[ Index ]

PHP Cross Reference of MyBB 1.8.19

title

Body

[close]

/ -> search.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'search.php');
  14  
  15  $templatelist = "search,forumdisplay_thread_gotounread,search_results_threads_thread,search_results_threads,search_results_posts,search_results_posts_post,search_results_icon,search_forumlist_forum,search_forumlist";
  16  $templatelist .= ",multipage,multipage_breadcrumb,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  17  $templatelist .= ",search_results_posts_inlinecheck,search_results_posts_nocheck,search_results_threads_inlinecheck,search_results_threads_nocheck,search_results_inlinemodcol,search_results_inlinemodcol_empty,search_results_posts_inlinemoderation_custom_tool";
  18  $templatelist .= ",search_results_posts_inlinemoderation_custom,search_results_posts_inlinemoderation,search_results_threads_inlinemoderation_custom_tool,search_results_threads_inlinemoderation_custom,search_results_threads_inlinemoderation";
  19  $templatelist .= ",forumdisplay_thread_attachment_count,search_threads_inlinemoderation_selectall,search_posts_inlinemoderation_selectall,post_prefixselect_prefix,post_prefixselect_multiple,search_orderarrow";
  20  $templatelist .= ",search_results_posts_forumlink,search_results_threads_forumlink,forumdisplay_thread_multipage_more,forumdisplay_thread_multipage_page,forumdisplay_thread_multipage,search_moderator_options";
  21  
  22  require_once  "./global.php";
  23  require_once  MYBB_ROOT."inc/functions_post.php";
  24  require_once  MYBB_ROOT."inc/functions_search.php";
  25  require_once  MYBB_ROOT."inc/class_parser.php";
  26  $parser = new postParser;
  27  
  28  // Load global language phrases
  29  $lang->load("search");
  30  
  31  add_breadcrumb($lang->nav_search, "search.php");
  32  
  33  $mybb->input['action'] = $mybb->get_input('action');
  34  switch($mybb->input['action'])
  35  {
  36      case "results":
  37          add_breadcrumb($lang->nav_results);
  38          break;
  39      default:
  40          break;
  41  }
  42  
  43  if($mybb->usergroup['cansearch'] == 0)
  44  {
  45      error_no_permission();
  46  }
  47  
  48  $now = TIME_NOW;
  49  $mybb->input['keywords'] = trim($mybb->get_input('keywords'));
  50  
  51  $limitsql = "";
  52  if((int)$mybb->settings['searchhardlimit'] > 0)
  53  {
  54      $limitsql = "LIMIT ".(int)$mybb->settings['searchhardlimit'];
  55  }
  56  
  57  if($mybb->input['action'] == "results")
  58  {
  59      $sid = $db->escape_string($mybb->get_input('sid'));
  60      $query = $db->simple_select("searchlog", "*", "sid='$sid'");
  61      $search = $db->fetch_array($query);
  62  
  63      if(!$search['sid'])
  64      {
  65          error($lang->error_invalidsearch);
  66      }
  67  
  68      $plugins->run_hooks("search_results_start");
  69  
  70      // Decide on our sorting fields and sorting order.
  71      $order = my_strtolower(htmlspecialchars_uni($mybb->get_input('order')));
  72      $sortby = my_strtolower(htmlspecialchars_uni($mybb->get_input('sortby')));
  73  
  74      switch($sortby)
  75      {
  76          case "replies":
  77              $sortfield = "t.replies";
  78              break;
  79          case "views":
  80              $sortfield = "t.views";
  81              break;
  82          case "subject":
  83              if($search['resulttype'] == "threads")
  84              {
  85                  $sortfield = "t.subject";
  86              }
  87              else
  88              {
  89                  $sortfield = "p.subject";
  90              }
  91              break;
  92          case "forum":
  93              $sortfield = "f.name";
  94              break;
  95          case "starter":
  96              if($search['resulttype'] == "threads")
  97              {
  98                  $sortfield = "t.username";
  99              }
 100              else
 101              {
 102                  $sortfield = "p.username";
 103              }
 104              break;
 105          case "lastpost":
 106          default:
 107              if($search['resulttype'] == "threads")
 108              {
 109                  $sortfield = "t.lastpost";
 110                  $sortby = "lastpost";
 111              }
 112              else
 113              {
 114                  $sortfield = "p.dateline";
 115                  $sortby = "dateline";
 116              }
 117              break;
 118      }
 119  
 120      if($order != "asc")
 121      {
 122          $order = "desc";
 123          $oppsortnext = "asc";
 124          $oppsort = $lang->asc;
 125      }
 126      else
 127      {
 128          $oppsortnext = "desc";
 129          $oppsort = $lang->desc;
 130      }
 131  
 132      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 133      {
 134          $mybb->settings['threadsperpage'] = 20;
 135      }
 136  
 137      // Work out pagination, which page we're at, as well as the limits.
 138      $perpage = $mybb->settings['threadsperpage'];
 139      $page = $mybb->get_input('page');
 140      if($page > 0)
 141      {
 142          $start = ($page-1) * $perpage;
 143      }
 144      else
 145      {
 146          $start = 0;
 147          $page = 1;
 148      }
 149      $end = $start + $perpage;
 150      $lower = $start+1;
 151      $upper = $end;
 152  
 153      // Work out if we have terms to highlight
 154      $highlight = "";
 155      if($search['keywords'])
 156      {
 157          if($mybb->seo_support == true)
 158          {
 159              $highlight = "?highlight=".urlencode($search['keywords']);
 160          }
 161          else
 162          {
 163              $highlight = "&amp;highlight=".urlencode($search['keywords']);
 164          }
 165      }
 166  
 167      $sorturl = "search.php?action=results&amp;sid={$sid}";
 168      $thread_url = "";
 169      $post_url = "";
 170  
 171      $orderarrow = array('replies' => '', 'views' => '', 'subject' => '', 'forum' => '', 'starter' => '', 'lastpost' => '', 'dateline' => '');
 172  
 173      eval("\$orderarrow['$sortby'] = \"".$templates->get("search_orderarrow")."\";");
 174  
 175      // Read some caches we will be using
 176      $forumcache = $cache->read("forums");
 177      $icon_cache = $cache->read("posticons");
 178  
 179      $threads = array();
 180  
 181      if($mybb->user['uid'] == 0)
 182      {
 183          // Build a forum cache.
 184          $query = $db->query("
 185              SELECT fid
 186              FROM ".TABLE_PREFIX."forums
 187              WHERE active != 0
 188              ORDER BY pid, disporder
 189          ");
 190  
 191          $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
 192      }
 193      else
 194      {
 195          // Build a forum cache.
