[ Index ]

PHP Cross Reference of MyBB 1.8.15

title

Body

[close]

/ -> search.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'search.php');
  14  
  15  $templatelist = "search,forumdisplay_thread_gotounread,search_results_threads_thread,search_results_threads,search_results_posts,search_results_posts_post,search_results_icon,search_forumlist_forum,search_forumlist";
  16  $templatelist .= ",multipage,multipage_breadcrumb,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  17  $templatelist .= ",search_results_posts_inlinecheck,search_results_posts_nocheck,search_results_threads_inlinecheck,search_results_threads_nocheck,search_results_inlinemodcol,search_results_inlinemodcol_empty,search_results_posts_inlinemoderation_custom_tool";
  18  $templatelist .= ",search_results_posts_inlinemoderation_custom,search_results_posts_inlinemoderation,search_results_threads_inlinemoderation_custom_tool,search_results_threads_inlinemoderation_custom,search_results_threads_inlinemoderation";
  19  $templatelist .= ",forumdisplay_thread_attachment_count,search_threads_inlinemoderation_selectall,search_posts_inlinemoderation_selectall,post_prefixselect_prefix,post_prefixselect_multiple,search_orderarrow";
  20  $templatelist .= ",search_results_posts_forumlink,search_results_threads_forumlink,forumdisplay_thread_multipage_more,forumdisplay_thread_multipage_page,forumdisplay_thread_multipage,search_moderator_options";
  21  
  22  require_once  "./global.php";
  23  require_once  MYBB_ROOT."inc/functions_post.php";
  24  require_once  MYBB_ROOT."inc/functions_search.php";
  25  require_once  MYBB_ROOT."inc/class_parser.php";
  26  $parser = new postParser;
  27  
  28  // Load global language phrases
  29  $lang->load("search");
  30  
  31  add_breadcrumb($lang->nav_search, "search.php");
  32  
  33  $mybb->input['action'] = $mybb->get_input('action');
  34  switch($mybb->input['action'])
  35  {
  36      case "results":
  37          add_breadcrumb($lang->nav_results);
  38          break;
  39      default:
  40          break;
  41  }
  42  
  43  if($mybb->usergroup['cansearch'] == 0)
  44  {
  45      error_no_permission();
  46  }
  47  
  48  $now = TIME_NOW;
  49  $mybb->input['keywords'] = trim($mybb->get_input('keywords'));
  50  
  51  $limitsql = "";
  52  if((int)$mybb->settings['searchhardlimit'] > 0)
  53  {
  54      $limitsql = "LIMIT ".(int)$mybb->settings['searchhardlimit'];
  55  }
  56  
  57  if($mybb->input['action'] == "results")
  58  {
  59      $sid = $db->escape_string($mybb->get_input('sid'));
  60      $query = $db->simple_select("searchlog", "*", "sid='$sid'");
  61      $search = $db->fetch_array($query);
  62  
  63      if(!$search['sid'])
  64      {
  65          error($lang->error_invalidsearch);
  66      }
  67  
  68      $plugins->run_hooks("search_results_start");
  69  
  70      // Decide on our sorting fields and sorting order.
  71      $order = my_strtolower(htmlspecialchars_uni($mybb->get_input('order')));
  72      $sortby = my_strtolower(htmlspecialchars_uni($mybb->get_input('sortby')));
  73  
  74      switch($sortby)
  75      {
  76          case "replies":
  77              $sortfield = "t.replies";
  78              break;
  79          case "views":
  80              $sortfield = "t.views";
  81              break;
  82          case "subject":
  83              if($search['resulttype'] == "threads")
  84              {
  85                  $sortfield = "t.subject";
  86              }
  87              else
  88              {
  89                  $sortfield = "p.subject";
  90              }
  91              break;
  92          case "forum":
  93              $sortfield = "t.fid";
  94              break;
  95          case "starter":
  96              if($search['resulttype'] == "threads")
  97              {
  98                  $sortfield = "t.username";
  99              }
 100              else
 101              {
 102                  $sortfield = "p.username";
 103              }
 104              break;
 105          case "lastpost":
 106          default:
 107              if($search['resulttype'] == "threads")
 108              {
 109                  $sortfield = "t.lastpost";
 110                  $sortby = "lastpost";
 111              }
 112              else
 113              {
 114                  $sortfield = "p.dateline";
 115                  $sortby = "dateline";
 116              }
 117              break;
 118      }
 119  
 120      if($order != "asc")
 121      {
 122          $order = "desc";
 123          $oppsortnext = "asc";
 124          $oppsort = $lang->asc;
 125      }
 126      else
 127      {
 128          $oppsortnext = "desc";
 129          $oppsort = $lang->desc;
 130      }
 131  
 132      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 133      {
 134          $mybb->settings['threadsperpage'] = 20;
 135      }
 136  
 137      // Work out pagination, which page we're at, as well as the limits.
