error($lang->error_no_search_support);
1540      }
1541      $sid = md5(uniqid(microtime(), true));
1542      $searcharray = array(
1543          "sid" => $db->escape_string($sid),
1544          "uid" => $mybb->user['uid'],
1545          "dateline" => $now,
1546          "ipaddress" => $db->escape_binary($session->packedip),
1547          "threads" => $search_results['threads'],
1548          "posts" => $search_results['posts'],
1549          "resulttype" => $resulttype,
1550          "querycache" => $search_results['querycache'],
1551          "keywords" => $db->escape_string($mybb->input['keywords']),
1552      );
1553      $plugins->run_hooks("search_do_search_process");
1554  
1555      $db->insert_query("searchlog", $searcharray);
1556  
1557      if(my_strtolower($mybb->get_input('sortordr')) == "asc" || my_strtolower($mybb->get_input('sortordr') == "desc"))
1558      {
1559          $sortorder = $mybb->get_input('sortordr');
1560      }
1561      else
1562      {
1563          $sortorder = "desc";
1564      }
1565      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
1566      $plugins->run_hooks("search_do_search_end");
1567      redirect("search.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
1568  }
1569  else if($mybb->input['action'] == "thread")
1570  {
1571      // Fetch thread info
1572      $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
1573      $ismod = is_moderator($thread['fid']);
1574  
1575      if(!$thread || ($thread['visible'] != 1 && $ismod == false && ($thread['visible'] != -1 || $mybb->settings['soft_delete'] != 1 || !$mybb->user['uid'] || $mybb->user['uid'] != $thread['uid'])) || ($thread['visible'] > 1 && $ismod == true))
1576      {
1577          error($lang->error_invalidthread);
1578      }
1579  
1580      // Get forum info
1581      $forum = get_forum($thread['fid']);
1582      if(!$forum)
1583      {
1584          error($lang->error_invalidforum);
1585      }
1586  
1587      $forum_permissions = forum_permissions($forum['fid']);
1588  
1589      if($forum['open'] == 0 || $forum['type'] != "f")
1590      {
1591          error($lang->error_closedinvalidforum);
1592      }
1593      if($forum_permissions['canview'] == 0 || $forum_permissions['canviewthreads'] != 1 || (isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1594      {
1595          error_no_permission();
1596      }
1597  
1598      $plugins->run_hooks("search_thread_start");
1599  
1600      // Check if search flood checking is enabled and user is not admin
1601      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1602      {
1603          // Fetch the time this user last searched
1604          if($mybb->user['uid'])
1605          {
1606              $conditions = "uid='{$mybb->user['uid']}'";
1607          }
1608          else
1609          {
1610              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1611          }
1612          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1613          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1614          $last_search = $db->fetch_array($query);
1615  
1616          // We shouldn't show remaining time if time is 0 or under.
1617          $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1618          // Users last search was within the flood time, show the error.
1619          if($last_search['sid'] && $remaining_time > 0)
1620          {
1621              if($remaining_time == 1)
1622              {
1623                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1624              }
1625              else
1626              {
1627                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1628              }
1629              error($lang->error_searchflooding);
1630          }
1631      }
1632  
1633      $search_data = array(
1634          "keywords" => $mybb->input['keywords'],
1635          "postthread" => 1,
1636          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT)
1637      );
1638  
1639      if($db->can_search == true)
1640      {
1641          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1642          {
1643              $search_results = perform_search_mysql_ft($search_data);
1644          }
1645          else
1646          {
1647              $search_results = perform_search_mysql($search_data);
1648          }
1649      }
1650      else
1651      {
1652          error($lang->error_no_search_support);
1653      }
1654      $sid = md5(uniqid(microtime(), true));
1655      $searcharray = array(
1656          "sid" => $db->escape_string($sid),
1657          "uid" => $mybb->user['uid'],
1658          "dateline" => $now,
1659          "ipaddress" => $db->escape_binary($session->packedip),
1660          "threads" => $search_results['threads'],
1661          "posts" => $search_results['posts'],
1662          "resulttype" => 'posts',
1663          "querycache" => $search_results['querycache'],
1664          "keywords" => $db->escape_string($mybb->input['keywords'])
1665      );
1666      $plugins->run_hooks("search_thread_process");
1667  
1668      $db->insert_query("searchlog", $searcharray);
1669  
1670      $plugins->run_hooks("search_do_search_end");
1671      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1672  }
1673  else
1674  {
1675      $plugins->run_hooks("search_start");
1676      $srchlist = make_searchable_forums();
1677      $prefixselect = build_prefix_select('all', 'any', 1);
1678  
1679      $rowspan = 5;
1680  
1681      $moderator_options = '';
1682      if(is_moderator())
1683      {
1684          $rowspan += 2;
1685          eval("\$moderator_options = \"".$templates->get("search_moderator_options")."\";");
1686      }
1687  
1688      $plugins->run_hooks("search_end");
1689  
1690      eval("\$search = \"".$templates->get("search")."\";");
1691      output_page($search);
1692  }
1693  
1694  


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1