 196          $query = $db->query("
 197              SELECT f.fid, fr.dateline AS lastread
 198              FROM ".TABLE_PREFIX."forums f
 199              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
 200              WHERE f.active != 0
 201              ORDER BY pid, disporder
 202          ");
 203      }
 204  
 205      while($forum = $db->fetch_array($query))
 206      {
 207          if($mybb->user['uid'] == 0)
 208          {
 209              if($forumsread[$forum['fid']])
 210              {
 211                  $forum['lastread'] = $forumsread[$forum['fid']];
 212              }
 213          }
 214          $readforums[$forum['fid']] = $forum['lastread'];
 215      }
 216      $fpermissions = forum_permissions();
 217  
 218      // Inline Mod Column for moderators
 219      $inlinemodcol = $inlinecookie = '';
 220      $is_mod = $is_supermod = $show_inline_moderation = false;
 221      if($mybb->usergroup['issupermod'])
 222      {
 223          $is_supermod = true;
 224      }
 225      if($is_supermod || is_moderator())
 226      {
 227          $inlinecookie = "inlinemod_search".$sid;
 228          $inlinecount = 0;
 229          $is_mod = true;
 230          $return_url = 'search.php?'.htmlspecialchars_uni($_SERVER['QUERY_STRING']);
 231      }
 232  
 233      // Show search results as 'threads'
 234      if($search['resulttype'] == "threads")
 235      {
 236          $threadcount = 0;
 237  
 238          // Moderators can view unapproved threads
 239          $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 240          if($mybb->usergroup['issupermod'] == 1)
 241          {
 242              // Super moderators (and admins)
 243              $unapproved_where = "t.visible>=-1";
 244          }
 245          elseif($db->num_rows($query))
 246          {
 247              // Normal moderators
 248              $unapprove_forums = array();
 249              $deleted_forums = array();
 250              $unapproved_where = '(t.visible = 1';
 251              while($moderator = $db->fetch_array($query))
 252              {
 253                  if($moderator['canviewunapprove'] == 1)
 254                  {
 255                      $unapprove_forums[] = $moderator['fid'];
 256                  }
 257  
 258                  if($moderator['canviewdeleted'] == 1)
 259                  {
 260                      $deleted_forums[] = $moderator['fid'];
 261                  }
 262              }
 263  
 264              if(!empty($unapprove_forums))
 265              {
 266                  $unapproved_where .= " OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
 267              }
 268              if(!empty($deleted_forums))
 269              {
 270                  $unapproved_where .= " OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
 271              }
 272              $unapproved_where .= ')';
 273          }
 274          else
 275          {
 276              // Normal users
 277              $unapproved_where = 't.visible>0';
 278          }
 279  
 280          // If we have saved WHERE conditions, execute them
 281          if($search['querycache'] != "")
 282          {
 283              $where_conditions = $search['querycache'];
 284              $query = $db->simple_select("threads t", "t.tid", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' ORDER BY t.lastpost DESC {$limitsql}");
 285              while($thread = $db->fetch_array($query))
 286              {
 287                  $threads[$thread['tid']] = $thread['tid'];
 288                  $threadcount++;
 289              }
 290              // Build our list of threads.
 291              if($threadcount > 0)
 292              {
 293                  $search['threads'] = implode(",", $threads);
 294              }
 295              // No results.
 296              else
 297              {
 298                  error($lang->error_nosearchresults);
 299              }
 300              $where_conditions = "t.tid IN (".$search['threads'].")";
 301          }
 302          // This search doesn't use a query cache, results stored in search table.
 303          else
 304          {
 305              $where_conditions = "t.tid IN (".$search['threads'].")";
 306              $query = $db->simple_select("threads t", "COUNT(t.tid) AS resultcount", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' {$limitsql}");
 307              $count = $db->fetch_array($query);
 308  
 309              if(!$count['resultcount'])
 310              {
 311                  error($lang->error_nosearchresults);
 312              }
 313              $threadcount = $count['resultcount'];
 314          }
 315  
 316          $permsql = "";
 317          $onlyusfids = array();
 318  
 319          // Check group permissions if we can't view threads not started by us
 320          $group_permissions = forum_permissions();
 321          foreach($group_permissions as $fid => $forum_permissions)
 322          {
 323              if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 324              {
 325                  $onlyusfids[] = $fid;
 326              }
 327          }
 328          if(!empty($onlyusfids))
 329          {
 330              $permsql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 331          }
 332  
 333          $unsearchforums = get_unsearchable_forums();
 334          if($unsearchforums)
 335          {
 336              $permsql .= " AND t.fid NOT IN ($unsearchforums)";
 337          }
 338          $inactiveforums = get_inactive_forums();
 339          if($inactiveforums)
 340          {
 341              $permsql .= " AND t.fid NOT IN ($inactiveforums)";
 342          }
 343  
 344          $pages = ceil($threadcount / $perpage);
 345          if($page > $pages)
 346          {
 347              $start = 0;
 348              $page = 1;
 349          }
 350  
 351          // Begin selecting matching threads, cache them.
 352          $sqlarray = array(
 353              'order_by' => $sortfield,
 354              'order_dir' => $order,
 355              'limit_start' => $start,
 356              'limit' => $perpage
 357          );
 358          $query = $db->query("
 359              SELECT t.*, u.username AS userusername
 360              FROM ".TABLE_PREFIX."threads t
 361              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
 362              LEFT JOIN ".TABLE_PREFIX."forums f ON (t.fid=f.fid)
 363              WHERE $where_conditions AND {$unapproved_where} {$permsql} AND t.closed NOT LIKE 'moved|%'
 364              ORDER BY $sortfield $order
 365              LIMIT $start, $perpage
 366          ");
 367  
 368          $threadprefixes = build_prefixes();
 369          $thread_cache = array();
 370          while($thread = $db->fetch_array($query))
 371          {
 372              $thread['threadprefix'] = '';
 373              if($thread['prefix'] && !empty($threadprefixes[$thread['prefix']]))
 374              {
 375                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'];
 376              }
 377              $thread_cache[$thread['tid']] = $thread;
 378          }
 379          $thread_ids = implode(",", array_keys($thread_cache));
 380  
 381          if(empty($thread_ids))
 382          {
 383              error($lang->error_nosearchresults);
 384          }
 385  
 386          // Fetch dot icons if enabled
 387          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] && $thread_cache)
 388          {
 389              $p_unapproved_where = str_replace('t.', '', $unapproved_where);
 390              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$thread_ids}) AND {$p_unapproved_where}");
 391              while($thread = $db->fetch_array($query))
 392              {
 393                  $thread_cache[$thread['tid']]['dot_icon'] = 1;
 394              }
 395          }
 396  
 397          // Fetch the read threads.