 138      $perpage = $mybb->settings['threadsperpage'];
 139      $page = $mybb->get_input('page');
 140      if($page > 0)
 141      {
 142          $start = ($page-1) * $perpage;
 143      }
 144      else
 145      {
 146          $start = 0;
 147          $page = 1;
 148      }
 149      $end = $start + $perpage;
 150      $lower = $start+1;
 151      $upper = $end;
 152  
 153      // Work out if we have terms to highlight
 154      $highlight = "";
 155      if($search['keywords'])
 156      {
 157          if($mybb->seo_support == true)
 158          {
 159              $highlight = "?highlight=".urlencode($search['keywords']);
 160          }
 161          else
 162          {
 163              $highlight = "&amp;highlight=".urlencode($search['keywords']);
 164          }
 165      }
 166  
 167      $sorturl = "search.php?action=results&amp;sid={$sid}";
 168      $thread_url = "";
 169      $post_url = "";
 170  
 171      $orderarrow = array('replies' => '', 'views' => '', 'subject' => '', 'forum' => '', 'starter' => '', 'lastpost' => '', 'dateline' => '');
 172  
 173      eval("\$orderarrow['$sortby'] = \"".$templates->get("search_orderarrow")."\";");
 174  
 175      // Read some caches we will be using
 176      $forumcache = $cache->read("forums");
 177      $icon_cache = $cache->read("posticons");
 178  
 179      $threads = array();
 180  
 181      if($mybb->user['uid'] == 0)
 182      {
 183          // Build a forum cache.
 184          $query = $db->query("
 185              SELECT fid
 186              FROM ".TABLE_PREFIX."forums
 187              WHERE active != 0
 188              ORDER BY pid, disporder
 189          ");
 190  
 191          $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
 192      }
 193      else
 194      {
 195          // Build a forum cache.
 196          $query = $db->query("
 197              SELECT f.fid, fr.dateline AS lastread
 198              FROM ".TABLE_PREFIX."forums f
 199              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
 200              WHERE f.active != 0
 201              ORDER BY pid, disporder
 202          ");
 203      }
 204  
 205      while($forum = $db->fetch_array($query))
 206      {
 207          if($mybb->user['uid'] == 0)
 208          {
 209              if($forumsread[$forum['fid']])
 210              {
 211                  $forum['lastread'] = $forumsread[$forum['fid']];
 212              }
 213          }
 214          $readforums[$forum['fid']] = $forum['lastread'];
 215      }
 216      $fpermissions = forum_permissions();
 217  
 218      // Inline Mod Column for moderators
 219      $inlinemodcol = $inlinecookie = '';
 220      $is_mod = $is_supermod = $show_inline_moderation = false;
 221      if($mybb->usergroup['issupermod'])
 222      {
 223          $is_supermod = true;
 224      }
 225      if($is_supermod || is_moderator())
 226      {
 227          $inlinecookie = "inlinemod_search".$sid;
 228          $inlinecount = 0;
 229          $is_mod = true;
 230          $return_url = 'search.php?'.htmlspecialchars_uni($_SERVER['QUERY_STRING']);
 231      }
 232  
 233      // Show search results as 'threads'
 234      if($search['resulttype'] == "threads")
 235      {
 236          $threadcount = 0;
 237  
 238          // Moderators can view unapproved threads
 239          $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 240          if($mybb->usergroup['issupermod'] == 1)
 241          {
 242              // Super moderators (and admins)
 243              $unapproved_where = "t.visible>=-1";
 244          }
 245          elseif($db->num_rows($query))
 246          {
 247              // Normal moderators
 248              $unapprove_forums = array();
 249              $deleted_forums = array();
 250              $unapproved_where = '(t.visible = 1';
 251              while($moderator = $db->fetch_array($query))
 252              {
 253                  if($moderator['canviewunapprove'] == 1)
 254                  {
 255                      $unapprove_forums[] = $moderator['fid'];
 256                  }
 257  
 258                  if($moderator['canviewdeleted'] == 1)
 259                  {
 260                      $deleted_forums[] = $moderator['fid'];
 261                  }
 262              }
 263  
 264              if(!empty($unapprove_forums))
 265              {
 266                  $unapproved_where .= " OR (t.visible = 0 AND t.fid IN(".implode(',', $unapprove_forums)."))";
 267              }
 268              if(!empty($deleted_forums))
 269              {
 270                  $unapproved_where .= " OR (t.visible = -1 AND t.fid IN(".implode(',', $deleted_forums)."))";
 271              }
 272              $unapproved_where .= ')';
 273          }
 274          else
 275          {
 276              // Normal users
 277              $unapproved_where = 't.visible>0';
 278          }
 279  
 280          // If we have saved WHERE conditions, execute them
 281          if($search['querycache'] != "")
 282          {
 283              $where_conditions = $search['querycache'];
 284              $query = $db->simple_select("threads t", "t.tid", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' ORDER BY t.lastpost DESC {$limitsql}");
 285              while($thread = $db->fetch_array($query))
 286              {
 287                  $threads[$thread['tid']] = $thread['tid'];
 288                  $threadcount++;
 289              }
 290              // Build our list of threads.
 291              if($threadcount > 0)
 292              {
 293                  $search['threads'] = implode(",", $threads);
 294              }
 295              // No results.
 296              else
 297              {
 298                  error($lang->error_nosearchresults);
 299              }
 300              $where_conditions = "t.tid IN (".$search['threads'].")";
 301          }
 302          // This search doesn't use a query cache, results stored in search table.