 398          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 399          {
 400              $query = $db->simple_select("threadsread", "tid,dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$thread_ids.")");
 401              while($readthread = $db->fetch_array($query))
 402              {
 403                  $thread_cache[$readthread['tid']]['lastread'] = $readthread['dateline'];
 404              }
 405          }
 406  
 407          if(!$mybb->settings['maxmultipagelinks'])
 408          {
 409              $mybb->settings['maxmultipagelinks'] = 5;
 410          }
 411  
 412          $results = '';
 413  
 414          foreach($thread_cache as $thread)
 415          {
 416              $bgcolor = alt_trow();
 417              $folder = '';
 418              $prefix = '';
 419  
 420              // Unapproved colour
 421              if($thread['visible'] == 0)
 422              {
 423                  $bgcolor = 'trow_shaded';
 424              }
 425              elseif($thread['visible'] == -1)
 426              {
 427                  $bgcolor = 'trow_shaded trow_deleted';
 428              }
 429  
 430              if($thread['userusername'])
 431              {
 432                  $thread['username'] = $thread['userusername'];
 433              }
 434              $thread['username'] = htmlspecialchars_uni($thread['username']);
 435              $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
 436  
 437              // If this thread has a prefix, insert a space between prefix and subject
 438              if($thread['prefix'] != 0)
 439              {
 440                  $thread['threadprefix'] .= '&nbsp;';
 441              }
 442  
 443              $thread['subject'] = $parser->parse_badwords($thread['subject']);
 444              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
 445  
 446              if(isset($icon_cache[$thread['icon']]))
 447              {
 448                  $posticon = $icon_cache[$thread['icon']];
 449                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 450                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 451                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 452                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 453              }
 454              else
 455              {
 456                  $icon = "&nbsp;";
 457              }
 458              if($thread['poll'])
 459              {
 460                  $prefix = $lang->poll_prefix;
 461              }
 462  
 463              // Determine the folder
 464              $folder = '';
 465              $folder_label = '';
 466              if(isset($thread['dot_icon']))
 467              {
 468                  $folder = "dot_";
 469                  $folder_label .= $lang->icon_dot;
 470              }
 471              $gotounread = '';
 472              $isnew = 0;
 473              $donenew = 0;
 474              $last_read = 0;
 475  
 476              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 477              {
 478                  $forum_read = $readforums[$thread['fid']];
 479  
 480                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 481                  if($forum_read == 0 || $forum_read < $read_cutoff)
 482                  {
 483                      $forum_read = $read_cutoff;
 484                  }
 485              }
 486              else
 487              {
 488                  $forum_read = $forumsread[$thread['fid']];
 489              }
 490  
 491              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $thread['lastpost'] > $forum_read)
 492              {
 493                  if($thread['lastread'])
 494                  {
 495                      $last_read = $thread['lastread'];
 496                  }
 497                  else
 498                  {
 499                      $last_read = $read_cutoff;
 500                  }
 501              }
 502              else
 503              {
 504                  $last_read = my_get_array_cookie("threadread", $thread['tid']);
 505              }
 506  
 507              if($forum_read > $last_read)
 508              {
 509                  $last_read = $forum_read;
 510              }
 511  
 512              if($thread['lastpost'] > $last_read && $last_read)
 513              {
 514                  $folder .= "new";
 515                  $new_class = "subject_new";
 516                  $folder_label .= $lang->icon_new;
 517                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost").$highlight;
 518                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 519                  $unreadpost = 1;
 520              }
 521              else
 522              {
 523                  $new_class = 'subject_old';
 524                  $folder_label .= $lang->icon_no_new;
 525              }
 526  
 527              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
 528              {
 529                  $folder .= "hot";
 530                  $folder_label .= $lang->icon_hot;
 531              }
 532              if($thread['closed'] == 1)
 533              {
 534                  $folder .= "close";
 535                  $folder_label .= $lang->icon_close;
 536              }
 537              $folder .= "folder";
 538  
 539              if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 540              {
 541                  $mybb->settings['postsperpage'] = 20;
 542              }
 543  
 544              $thread['pages'] = 0;
 545              $thread['multipage'] = '';
 546              $threadpages = '';
 547              $morelink = '';
 548              $thread['posts'] = $thread['replies'] + 1;
 549              if(is_moderator($thread['fid'], "canviewdeleted") == true || is_moderator($thread['fid'], "canviewunapprove") == true)
 550              {
 551                  if(is_moderator($thread['fid'], "canviewdeleted") == true)
 552                  {
 553                      $thread['posts'] += $thread['deletedposts'];
 554                  }
 555                  if(is_moderator($thread['fid'], "canviewunapprove") == true)
 556                  {
 557                      $thread['posts'] += $thread['unapprovedposts'];
 558                  }
 559              }
 560              elseif($group_permissions[$thread['fid']]['canviewdeletionnotice'] != 0)
 561              {
 562                  $thread['posts'] += $thread['deletedposts'];
 563              }
 564  
 565              if($thread['posts'] > $mybb->settings['postsperpage'])
 566              {
 567                  $thread['pages'] = $thread['posts'] / $mybb->settings['postsperpage'];
 568                  $thread['pages'] = ceil($thread['pages']);
 569                  if($thread['pages'] > $mybb->settings['maxmultipagelinks'])
 570                  {
 571                      $pagesstop = $mybb->settings['maxmultipagelinks'] - 1;
 572                      $page_link = get_thread_link($thread['tid'], $thread['pages']).$highlight;
 573                      eval("\$morelink = \"".$templates->get("forumdisplay_thread_multipage_more")."\";");
 574                  }
 575                  else
 576                  {
 577                      $pagesstop = $thread['pages'];
 578                  }
 579                  for($i = 1; $i <= $pagesstop; ++$i)
 580                  {
 581                      $page_link = get_thread_link($thread['tid'], $i).$highlight;
 582                      eval("\$threadpages .= \"".$templates->get("forumdisplay_thread_multipage_page")."\";");
 583                  }
 584                  eval("\$thread['multipage'] = \"".$templates->get("forumdisplay_thread_multipage")."\";");
 585              }
 586              else
 587              {
 588                  $threadpages = '';
 589                  $morelink = '';
 590                  $thread['multipage'] = '';
 591              }
 592              $lastpostdate = my_date('relative', $thread['lastpost']);
 593              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
 594              $lastposteruid = $thread['lastposteruid'];
 595              if(!$lastposteruid && !$thread['lastposter'])
 596              {
 597                  $lastposter = htmlspecialchars_uni($lang->guest);
 598              }
 599              else
 600              {
 601                  $lastposter = htmlspecialchars_uni($thread['lastposter']);
 602              }
 603              $thread_link = get_thread_link($thread['tid']);
 604  
 605              // Don't link to guest's profiles (they have no profile).