 303          else
 304          {
 305              $where_conditions = "t.tid IN (".$search['threads'].")";
 306              $query = $db->simple_select("threads t", "COUNT(t.tid) AS resultcount", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' {$limitsql}");
 307              $count = $db->fetch_array($query);
 308  
 309              if(!$count['resultcount'])
 310              {
 311                  error($lang->error_nosearchresults);
 312              }
 313              $threadcount = $count['resultcount'];
 314          }
 315  
 316          $permsql = "";
 317          $onlyusfids = array();
 318  
 319          // Check group permissions if we can't view threads not started by us
 320          $group_permissions = forum_permissions();
 321          foreach($group_permissions as $fid => $forum_permissions)
 322          {
 323              if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 324              {
 325                  $onlyusfids[] = $fid;
 326              }
 327          }
 328          if(!empty($onlyusfids))
 329          {
 330              $permsql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 331          }
 332  
 333          $unsearchforums = get_unsearchable_forums();
 334          if($unsearchforums)
 335          {
 336              $permsql .= " AND t.fid NOT IN ($unsearchforums)";
 337          }
 338          $inactiveforums = get_inactive_forums();
 339          if($inactiveforums)
 340          {
 341              $permsql .= " AND t.fid NOT IN ($inactiveforums)";
 342          }
 343  
 344          // Begin selecting matching threads, cache them.
 345          $sqlarray = array(
 346              'order_by' => $sortfield,
 347              'order_dir' => $order,
 348              'limit_start' => $start,
 349              'limit' => $perpage
 350          );
 351          $query = $db->query("
 352              SELECT t.*, u.username AS userusername
 353              FROM ".TABLE_PREFIX."threads t
 354              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
 355              WHERE $where_conditions AND {$unapproved_where} {$permsql} AND t.closed NOT LIKE 'moved|%'
 356              ORDER BY $sortfield $order
 357              LIMIT $start, $perpage
 358          ");
 359  
 360          $threadprefixes = build_prefixes();
 361          $thread_cache = array();
 362          while($thread = $db->fetch_array($query))
 363          {
 364              $thread['threadprefix'] = '';
 365              if($thread['prefix'] && !empty($threadprefixes[$thread['prefix']]))
 366              {
 367                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'];
 368              }
 369              $thread_cache[$thread['tid']] = $thread;
 370          }
 371          $thread_ids = implode(",", array_keys($thread_cache));
 372  
 373          if(empty($thread_ids))
 374          {
 375              error($lang->error_nosearchresults);
 376          }
 377  
 378          // Fetch dot icons if enabled
 379          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] && $thread_cache)
 380          {
 381              $p_unapproved_where = str_replace('t.', '', $unapproved_where);
 382              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$thread_ids}) AND {$p_unapproved_where}");
 383              while($thread = $db->fetch_array($query))
 384              {
 385                  $thread_cache[$thread['tid']]['dot_icon'] = 1;
 386              }
 387          }
 388  
 389          // Fetch the read threads.
 390          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 391          {
 392              $query = $db->simple_select("threadsread", "tid,dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$thread_ids.")");
 393              while($readthread = $db->fetch_array($query))
 394              {
 395                  $thread_cache[$readthread['tid']]['lastread'] = $readthread['dateline'];
 396              }
 397          }
 398  
 399          if(!$mybb->settings['maxmultipagelinks'])
 400          {
 401              $mybb->settings['maxmultipagelinks'] = 5;
 402          }
 403  
 404          $results = '';
 405  
 406          foreach($thread_cache as $thread)
 407          {
 408              $bgcolor = alt_trow();
 409              $folder = '';
 410              $prefix = '';
 411  
 412              // Unapproved colour
 413              if($thread['visible'] == 0)
 414              {
 415                  $bgcolor = 'trow_shaded';
 416              }
 417              elseif($thread['visible'] == -1)
 418              {
 419                  $bgcolor = 'trow_shaded trow_deleted';
 420              }
 421  
 422              if($thread['userusername'])
 423              {
 424                  $thread['username'] = $thread['userusername'];
 425              }
 426              $thread['username'] = htmlspecialchars_uni($thread['username']);
 427              $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
 428  
 429              // If this thread has a prefix, insert a space between prefix and subject
 430              if($thread['prefix'] != 0)
 431              {
 432                  $thread['threadprefix'] .= '&nbsp;';
 433              }
 434  
 435              $thread['subject'] = $parser->parse_badwords($thread['subject']);
 436              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
 437  
 438              if(isset($icon_cache[$thread['icon']]))
 439              {
 440                  $posticon = $icon_cache[$thread['icon']];
 441                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 442                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 443                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 444                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 445              }
 446              else
 447              {
 448                  $icon = "&nbsp;";
 449              }
 450              if($thread['poll'])
 451              {
 452                  $prefix = $lang->poll_prefix;
 453              }
 454  
 455              // Determine the folder
 456              $folder = '';
 457              $folder_label = '';
 458              if(isset($thread['dot_icon']))
 459              {
 460                  $folder = "dot_";
 461                  $folder_label .= $lang->icon_dot;
 462              }
 463              $gotounread = '';
 464              $isnew = 0;
 465              $donenew = 0;
 466              $last_read = 0;
 467  
 468              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 469              {
 470                  $forum_read = $readforums[$thread['fid']];
 471  
 472                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 473                  if($forum_read == 0 || $forum_read < $read_cutoff)
 474                  {
 475                      $forum_read = $read_cutoff;
 476                  }