 606              if($lastposteruid == 0)
 607              {
 608                  $lastposterlink = $lastposter;
 609              }
 610              else
 611              {
 612                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
 613              }
 614  
 615              $thread['replies'] = my_number_format($thread['replies']);
 616              $thread['views'] = my_number_format($thread['views']);
 617  
 618              $thread['forumlink'] = '';
 619              if($forumcache[$thread['fid']])
 620              {
 621                  $thread['forumlink_link'] = get_forum_link($thread['fid']);
 622                  $thread['forumlink_name'] = $forumcache[$thread['fid']]['name'];
 623                  eval("\$thread['forumlink'] = \"".$templates->get("search_results_threads_forumlink")."\";");
 624              }
 625  
 626              // If this user is the author of the thread and it is not closed or they are a moderator, they can edit
 627              if(($thread['uid'] == $mybb->user['uid'] && $thread['closed'] != 1 && $mybb->user['uid'] != 0 && $fpermissions[$thread['fid']]['caneditposts'] == 1) || is_moderator($thread['fid'], "caneditposts"))
 628              {
 629                  $inline_edit_class = "subject_editable";
 630              }
 631              else
 632              {
 633                  $inline_edit_class = "";
 634              }
 635  
 636              // If this thread has 1 or more attachments show the papperclip
 637              if($mybb->settings['enableattachments'] == 1 && $thread['attachmentcount'] > 0)
 638              {
 639                  if($thread['attachmentcount'] > 1)
 640                  {
 641                      $attachment_count = $lang->sprintf($lang->attachment_count_multiple, $thread['attachmentcount']);
 642                  }
 643                  else
 644                  {
 645                      $attachment_count = $lang->attachment_count;
 646                  }
 647  
 648                  eval("\$attachment_count = \"".$templates->get("forumdisplay_thread_attachment_count")."\";");
 649              }
 650              else
 651              {
 652                  $attachment_count = '';
 653              }
 654  
 655              $inline_edit_tid = $thread['tid'];
 656  
 657              // Inline thread moderation
 658              $inline_mod_checkbox = '';
 659              if($is_supermod || is_moderator($thread['fid']))
 660              {
 661                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$thread['tid']}|") !== false)
 662                  {
 663                      $inlinecheck = "checked=\"checked\"";
 664                      ++$inlinecount;
 665                  }
 666                  else
 667                  {
 668                      $inlinecheck = '';
 669                  }
 670  
 671                  // If this user is allowed to use the inline moderation tools for at least one thread, include the necessary scripts
 672                  $show_inline_moderation = true;
 673  
 674                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_inlinecheck")."\";");
 675              }
 676              elseif($is_mod)
 677              {
 678                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_nocheck")."\";");
 679              }
 680  
 681              $plugins->run_hooks("search_results_thread");
 682              eval("\$results .= \"".$templates->get("search_results_threads_thread")."\";");
 683          }
 684          if(!$results)
 685          {
 686              error($lang->error_nosearchresults);
 687          }
 688          $multipage = multipage($threadcount, $perpage, $page, "search.php?action=results&amp;sid=$sid&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
 689          if($upper > $threadcount)
 690          {
 691              $upper = $threadcount;
 692          }
 693  
 694          // Inline Thread Moderation Options
 695          if($show_inline_moderation)
 696          {
 697              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
 698  
 699              // If user has moderation tools available, prepare the Select All feature
 700              $lang->page_selected = $lang->sprintf($lang->page_selected, count($thread_cache));
 701              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$threadcount);
 702              $lang->select_all = $lang->sprintf($lang->select_all, (int)$threadcount);
 703              eval("\$selectall = \"".$templates->get("search_threads_inlinemoderation_selectall")."\";");
 704  
 705              $customthreadtools = '';
 706              switch($db->type)
 707              {
 708                  case "pgsql":
 709                  case "sqlite":
 710                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
 711                      break;
 712                  default:
 713                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
 714              }
 715  
 716              while($tool = $db->fetch_array($query))
 717              {
 718                  $tool['name'] = htmlspecialchars_uni($tool['name']);
 719                  eval("\$customthreadtools .= \"".$templates->get("search_results_threads_inlinemoderation_custom_tool")."\";");
 720              }
 721              // Build inline moderation dropdown
 722              if(!empty($customthreadtools))
 723              {
 724                  eval("\$customthreadtools = \"".$templates->get("search_results_threads_inlinemoderation_custom")."\";");
 725              }
 726              eval("\$inlinemod = \"".$templates->get("search_results_threads_inlinemoderation")."\";");
 727          }
 728          elseif($is_mod)
 729          {
 730              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
 731          }
 732  
 733          $plugins->run_hooks("search_results_end");
 734  
 735          eval("\$searchresults = \"".$templates->get("search_results_threads")."\";");
 736          output_page($searchresults);
 737      }
 738      else // Displaying results as posts
 739      {
 740          if(!$search['posts'])
 741          {
 742              error($lang->error_nosearchresults);
 743          }
 744  
 745          $postcount = 0;
 746  
 747          // Moderators can view unapproved threads
 748          $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 749          if($mybb->usergroup['issupermod'] == 1)
 750          {
 751              // Super moderators (and admins)
 752              $unapproved_where = "visible >= -1";
 753          }
 754          elseif($db->num_rows($query))
 755          {
 756              // Normal moderators
 757              $unapprove_forums = array();
 758              $deleted_forums = array();
 759              $unapproved_where = '(visible = 1';
 760  
 761              while($moderator = $db->fetch_array($query))
 762              {
 763                  if($moderator['canviewunapprove'] == 1)
 764                  {
 765                      $unapprove_forums[] = $moderator['fid'];
 766                  }
 767  
 768                  if($moderator['canviewdeleted'] == 1)
 769                  {
 770                      $deleted_forums[] = $moderator['fid'];
 771                  }
 772              }
 773  
 774              if(!empty($unapprove_forums))
 775              {
 776                  $unapproved_where .= " OR (visible = 0 AND fid IN(".implode(',', $unapprove_forums)."))";
 777              }
 778              if(!empty($deleted_forums))
 779              {
 780                  $unapproved_where .= " OR (visible = -1 AND fid IN(".implode(',', $deleted_forums)."))";
 781              }
 782              $unapproved_where .= ')';
 783          }
 784          else
 785          {
 786              // Normal users
 787              $unapproved_where = 'visible = 1';
 788          }
 789  
 790          $post_cache_options = array();
 791          if((int)$mybb->settings['searchhardlimit'] > 0)
 792          {
 793              $post_cache_options['limit'] = (int)$mybb->settings['searchhardlimit'];
 794          }
 795  
 796          if(strpos($sortfield, 'p.') !== false)
 797          {
 798              $post_cache_options['order_by'] = str_replace('p.', '', $sortfield);
 799              $post_cache_options['order_dir'] = $order;
 800          }
 801  
 802          $tids = array();
 803          $pids = array();
 804          // Make sure the posts we're viewing we have permission to view.
 805          $query = $db->simple_select("posts", "pid, tid", "pid IN(".$db->escape_string($search['posts']).") AND {$unapproved_where}", $post_cache_options);
 806          while($post = $db->fetch_array($query))
 807          {
 808              $pids[$post['pid']] = $post['tid'];
 809              $tids[$post['tid']][$post['pid']] = $post['pid'];
 810          }
 811  
 812          if(!empty($pids))
 813          {
 814              $temp_pids = array();
 815  
 816              $group_permissions = forum_permissions();
 817              $permsql = '';
 818              $onlyusfids = array();
 819  
 820              foreach($group_permissions as $fid => $forum_permissions)
 821              {
 822                  if(!empty($forum_permissions['canonlyviewownthreads']))
 823                  {
 824                      $onlyusfids[] = $fid;
 825                  }
 826              }
 827  
 828              if($onlyusfids)
 829              {
 830                  $permsql .= " OR (fid IN(".implode(',', $onlyusfids).") AND uid!={$mybb->user['uid']})";
 831              }
 832              $unsearchforums = get_unsearchable_forums();
 833              if($unsearchforums)
 834              {
 835                  $permsql .= " OR fid IN ($unsearchforums)";
 836              }
 837              $inactiveforums = get_inactive_forums();
 838              if($inactiveforums)
 839              {
 840                  $permsql .= " OR fid IN ($inactiveforums)";
 841              }
 842  
 843              // Check the thread records as well. If we don't have permissions, remove them from the listing.