 477              }
 478              else
 479              {
 480                  $forum_read = $forumsread[$thread['fid']];
 481              }
 482  
 483              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $thread['lastpost'] > $forum_read)
 484              {
 485                  if($thread['lastread'])
 486                  {
 487                      $last_read = $thread['lastread'];
 488                  }
 489                  else
 490                  {
 491                      $last_read = $read_cutoff;
 492                  }
 493              }
 494              else
 495              {
 496                  $last_read = my_get_array_cookie("threadread", $thread['tid']);
 497              }
 498  
 499              if($forum_read > $last_read)
 500              {
 501                  $last_read = $forum_read;
 502              }
 503  
 504              if($thread['lastpost'] > $last_read && $last_read)
 505              {
 506                  $folder .= "new";
 507                  $new_class = "subject_new";
 508                  $folder_label .= $lang->icon_new;
 509                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost").$highlight;
 510                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 511                  $unreadpost = 1;
 512              }
 513              else
 514              {
 515                  $new_class = 'subject_old';
 516                  $folder_label .= $lang->icon_no_new;
 517              }
 518  
 519              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
 520              {
 521                  $folder .= "hot";
 522                  $folder_label .= $lang->icon_hot;
 523              }
 524              if($thread['closed'] == 1)
 525              {
 526                  $folder .= "lock";
 527                  $folder_label .= $lang->icon_lock;
 528              }
 529              $folder .= "folder";
 530  
 531              if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 532              {
 533                  $mybb->settings['postsperpage'] = 20;
 534              }
 535  
 536              $thread['pages'] = 0;
 537              $thread['multipage'] = '';
 538              $threadpages = '';
 539              $morelink = '';
 540              $thread['posts'] = $thread['replies'] + 1;
 541              if(is_moderator($thread['fid'], "canviewdeleted") == true || is_moderator($thread['fid'], "canviewunapprove") == true)
 542              {
 543                  if(is_moderator($thread['fid'], "canviewdeleted") == true)
 544                  {
 545                      $thread['posts'] += $thread['deletedposts'];
 546                  }
 547                  if(is_moderator($thread['fid'], "canviewunapprove") == true)
 548                  {
 549                      $thread['posts'] += $thread['unapprovedposts'];
 550                  }
 551              }
 552              elseif($group_permissions[$thread['fid']]['canviewdeletionnotice'] != 0)
 553              {
 554                  $thread['posts'] += $thread['deletedposts'];
 555              }
 556  
 557              if($thread['posts'] > $mybb->settings['postsperpage'])
 558              {
 559                  $thread['pages'] = $thread['posts'] / $mybb->settings['postsperpage'];
 560                  $thread['pages'] = ceil($thread['pages']);
 561                  if($thread['pages'] > $mybb->settings['maxmultipagelinks'])
 562                  {
 563                      $pagesstop = $mybb->settings['maxmultipagelinks'] - 1;
 564                      $page_link = get_thread_link($thread['tid'], $thread['pages']).$highlight;
 565                      eval("\$morelink = \"".$templates->get("forumdisplay_thread_multipage_more")."\";");
 566                  }
 567                  else
 568                  {
 569                      $pagesstop = $thread['pages'];
 570                  }
 571                  for($i = 1; $i <= $pagesstop; ++$i)
 572                  {
 573                      $page_link = get_thread_link($thread['tid'], $i).$highlight;
 574                      eval("\$threadpages .= \"".$templates->get("forumdisplay_thread_multipage_page")."\";");
 575                  }
 576                  eval("\$thread['multipage'] = \"".$templates->get("forumdisplay_thread_multipage")."\";");
 577              }
 578              else
 579              {
 580                  $threadpages = '';
 581                  $morelink = '';
 582                  $thread['multipage'] = '';
 583              }
 584              $lastpostdate = my_date('relative', $thread['lastpost']);
 585              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
 586              $lastposteruid = $thread['lastposteruid'];
 587              if(!$lastposteruid && !$thread['lastposter'])
 588              {
 589                  $lastposter = htmlspecialchars_uni($lang->guest);
 590              }
 591              else
 592              {
 593                  $lastposter = htmlspecialchars_uni($thread['lastposter']);
 594              }
 595              $thread_link = get_thread_link($thread['tid']);
 596  
 597              // Don't link to guest's profiles (they have no profile).
 598              if($lastposteruid == 0)
 599              {
 600                  $lastposterlink = $lastposter;
 601              }
 602              else
 603              {
 604                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
 605              }
 606  
 607              $thread['replies'] = my_number_format($thread['replies']);
 608              $thread['views'] = my_number_format($thread['views']);
 609  
 610              $thread['forumlink'] = '';
 611              if($forumcache[$thread['fid']])
 612              {
 613                  $thread['forumlink_link'] = get_forum_link($thread['fid']);
 614                  $thread['forumlink_name'] = $forumcache[$thread['fid']]['name'];
 615                  eval("\$thread['forumlink'] = \"".$templates->get("search_results_threads_forumlink")."\";");
 616              }
 617  
 618              // If this user is the author of the thread and it is not closed or they are a moderator, they can edit
 619              if(($thread['uid'] == $mybb->user['uid'] && $thread['closed'] != 1 && $mybb->user['uid'] != 0 && $fpermissions[$thread['fid']]['caneditposts'] == 1) || is_moderator($thread['fid'], "caneditposts"))
 620              {
 621                  $inline_edit_class = "subject_editable";
 622              }
 623              else
 624              {
 625                  $inline_edit_class = "";
 626              }
 627  
 628              // If this thread has 1 or more attachments show the papperclip
 629              if($mybb->settings['enableattachments'] == 1 && $thread['attachmentcount'] > 0)
 630              {
 631                  if($thread['attachmentcount'] > 1)