 844              $query = $db->simple_select("threads", "tid", "tid IN(".$db->escape_string(implode(',', $pids)).") AND ({$unapproved_where}{$permsql} OR closed LIKE 'moved|%')");
 845              while($thread = $db->fetch_array($query))
 846              {
 847                  if(array_key_exists($thread['tid'], $tids) != true)
 848                  {
 849                      $temp_pids = $tids[$thread['tid']];
 850                      foreach($temp_pids as $pid)
 851                      {
 852                          unset($pids[$pid]);
 853                          unset($tids[$thread['tid']]);
 854                      }
 855                  }
 856              }
 857              unset($temp_pids);
 858          }
 859  
 860          // Declare our post count
 861          $postcount = count($pids);
 862  
 863          if(!$postcount)
 864          {
 865              error($lang->error_nosearchresults);
 866          }
 867  
 868          // And now we have our sanatized post list
 869          $search['posts'] = implode(',', array_keys($pids));
 870  
 871          $tids = implode(",", array_keys($tids));
 872  
 873          // Read threads
 874          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 875          {
 876              $query = $db->simple_select("threadsread", "tid, dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$db->escape_string($tids).")");
 877              while($readthread = $db->fetch_array($query))
 878              {
 879                  $readthreads[$readthread['tid']] = $readthread['dateline'];
 880              }
 881          }
 882  
 883          $dot_icon = array();
 884          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] != 0)
 885          {
 886              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$db->escape_string($tids)}) AND {$unapproved_where}");
 887              while($post = $db->fetch_array($query))
 888              {
 889                  $dot_icon[$post['tid']] = true;
 890              }
 891          }
 892  
 893          $results = '';
 894  
 895          $pages = ceil($postcount / $perpage);
 896          if($page > $pages)
 897          {
 898              $start = 0;
 899              $page = 1;
 900          }
 901  
 902          $query = $db->query("
 903              SELECT p.*, u.username AS userusername, t.subject AS thread_subject, t.replies AS thread_replies, t.views AS thread_views, t.lastpost AS thread_lastpost, t.closed AS thread_closed, t.uid as thread_uid
 904              FROM ".TABLE_PREFIX."posts p
 905              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 906              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 907              LEFT JOIN ".TABLE_PREFIX."forums f ON (t.fid=f.fid)
 908              WHERE p.pid IN (".$db->escape_string($search['posts']).")
 909              ORDER BY $sortfield $order
 910              LIMIT $start, $perpage
 911          ");
 912          while($post = $db->fetch_array($query))
 913          {
 914              $bgcolor = alt_trow();
 915              if($post['visible'] == 0)
 916              {
 917                  $bgcolor = 'trow_shaded';
 918              }
 919              elseif($post['visible'] == -1)
 920              {
 921                  $bgcolor = 'trow_shaded trow_deleted';
 922              }
 923              if($post['userusername'])
 924              {
 925                  $post['username'] = $post['userusername'];
 926              }
 927              $post['username'] = htmlspecialchars_uni($post['username']);
 928              $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
 929              $post['subject'] = $parser->parse_badwords($post['subject']);
 930              $post['thread_subject'] = $parser->parse_badwords($post['thread_subject']);
 931              $post['thread_subject'] = htmlspecialchars_uni($post['thread_subject']);
 932  
 933              if(isset($icon_cache[$post['icon']]))
 934              {
 935                  $posticon = $icon_cache[$post['icon']];
 936                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 937                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 938                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 939                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 940              }
 941              else
 942              {
 943                  $icon = "&nbsp;";
 944              }
 945  
 946              $post['forumlink'] = '';
 947              if(!empty($forumcache[$thread['fid']]))
 948              {
 949                  $post['forumlink_link'] = get_forum_link($post['fid']);
 950                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
 951                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
 952              }
 953  
 954              // Determine the folder
 955              $folder = '';
 956              $folder_label = '';
 957              $gotounread = '';
 958              $isnew = 0;
 959              $donenew = 0;
 960              $last_read = 0;
 961              $post['thread_lastread'] = $readthreads[$post['tid']];
 962  
 963              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 964              {
 965                  $forum_read = $readforums[$post['fid']];
 966  
 967                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 968                  if($forum_read == 0 || $forum_read < $read_cutoff)
 969                  {
 970                      $forum_read = $read_cutoff;
 971                  }
 972              }
 973              else
 974              {
 975                  $forum_read = $forumsread[$post['fid']];
 976              }
 977  
 978              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $post['thread_lastpost'] > $forum_read)
 979              {
 980                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 981                  if($post['thread_lastpost'] > $cutoff)
 982                  {
 983                      if($post['thread_lastread'])
 984                      {
 985                          $last_read = $post['thread_lastread'];
 986                      }
 987                      else
 988                      {
 989                          $last_read = 1;
 990                      }
 991                  }
 992              }
 993  
 994              if(isset($dot_icon[$post['tid']]))
 995              {
 996                  $folder = "dot_";
 997                  $folder_label .= $lang->icon_dot;
 998              }
 999  
1000              if(!$last_read)
1001              {
1002                  $readcookie = $threadread = my_get_array_cookie("threadread", $post['tid']);
1003                  if($readcookie > $forum_read)
1004                  {
1005                      $last_read = $readcookie;
1006                  }
1007                  elseif($forum_read > $mybb->user['lastvisit'])
1008                  {
1009                      $last_read = $forum_read;
1010                  }
1011                  else
1012                  {
1013                      $last_read = $mybb->user['lastvisit'];
1014                  }
1015              }
1016  
1017              if($post['thread_lastpost'] > $last_read && $last_read)
1018              {
1019                  $folder .= "new";
1020                  $folder_label .= $lang->icon_new;
1021                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
1022                  $unreadpost = 1;
1023              }
1024              else
1025              {
1026                  $folder_label .= $lang->icon_no_new;
1027              }
1028  
1029              if($post['thread_replies'] >= $mybb->settings['hottopic'] || $post['thread_views'] >= $mybb->settings['hottopicviews'])
1030              {
1031                  $folder .= "hot";
1032                  $folder_label .= $lang->icon_hot;
1033              }
1034              if($post['thread_closed'] == 1)
1035              {
1036                  $folder .= "close";
1037                  $folder_label .= $lang->icon_close;
1038              }
1039              $folder .= "folder";
1040  
1041              $post['thread_replies'] = my_number_format($post['thread_replies']);
1042              $post['thread_views'] = my_number_format($post['thread_views']);
1043  
1044              $post['forumlink'] = '';
1045              if($forumcache[$post['fid']])
1046              {
1047                  $post['forumlink_link'] = get_forum_link($post['fid']);
1048                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
1049                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
1050              }
1051  
1052              if(!$post['subject'])