 632                  {
 633                      $attachment_count = $lang->sprintf($lang->attachment_count_multiple, $thread['attachmentcount']);
 634                  }
 635                  else
 636                  {
 637                      $attachment_count = $lang->attachment_count;
 638                  }
 639  
 640                  eval("\$attachment_count = \"".$templates->get("forumdisplay_thread_attachment_count")."\";");
 641              }
 642              else
 643              {
 644                  $attachment_count = '';
 645              }
 646  
 647              $inline_edit_tid = $thread['tid'];
 648  
 649              // Inline thread moderation
 650              $inline_mod_checkbox = '';
 651              if($is_supermod || is_moderator($thread['fid']))
 652              {
 653                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$thread['tid']}|") !== false)
 654                  {
 655                      $inlinecheck = "checked=\"checked\"";
 656                      ++$inlinecount;
 657                  }
 658                  else
 659                  {
 660                      $inlinecheck = '';
 661                  }
 662  
 663                  // If this user is allowed to use the inline moderation tools for at least one thread, include the necessary scripts
 664                  $show_inline_moderation = true;
 665  
 666                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_inlinecheck")."\";");
 667              }
 668              elseif($is_mod)
 669              {
 670                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_nocheck")."\";");
 671              }
 672  
 673              $plugins->run_hooks("search_results_thread");
 674              eval("\$results .= \"".$templates->get("search_results_threads_thread")."\";");
 675          }
 676          if(!$results)
 677          {
 678              error($lang->error_nosearchresults);
 679          }
 680          $multipage = multipage($threadcount, $perpage, $page, "search.php?action=results&amp;sid=$sid&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
 681          if($upper > $threadcount)
 682          {
 683              $upper = $threadcount;
 684          }
 685  
 686          // Inline Thread Moderation Options
 687          if($show_inline_moderation)
 688          {
 689              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
 690  
 691              // If user has moderation tools available, prepare the Select All feature
 692              $lang->page_selected = $lang->sprintf($lang->page_selected, count($thread_cache));
 693              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$threadcount);
 694              $lang->select_all = $lang->sprintf($lang->select_all, (int)$threadcount);
 695              eval("\$selectall = \"".$templates->get("search_threads_inlinemoderation_selectall")."\";");
 696  
 697              $customthreadtools = '';
 698              switch($db->type)
 699              {
 700                  case "pgsql":
 701                  case "sqlite":
 702                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
 703                      break;
 704                  default:
 705                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
 706              }
 707  
 708              while($tool = $db->fetch_array($query))
 709              {
 710                  $tool['name'] = htmlspecialchars_uni($tool['name']);
 711                  eval("\$customthreadtools .= \"".$templates->get("search_results_threads_inlinemoderation_custom_tool")."\";");
 712              }
 713              // Build inline moderation dropdown
 714              if(!empty($customthreadtools))
 715              {
 716                  eval("\$customthreadtools = \"".$templates->get("search_results_threads_inlinemoderation_custom")."\";");
 717              }
 718              eval("\$inlinemod = \"".$templates->get("search_results_threads_inlinemoderation")."\";");
 719          }
 720          elseif($is_mod)
 721          {
 722              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
 723          }
 724  
 725          $plugins->run_hooks("search_results_end");
 726  
 727          eval("\$searchresults = \"".$templates->get("search_results_threads")."\";");
 728          output_page($searchresults);
 729      }
 730      else // Displaying results as posts
 731      {
 732          if(!$search['posts'])
 733          {
 734              error($lang->error_nosearchresults);
 735          }
 736  
 737          $postcount = 0;
 738  
 739          // Moderators can view unapproved threads
 740          $query = $db->simple_select("moderators", "fid, canviewunapprove, canviewdeleted", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 741          if($mybb->usergroup['issupermod'] == 1)
 742          {
 743              // Super moderators (and admins)
 744              $unapproved_where = "visible >= -1";
 745          }
 746          elseif($db->num_rows($query))
 747          {
 748              // Normal moderators
 749              $unapprove_forums = array();
 750              $deleted_forums = array();
 751              $unapproved_where = '(visible = 1';
 752  
 753              while($moderator = $db->fetch_array($query))
 754              {
 755                  if($moderator['canviewunapprove'] == 1)
 756                  {
 757                      $unapprove_forums[] = $moderator['fid'];
 758                  }
 759  
 760                  if($moderator['canviewdeleted'] == 1)
 761                  {
 762                      $deleted_forums[] = $moderator['fid'];
 763                  }
 764              }
 765  
 766              if(!empty($unapprove_forums))
 767              {
 768                  $unapproved_where .= " OR (visible = 0 AND fid IN(".implode(',', $unapprove_forums)."))";
 769              }
 770              if(!empty($deleted_forums))
 771              {
 772                  $unapproved_where .= " OR (visible = -1 AND fid IN(".implode(',', $deleted_forums)."))";
 773              }
 774              $unapproved_where .= ')';
 775          }
 776          else
 777          {
 778              // Normal users
 779              $unapproved_where = 'visible = 1';
 780          }
 781  
 782          $post_cache_options = array();
 783          if((int)$mybb->settings['searchhardlimit'] > 0)
 784          {
 785              $post_cache_options['limit'] = (int)$mybb->settings['searchhardlimit'];
 786          }
 787  
 788          if(strpos($sortfield, 'p.') !== false)
 789          {
 790              $post_cache_options['order_by'] = str_replace('p.', '', $sortfield);
 791              $post_cache_options['order_dir'] = $order;
 792          }
 793  
 794          $tids = array();
 795          $pids = array();
 796          // Make sure the posts we're viewing we have permission to view.