1053              {
1054                  $post['subject'] = $post['message'];
1055              }
1056              if(my_strlen($post['subject']) > 50)
1057              {
1058                  $post['subject'] = htmlspecialchars_uni(my_substr($post['subject'], 0, 50)."...");
1059              }
1060              else
1061              {
1062                  $post['subject'] = htmlspecialchars_uni($post['subject']);
1063              }
1064              // What we do here is parse the post using our post parser, then strip the tags from it
1065              $parser_options = array(
1066                  'allow_html' => 0,
1067                  'allow_mycode' => 1,
1068                  'allow_smilies' => 0,
1069                  'allow_imgcode' => 0,
1070                  'filter_badwords' => 1
1071              );
1072              $post['message'] = strip_tags($parser->parse_message($post['message'], $parser_options));
1073              if(my_strlen($post['message']) > 200)
1074              {
1075                  $prev = my_substr($post['message'], 0, 200)."...";
1076              }
1077              else
1078              {
1079                  $prev = $post['message'];
1080              }
1081              $posted = my_date('relative', $post['dateline']);
1082  
1083              $thread_url = get_thread_link($post['tid']);
1084              $post_url = get_post_link($post['pid'], $post['tid']);
1085  
1086              // Inline post moderation
1087              $inline_mod_checkbox = '';
1088              if($is_supermod || is_moderator($post['fid']))
1089              {
1090                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$post['pid']}|") !== false)
1091                  {
1092                      $inlinecheck = "checked=\"checked\"";
1093                      ++$inlinecount;
1094                  }
1095                  else
1096                  {
1097                      $inlinecheck = '';
1098                  }
1099  
1100                  $show_inline_moderation = true;
1101  
1102                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_inlinecheck")."\";");
1103              }
1104              elseif($is_mod)
1105              {
1106                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_nocheck")."\";");
1107              }
1108  
1109              $plugins->run_hooks("search_results_post");
1110              eval("\$results .= \"".$templates->get("search_results_posts_post")."\";");
1111          }
1112          if(!$results)
1113          {
1114              error($lang->error_nosearchresults);
1115          }
1116          $multipage = multipage($postcount, $perpage, $page, "search.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
1117          if($upper > $postcount)
1118          {
1119              $upper = $postcount;
1120          }
1121  
1122          // Inline Post Moderation Options
1123          if($show_inline_moderation)
1124          {
1125              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
1126  
1127              // If user has moderation tools available, prepare the Select All feature
1128              $num_results = $db->num_rows($query);
1129              $lang->page_selected = $lang->sprintf($lang->page_selected, (int)$num_results);
1130              $lang->select_all = $lang->sprintf($lang->select_all, (int)$postcount);
1131              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$postcount);
1132              eval("\$selectall = \"".$templates->get("search_posts_inlinemoderation_selectall")."\";");
1133  
1134              $customthreadtools = $customposttools = '';
1135              switch($db->type)
1136              {
1137                  case "pgsql":
1138                  case "sqlite":
1139                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
1140                      break;
1141                  default:
1142                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
1143              }
1144  
1145              while($tool = $db->fetch_array($query))
1146              {
1147                  eval("\$customposttools .= \"".$templates->get("search_results_posts_inlinemoderation_custom_tool")."\";");
1148              }
1149              // Build inline moderation dropdown
1150              if(!empty($customposttools))
1151              {
1152                  eval("\$customposttools = \"".$templates->get("search_results_posts_inlinemoderation_custom")."\";");
1153              }
1154              eval("\$inlinemod = \"".$templates->get("search_results_posts_inlinemoderation")."\";");
1155          }
1156          elseif($is_mod)
1157          {
1158              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
1159          }
1160  
1161          $plugins->run_hooks("search_results_end");
1162  
1163          eval("\$searchresults = \"".$templates->get("search_results_posts")."\";");
1164          output_page($searchresults);
1165      }
1166  }
1167  elseif($mybb->input['action'] == "findguest")
1168  {
1169      $where_sql = "uid='0'";
1170  
1171      $unsearchforums = get_unsearchable_forums();
1172      if($unsearchforums)
1173      {
1174          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1175      }
1176      $inactiveforums = get_inactive_forums();
1177      if($inactiveforums)
1178      {
1179          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1180      }
1181  
1182      $permsql = "";
1183      $onlyusfids = array();
1184  
1185      // Check group permissions if we can't view threads not started by us
1186      $group_permissions = forum_permissions();
1187      foreach($group_permissions as $fid => $forum_permissions)
1188      {
1189          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1190          {
1191              $onlyusfids[] = $fid;
1192          }
1193      }
1194      if(!empty($onlyusfids))
1195      {
1196          $where_sql .= " AND fid NOT IN(".implode(',', $onlyusfids).")";
1197      }
1198  
1199      $options = array(
1200          'order_by' => 'dateline',
1201          'order_dir' => 'desc'
1202      );
1203  
1204      // Do we have a hard search limit?
1205      if($mybb->settings['searchhardlimit'] > 0)
1206      {
1207          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1208      }
1209  
1210      $pids = '';
1211      $comma = '';
1212      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1213      while($pid = $db->fetch_field($query, "pid"))
1214      {
1215              $pids .= $comma.$pid;
1216              $comma = ',';
1217      }
1218  
1219      $tids = '';
1220      $comma = '';
1221      $query = $db->simple_select("threads", "tid", $where_sql);
1222      while($tid = $db->fetch_field($query, "tid"))
1223      {
1224              $tids .= $comma.$tid;
1225              $comma = ',';
1226      }
1227  
1228      $sid = md5(uniqid(microtime(), true));
1229      $searcharray = array(
1230          "sid" => $db->escape_string($sid),
1231          "uid" => $mybb->user['uid'],
1232          "dateline" => TIME_NOW,
1233          "ipaddress" => $db->escape_binary($session->packedip),
1234          "threads" => $db->escape_string($tids),
1235          "posts" => $db->escape_string($pids),
1236          "resulttype" => "posts",
1237          "querycache" => '',
1238          "keywords" => ''
1239      );
1240      $plugins->run_hooks("search_do_search_process");
1241      $db->insert_query("searchlog", $searcharray);
1242      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1243  }
1244  elseif($mybb->input['action'] == "finduser")
1245  {
1246      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1247  
1248      $unsearchforums = get_unsearchable_forums();
1249      if($unsearchforums)
1250      {
1251          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1252      }
1253      $inactiveforums = get_inactive_forums();
1254      if($inactiveforums)
1255      {
1256          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1257      }
1258  
1259      $permsql = "";
1260      $onlyusfids = array();
1261  
1262      // Check group permissions if we can't view threads not started by us
1263      $group_permissions = forum_permissions();
1264      foreach($group_permissions as $fid => $forum_permissions)
1265      {
1266          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1267          {
1268              $onlyusfids[] = $fid;
1269          }
1270      }
1271      if(!empty($onlyusfids))
1272      {
1273          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1274      }
1275  
1276      $options = array(
1277          'order_by' => 'dateline',
1278          'order_dir' => 'desc'
1279      );
1280  
1281      // Do we have a hard search limit?