 797          $query = $db->simple_select("posts", "pid, tid", "pid IN(".$db->escape_string($search['posts']).") AND {$unapproved_where}", $post_cache_options);
 798          while($post = $db->fetch_array($query))
 799          {
 800              $pids[$post['pid']] = $post['tid'];
 801              $tids[$post['tid']][$post['pid']] = $post['pid'];
 802          }
 803  
 804          if(!empty($pids))
 805          {
 806              $temp_pids = array();
 807  
 808              $group_permissions = forum_permissions();
 809              $permsql = '';
 810              $onlyusfids = array();
 811  
 812              foreach($group_permissions as $fid => $forum_permissions)
 813              {
 814                  if(!empty($forum_permissions['canonlyviewownthreads']))
 815                  {
 816                      $onlyusfids[] = $fid;
 817                  }
 818              }
 819  
 820              if($onlyusfids)
 821              {
 822                  $permsql .= " OR (fid IN(".implode(',', $onlyusfids).") AND uid!={$mybb->user['uid']})";
 823              }
 824              $unsearchforums = get_unsearchable_forums();
 825              if($unsearchforums)
 826              {
 827                  $permsql .= " OR fid IN ($unsearchforums)";
 828              }
 829              $inactiveforums = get_inactive_forums();
 830              if($inactiveforums)
 831              {
 832                  $permsql .= " OR fid IN ($inactiveforums)";
 833              }
 834  
 835              // Check the thread records as well. If we don't have permissions, remove them from the listing.
 836              $query = $db->simple_select("threads", "tid", "tid IN(".$db->escape_string(implode(',', $pids)).") AND ({$unapproved_where}{$permsql} OR closed LIKE 'moved|%')");
 837              while($thread = $db->fetch_array($query))
 838              {
 839                  if(array_key_exists($thread['tid'], $tids) != true)
 840                  {
 841                      $temp_pids = $tids[$thread['tid']];
 842                      foreach($temp_pids as $pid)
 843                      {
 844                          unset($pids[$pid]);
 845                          unset($tids[$thread['tid']]);
 846                      }
 847                  }
 848              }
 849              unset($temp_pids);
 850          }
 851  
 852          // Declare our post count
 853          $postcount = count($pids);
 854  
 855          if(!$postcount)
 856          {
 857              error($lang->error_nosearchresults);
 858          }
 859  
 860          // And now we have our sanatized post list
 861          $search['posts'] = implode(',', array_keys($pids));
 862  
 863          $tids = implode(",", array_keys($tids));
 864  
 865          // Read threads
 866          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 867          {
 868              $query = $db->simple_select("threadsread", "tid, dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$db->escape_string($tids).")");
 869              while($readthread = $db->fetch_array($query))
 870              {
 871                  $readthreads[$readthread['tid']] = $readthread['dateline'];
 872              }
 873          }
 874  
 875          $dot_icon = array();
 876          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] != 0)
 877          {
 878              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$db->escape_string($tids)}) AND {$unapproved_where}");
 879              while($post = $db->fetch_array($query))
 880              {
 881                  $dot_icon[$post['tid']] = true;
 882              }
 883          }
 884  
 885          $results = '';
 886  
 887          $query = $db->query("
 888              SELECT p.*, u.username AS userusername, t.subject AS thread_subject, t.replies AS thread_replies, t.views AS thread_views, t.lastpost AS thread_lastpost, t.closed AS thread_closed, t.uid as thread_uid
 889              FROM ".TABLE_PREFIX."posts p
 890              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 891              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 892              WHERE p.pid IN (".$db->escape_string($search['posts']).")
 893              ORDER BY $sortfield $order
 894              LIMIT $start, $perpage
 895          ");
 896          while($post = $db->fetch_array($query))
 897          {
 898              $bgcolor = alt_trow();
 899              if($post['visible'] == 0)
 900              {
 901                  $bgcolor = 'trow_shaded';
 902              }
 903              elseif($post['visible'] == -1)
 904              {
 905                  $bgcolor = 'trow_shaded trow_deleted';
 906              }
 907              if($post['userusername'])
 908              {
 909                  $post['username'] = $post['userusername'];
 910              }
 911              $post['username'] = htmlspecialchars_uni($post['username']);
 912              $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
 913              $post['subject'] = $parser->parse_badwords($post['subject']);
 914              $post['thread_subject'] = $parser->parse_badwords($post['thread_subject']);
 915              $post['thread_subject'] = htmlspecialchars_uni($post['thread_subject']);
 916  
 917              if(isset($icon_cache[$post['icon']]))
 918              {
 919                  $posticon = $icon_cache[$post['icon']];
 920                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 921                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 922                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 923                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 924              }
 925              else
 926              {
 927                  $icon = "&nbsp;";
 928              }
 929  
 930              $post['forumlink'] = '';
 931              if(!empty($forumcache[$thread['fid']]))
 932              {
 933                  $post['forumlink_link'] = get_forum_link($post['fid']);
 934                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
 935                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
 936              }
 937  
 938              // Determine the folder
 939              $folder = '';
 940              $folder_label = '';
 941              $gotounread = '';
 942              $isnew = 0;
 943              $donenew = 0;
 944              $last_read = 0;
 945              $post['thread_lastread'] = $readthreads[$post['tid']];
 946  
 947              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 948              {
 949                  $forum_read = $readforums[$post['fid']];
 950  
 951                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 952                  if($forum_read == 0 || $forum_read < $read_cutoff)
 953                  {
 954                      $forum_read = $read_cutoff;
 955                  }
 956              }
 957              else
 958              {
 959                  $forum_read = $forumsread[$post['fid']];
 960              }
 961  
 962              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $post['thread_lastpost'] > $forum_read)
 963              {
 964                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 965                  if($post['thread_lastpost'] > $cutoff)
 966                  {
 967                      if($post['thread_lastread'])
 968                      {
 969                          $last_read = $post['thread_lastread'];
 970                      }
 971                      else
 972                      {
 973                          $last_read = 1;
 974                      }
 975                  }
 976              }
 977  
 978              if(isset($dot_icon[$post['tid']]))
 979              {
 980                  $folder = "dot_";
 981                  $folder_label .= $lang->icon_dot;
 982              }
 983  
 984              if(!$last_read)
 985              {
 986                  $readcookie = $threadread = my_get_array_cookie("threadread", $post['tid']);
 987                  if($readcookie > $forum_read)
 988                  {
 989                      $last_read = $readcookie;
 990                  }
 991                  elseif($forum_read > $mybb->user['lastvisit'])
 992                  {
 993                      $last_read = $forum_read;
 994                  }
 995                  else
 996                  {
 997                      $last_read = $mybb->user['lastvisit'];
 998                  }
 999              }
1000  
1001              if($post['thread_lastpost'] > $last_read && $last_read)
1002              {
1003                  $folder .= "new";
1004                  $folder_label .= $lang->icon_new;
1005                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
1006                  $unreadpost = 1;
1007              }
1008              else
1009              {
1010                  $folder_label .= $lang->icon_no_new;
1011              }
1012  
1013              if($post['thread_replies'] >= $mybb->settings['hottopic'] || $post['thread_views'] >= $mybb->settings['hottopicviews'])
1014              {
1015                  $folder .= "hot";
1016                  $folder_label .= $lang->icon_hot;
1017              }
1018              if($post['thread_closed'] == 1)
1019              {
1020                  $folder .= "lock";
1021                  $folder_label .= $lang->icon_lock;
1022              }
1023              $folder .= "folder";
1024  
1025              $post['thread_replies'] = my_number_format($post['thread_replies']);
1026              $post['thread_views'] = my_number_format($post['thread_views']);
1027  
1028              $post['forumlink'] = '';
1029              if($forumcache[$post['fid']])
1030              {
1031                  $post['forumlink_link'] = get_forum_link($post['fid']);
1032                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
1033                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
1034              }
1035  
1036              if(!$post['subject'])
1037              {
1038                  $post['subject'] = $post['message'];
1039              }
1040              if(my_strlen($post['subject']) > 50)
1041              {
1042                  $post['subject'] = htmlspecialchars_uni(my_substr($post['subject'], 0, 50)."...");
1043              }
1044              else
1045              {
1046                  $post['subject'] = htmlspecialchars_uni($post['subject']);
1047              }
1048              // What we do here is parse the post using our post parser, then strip the tags from it
1049              $parser_options = array(
1050                  'allow_html' => 0,
1051                  'allow_mycode' => 1,
1052                  'allow_smilies' => 0,
1053                  'allow_imgcode' => 0,
1054                  'filter_badwords' => 1
1055              );
1056              $post['message'] = strip_tags($parser->parse_message($post['message'], $parser_options));
1057              if(my_strlen($post['message']) > 200)
1058              {
1059                  $prev = my_substr($post['message'], 0, 200)."...";
1060              }
1061              else
1062              {
1063                  $prev = $post['message'];
1064              }
1065              $posted = my_date('relative', $post['dateline']);
1066  
1067              $thread_url = get_thread_link($post['tid']);
1068              $post_url = get_post_link($post['pid'], $post['tid']);
1069  
1070              // Inline post moderation
1071              $inline_mod_checkbox = '';
1072              if($is_supermod || is_moderator($post['fid']))
1073              {
1074                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$post['pid']}|") !== false)
1075                  {
1076                      $inlinecheck = "checked=\"checked\"";
1077                      ++$inlinecount;
1078                  }
1079                  else
1080                  {
1081                      $inlinecheck = '';
1082                  }
1083  
1084                  $show_inline_moderation = true;
1085  
1086                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_inlinecheck")."\";");
1087              }
1088              elseif($is_mod)
1089              {
1090                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_nocheck")."\";");
1091              }
1092  
1093              $plugins->run_hooks("search_results_post");
1094              eval("\$results .= \"".$templates->get("search_results_posts_post")."\";");
1095          }
1096          if(!$results)
1097          {
1098              error($lang->error_nosearchresults);
1099          }
1100          $multipage = multipage($postcount, $perpage, $page, "search.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
1101          if($upper > $postcount)
1102          {
1103              $upper = $postcount;
1104          }
1105  
1106          // Inline Post Moderation Options
1107          if($show_inline_moderation)
1108          {
1109              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
1110  
1111              // If user has moderation tools available, prepare the Select All feature
1112              $num_results = $db->num_rows($query);
1113              $lang->page_selected = $lang->sprintf($lang->page_selected, (int)$num_results);
1114              $lang->select_all = $lang->sprintf($lang->select_all, (int)$postcount);
1115              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$postcount);
1116              eval("\$selectall = \"".$templates->get("search_posts_inlinemoderation_selectall")."\";");