1282      if($mybb->settings['searchhardlimit'] > 0)
1283      {
1284          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1285      }
1286  
1287      $pids = '';
1288      $comma = '';
1289      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1290      while($pid = $db->fetch_field($query, "pid"))
1291      {
1292              $pids .= $comma.$pid;
1293              $comma = ',';
1294      }
1295  
1296      $tids = '';
1297      $comma = '';
1298      $query = $db->simple_select("threads", "tid", $where_sql);
1299      while($tid = $db->fetch_field($query, "tid"))
1300      {
1301              $tids .= $comma.$tid;
1302              $comma = ',';
1303      }
1304  
1305      $sid = md5(uniqid(microtime(), true));
1306      $searcharray = array(
1307          "sid" => $db->escape_string($sid),
1308          "uid" => $mybb->user['uid'],
1309          "dateline" => TIME_NOW,
1310          "ipaddress" => $db->escape_binary($session->packedip),
1311          "threads" => $db->escape_string($tids),
1312          "posts" => $db->escape_string($pids),
1313          "resulttype" => "posts",
1314          "querycache" => '',
1315          "keywords" => ''
1316      );
1317      $plugins->run_hooks("search_do_search_process");
1318      $db->insert_query("searchlog", $searcharray);
1319      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1320  }
1321  elseif($mybb->input['action'] == "finduserthreads")
1322  {
1323      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1324  
1325      $unsearchforums = get_unsearchable_forums();
1326      if($unsearchforums)
1327      {
1328          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1329      }
1330      $inactiveforums = get_inactive_forums();
1331      if($inactiveforums)
1332      {
1333          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1334      }
1335  
1336      $permsql = "";
1337      $onlyusfids = array();
1338  
1339      // Check group permissions if we can't view threads not started by us
1340      $group_permissions = forum_permissions();
1341      foreach($group_permissions as $fid => $forum_permissions)
1342      {
1343          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1344          {
1345              $onlyusfids[] = $fid;
1346          }
1347      }
1348      if(!empty($onlyusfids))
1349      {
1350          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1351      }
1352  
1353      $tids = '';
1354      $comma = '';
1355      $query = $db->simple_select("threads", "tid", $where_sql);
1356      while($tid = $db->fetch_field($query, "tid"))
1357      {
1358              $tids .= $comma.$tid;
1359              $comma = ',';
1360      }
1361  
1362      $sid = md5(uniqid(microtime(), true));
1363      $searcharray = array(
1364          "sid" => $db->escape_string($sid),
1365          "uid" => $mybb->user['uid'],
1366          "dateline" => TIME_NOW,
1367          "ipaddress" => $db->escape_binary($session->packedip),
1368          "threads" => $db->escape_string($tids),
1369          "posts" => '',
1370          "resulttype" => "threads",
1371          "querycache" => $db->escape_string($where_sql),
1372          "keywords" => ''
1373      );
1374      $plugins->run_hooks("search_do_search_process");
1375      $db->insert_query("searchlog", $searcharray);
1376      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1377  }
1378  elseif($mybb->input['action'] == "getnew")
1379  {
1380  
1381      $where_sql = "lastpost >= '".(int)$mybb->user['lastvisit']."'";
1382  
1383      if($mybb->get_input('fid', MyBB::INPUT_INT))
1384      {
1385          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1386      }
1387      else if($mybb->get_input('fids'))
1388      {
1389          $fids = explode(',', $mybb->get_input('fids'));
1390          foreach($fids as $key => $fid)
1391          {
1392              $fids[$key] = (int)$fid;
1393          }
1394  
1395          if(!empty($fids))
1396          {
1397              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1398          }
1399      }
1400  
1401      $unsearchforums = get_unsearchable_forums();
1402      if($unsearchforums)
1403      {
1404          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1405      }
1406      $inactiveforums = get_inactive_forums();
1407      if($inactiveforums)
1408      {
1409          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1410      }
1411  
1412      $permsql = "";
1413      $onlyusfids = array();
1414  
1415      // Check group permissions if we can't view threads not started by us
1416      $group_permissions = forum_permissions();
1417      foreach($group_permissions as $fid => $forum_permissions)
1418      {
1419          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1420          {
1421              $onlyusfids[] = $fid;
1422          }
1423      }
1424      if(!empty($onlyusfids))
1425      {
1426          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1427      }
1428      
1429      $tids = '';
1430      $comma = '';
1431      $query = $db->simple_select("threads", "tid", $where_sql);
1432      while($tid = $db->fetch_field($query, "tid"))
1433      {
1434              $tids .= $comma.$tid;
1435              $comma = ',';
1436      }
1437  
1438      $sid = md5(uniqid(microtime(), true));
1439      $searcharray = array(
1440          "sid" => $db->escape_string($sid),
1441          "uid" => $mybb->user['uid'],
1442          "dateline" => TIME_NOW,
1443          "ipaddress" => $db->escape_binary($session->packedip),
1444          "threads" => $db->escape_string($tids),
1445          "posts" => '',
1446          "resulttype" => "threads",
1447          "querycache" => $db->escape_string($where_sql),
1448          "keywords" => ''
1449      );
1450  
1451      $plugins->run_hooks("search_do_search_process");
1452      $db->insert_query("searchlog", $searcharray);
1453      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1454  }
1455  elseif($mybb->input['action'] == "getdaily")
1456  {
1457      if($mybb->get_input('days', MyBB::INPUT_INT) < 1)
1458      {
1459          $days = 1;
1460      }
1461      else
1462      {
1463          $days = $mybb->get_input('days', MyBB::INPUT_INT);
1464      }
1465      $datecut = TIME_NOW-(86400*$days);
1466  
1467      $where_sql = "lastpost >='".$datecut."'";
1468  
1469      if($mybb->get_input('fid', MyBB::INPUT_INT))
1470      {
1471          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1472      }
1473      else if($mybb->get_input('fids'))
1474      {
1475          $fids = explode(',', $mybb->get_input('fids'));
1476          foreach($fids as $key => $fid)
1477          {
1478              $fids[$key] = (int)$fid;
1479          }
1480  
1481          if(!empty($fids))
1482          {
1483              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1484          }
1485      }
1486  
1487      $unsearchforums = get_unsearchable_forums();
1488      if($unsearchforums)
1489      {
1490          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1491      }
1492      $inactiveforums = get_inactive_forums();
1493      if($inactiveforums)
1494      {
1495          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1496      }
1497  
1498      $permsql = "";
1499      $onlyusfids = array();
1500  
1501      // Check group permissions if we can't view threads not started by us
1502      $group_permissions = forum_permissions();
1503      foreach($group_permissions as $fid => $forum_permissions)
1504      {
1505          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1506          {
1507              $onlyusfids[] = $fid;
1508          }
1509      }
1510      if(!empty($onlyusfids))
1511      {
1512          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1513      }
1514  
1515      $tids = '';
1516      $comma = '';
1517      $query = $db->simple_select("threads", "tid", $where_sql);
1518      while($tid = $db->fetch_field($query, "tid"))
1519      {
1520              $tids .= $comma.$tid;
1521              $comma = ',';
1522      }
1523      
1524      $sid = md5(uniqid(microtime(), true));
1525      $searcharray = array(
1526          "sid" => $db->escape_string($sid),
1527          "uid" => $mybb->user['uid'],
1528          "dateline" => TIME_NOW,
1529          "ipaddress" => $db->escape_binary($session->packedip),
1530          "threads" => $db->escape_string($tids),
1531          "posts" => '',
1532          "resulttype" => "threads",
1533          "querycache" => $db->escape_string($where_sql),
1534          "keywords" => ''
1535      );
1536  
1537      $plugins->run_hooks("search_do_search_process");
1538      $db->insert_query("searchlog", $searcharray);
1539      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1540  }
1541  elseif($mybb->input['action'] == "do_search" && $mybb->request_method == "post")
1542  {
1543      $plugins->run_hooks("search_do_search_start");
1544  
1545      // Check if search flood checking is enabled and user is not admin
1546      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1547      {
1548          // Fetch the time this user last searched
1549          if($mybb->user['uid'])
1550          {
1551              $conditions = "uid='{$mybb->user['uid']}'";
1552          }
1553          else
1554          {
1555              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1556          }
1557          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1558          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1559          $last_search = $db->fetch_array($query);
1560          // Users last search was within the flood time, show the error
1561          if($last_search['sid'])
1562          {
1563              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1564              if($remaining_time == 1)
1565              {
1566                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1567              }
1568              else
1569              {
1570                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1571              }
1572              error($lang->error_searchflooding);
1573          }
1574      }
1575      if($mybb->get_input('showresults') == "threads")
1576      {
1577          $resulttype = "threads";
1578      }
1579      else
1580      {
1581          $resulttype = "posts";
1582      }
1583  
1584      $search_data = array(
1585          "keywords" => $mybb->input['keywords'],
1586          "author" => $mybb->get_input('author'),
1587          "postthread" => $mybb->get_input('postthread', MyBB::INPUT_INT),
1588          "matchusername" => $mybb->get_input('matchusername', MyBB::INPUT_INT),
1589          "postdate" => $mybb->get_input('postdate', MyBB::INPUT_INT),
1590          "pddir" => $mybb->get_input('pddir', MyBB::INPUT_INT),
1591          "forums" => $mybb->input['forums'],
1592          "findthreadst" => $mybb->get_input('findthreadst', MyBB::INPUT_INT),
1593          "numreplies" => $mybb->get_input('numreplies', MyBB::INPUT_INT),
1594          "threadprefix" => $mybb->get_input('threadprefix', MyBB::INPUT_ARRAY)
1595      );
1596  
1597      if(is_moderator() && !empty($mybb->input['visible']))
1598      {
1599          $search_data['visible'] = $mybb->get_input('visible', MyBB::INPUT_INT);
1600      }
1601  
1602      if($db->can_search == true)
1603      {
1604          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1605          {
1606              $search_results = perform_search_mysql_ft($search_data);
1607          }
1608          else
1609          {
1610              $search_results = perform_search_mysql($search_data);
1611          }
1612      }
1613      else
1614      {
1615          error($lang->error_no_search_support);
1616      }
1617      $sid = md5(uniqid(microtime(), true));
1618      $searcharray = array(
1619          "sid" => $db->escape_string($sid),
1620          "uid" => $mybb->user['uid'],
1621          "dateline" => $now,
1622          "ipaddress" => $db->escape_binary($session->packedip),
1623          "threads" => $search_results['threads'],
1624          "posts" => $search_results['posts'],
1625          "resulttype" => $resulttype,
1626          "querycache" => $search_results['querycache'],
1627          "keywords" => $db->escape_string($mybb->input['keywords']),
1628      );
1629      $plugins->run_hooks("search_do_search_process");
1630  
1631      $db->insert_query("searchlog", $searcharray);
1632  
1633      if(my_strtolower($mybb->get_input('sortordr')) == "asc" || my_strtolower($mybb->get_input('sortordr') == "desc"))
1634      {
1635          $sortorder = $mybb->get_input('sortordr');
1636      }
1637      else
1638      {
1639          $sortorder = "desc";
1640      }
1641      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
1642      $plugins->run_hooks("search_do_search_end");
1643      redirect("search.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
1644  }
1645  else if($mybb->input['action'] == "thread")
1646  {
1647      // Fetch thread info
1648      $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
1649      $ismod = is_moderator($thread['fid']);
1650  
1651      if(!$thread || ($thread['visible'] != 1 && $ismod == false && ($thread['visible'] != -1 || $mybb->settings['soft_delete'] != 1 || !$mybb->user['uid'] || $mybb->user['uid'] != $thread['uid'])) || ($thread['visible'] > 1 && $ismod == true))
1652      {
1653          error($lang->error_invalidthread);
1654      }
1655  
1656      // Get forum info
1657      $forum = get_forum($thread['fid']);
1658      if(!$forum)
1659      {
1660          error($lang->error_invalidforum);
1661      }
1662  
1663      $forum_permissions = forum_permissions($forum['fid']);
1664  
1665      if($forum['open'] == 0 || $forum['type'] != "f")
1666      {
1667          error($lang->error_closedinvalidforum);
1668      }
1669      if($forum_permissions['canview'] == 0 || $forum_permissions['canviewthreads'] != 1 || (isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1670      {
1671          error_no_permission();
1672      }
1673  
1674      $plugins->run_hooks("search_thread_start");
1675  
1676      // Check if search flood checking is enabled and user is not admin
1677      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1678      {
1679          // Fetch the time this user last searched
1680          if($mybb->user['uid'])
1681          {
1682              $conditions = "uid='{$mybb->user['uid']}'";
1683          }
1684          else
1685          {
1686              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1687          }
1688          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1689          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1690          $last_search = $db->fetch_array($query);
1691  
1692          // We shouldn't show remaining time if time is 0 or under.
1693          $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1694          // Users last search was within the flood time, show the error.
1695          if($last_search['sid'] && $remaining_time > 0)
1696          {
1697              if($remaining_time == 1)
1698              {
1699                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1700              }
1701              else
1702              {
1703                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1704              }
1705              error($lang->error_searchflooding);
1706          }
1707      }
1708  
1709      $search_data = array(
1710          "keywords" => $mybb->input['keywords'],
1711          "postthread" => 1,
1712          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT)
1713      );
1714  
1715      if($db->can_search == true)
1716      {
1717          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1718          {
1719              $search_results = perform_search_mysql_ft($search_data);
1720          }
1721          else
1722          {
1723              $search_results = perform_search_mysql($search_data);
1724          }
1725      }
1726      else
1727      {
1728          error($lang->error_no_search_support);
1729      }
1730      $sid = md5(uniqid(microtime(), true));
1731      $searcharray = array(
1732          "sid" => $db->escape_string($sid),
1733          "uid" => $mybb->user['uid'],
1734          "dateline" => $now,
1735          "ipaddress" => $db->escape_binary($session->packedip),
1736          "threads" => $search_results['threads'],
1737          "posts" => $search_results['posts'],
1738          "resulttype" => 'posts',
1739          "querycache" => $search_results['querycache'],
1740          "keywords" => $db->escape_string($mybb->input['keywords'])
1741      );
1742      $plugins->run_hooks("search_thread_process");
1743  
1744      $db->insert_query("searchlog", $searcharray);
1745  
1746      $plugins->run_hooks("search_do_search_end");
1747      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1748  }
1749  else
1750  {
1751      $plugins->run_hooks("search_start");
1752      $srchlist = make_searchable_forums();
1753      $prefixselect = build_prefix_select('all', 'any', 1);
1754  
1755      $rowspan = 5;
1756  
1757      $moderator_options = '';
1758      if(is_moderator())
1759      {
1760          $rowspan += 2;
1761          eval("\$moderator_options = \"".$templates->get("search_moderator_options")."\";");
1762      }
1763  
1764      $plugins->run_hooks("search_end");
1765  
1766      eval("\$search = \"".$templates->get("search")."\";");
1767      output_page($search);
1768  }


2005 - 2018 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1