1117  
1118              $customthreadtools = $customposttools = '';
1119              switch($db->type)
1120              {
1121                  case "pgsql":
1122                  case "sqlite":
1123                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
1124                      break;
1125                  default:
1126                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
1127              }
1128  
1129              while($tool = $db->fetch_array($query))
1130              {
1131                  eval("\$customposttools .= \"".$templates->get("search_results_posts_inlinemoderation_custom_tool")."\";");
1132              }
1133              // Build inline moderation dropdown
1134              if(!empty($customposttools))
1135              {
1136                  eval("\$customposttools = \"".$templates->get("search_results_posts_inlinemoderation_custom")."\";");
1137              }
1138              eval("\$inlinemod = \"".$templates->get("search_results_posts_inlinemoderation")."\";");
1139          }
1140          elseif($is_mod)
1141          {
1142              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
1143          }
1144  
1145          $plugins->run_hooks("search_results_end");
1146  
1147          eval("\$searchresults = \"".$templates->get("search_results_posts")."\";");
1148          output_page($searchresults);
1149      }
1150  }
1151  elseif($mybb->input['action'] == "findguest")
1152  {
1153      $where_sql = "uid='0'";
1154  
1155      $unsearchforums = get_unsearchable_forums();
1156      if($unsearchforums)
1157      {
1158          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1159      }
1160      $inactiveforums = get_inactive_forums();
1161      if($inactiveforums)
1162      {
1163          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1164      }
1165  
1166      $permsql = "";
1167      $onlyusfids = array();
1168  
1169      // Check group permissions if we can't view threads not started by us
1170      $group_permissions = forum_permissions();
1171      foreach($group_permissions as $fid => $forum_permissions)
1172      {
1173          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1174          {
1175              $onlyusfids[] = $fid;
1176          }
1177      }
1178      if(!empty($onlyusfids))
1179      {
1180          $where_sql .= " AND fid NOT IN(".implode(',', $onlyusfids).")";
1181      }
1182  
1183      $options = array(
1184          'order_by' => 'dateline',
1185          'order_dir' => 'desc'
1186      );
1187  
1188      // Do we have a hard search limit?
1189      if($mybb->settings['searchhardlimit'] > 0)
1190      {
1191          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1192      }
1193  
1194      $pids = '';
1195      $comma = '';
1196      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1197      while($pid = $db->fetch_field($query, "pid"))
1198      {
1199              $pids .= $comma.$pid;
1200              $comma = ',';
1201      }
1202  
1203      $tids = '';
1204      $comma = '';
1205      $query = $db->simple_select("threads", "tid", $where_sql);
1206      while($tid = $db->fetch_field($query, "tid"))
1207      {
1208              $tids .= $comma.$tid;
1209              $comma = ',';
1210      }
1211  
1212      $sid = md5(uniqid(microtime(), true));
1213      $searcharray = array(
1214          "sid" => $db->escape_string($sid),
1215          "uid" => $mybb->user['uid'],
1216          "dateline" => TIME_NOW,
1217          "ipaddress" => $db->escape_binary($session->packedip),
1218          "threads" => $db->escape_string($tids),
1219          "posts" => $db->escape_string($pids),
1220          "resulttype" => "posts",
1221          "querycache" => '',
1222          "keywords" => ''
1223      );
1224      $plugins->run_hooks("search_do_search_process");
1225      $db->insert_query("searchlog", $searcharray);
1226      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1227  }
1228  elseif($mybb->input['action'] == "finduser")
1229  {
1230      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1231  
1232      $unsearchforums = get_unsearchable_forums();
1233      if($unsearchforums)
1234      {
1235          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1236      }
1237      $inactiveforums = get_inactive_forums();
1238      if($inactiveforums)
1239      {
1240          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1241      }
1242  
1243      $permsql = "";
1244      $onlyusfids = array();
1245  
1246      // Check group permissions if we can't view threads not started by us
1247      $group_permissions = forum_permissions();
1248      foreach($group_permissions as $fid => $forum_permissions)
1249      {
1250          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1251          {
1252              $onlyusfids[] = $fid;
1253          }
1254      }
1255      if(!empty($onlyusfids))
1256      {
1257          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1258      }
1259  
1260      $options = array(
1261          'order_by' => 'dateline',
1262          'order_dir' => 'desc'
1263      );
1264  
1265      // Do we have a hard search limit?
1266      if($mybb->settings['searchhardlimit'] > 0)
1267      {
1268          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1269      }
1270  
1271      $pids = '';
1272      $comma = '';
1273      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1274      while($pid = $db->fetch_field($query, "pid"))
1275      {
1276              $pids .= $comma.$pid;
1277              $comma = ',';
1278      }
1279  
1280      $tids = '';
1281      $comma = '';
1282      $query = $db->simple_select("threads", "tid", $where_sql);
1283      while($tid = $db->fetch_field($query, "tid"))
1284      {
1285              $tids .= $comma.$tid;
1286              $comma = ',';
1287      }
1288  
1289      $sid = md5(uniqid(microtime(), true));
1290      $searcharray = array(
1291          "sid" => $db->escape_string($sid),
1292          "uid" => $mybb->user['uid'],
1293          "dateline" => TIME_NOW,
1294          "ipaddress" => $db->escape_binary($session->packedip),
1295          "threads" => $db->escape_string($tids),
1296          "posts" => $db->escape_string($pids),
1297          "resulttype" => "posts",
1298          "querycache" => '',
1299          "keywords" => ''
1300      );
1301      $plugins->run_hooks("search_do_search_process");
1302      $db->insert_query("searchlog", $searcharray);
1303      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1304  }
1305  elseif($mybb->input['action'] == "finduserthreads")
1306  {
1307      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1308  
1309      $unsearchforums = get_unsearchable_forums();
1310      if($unsearchforums)
1311      {
1312          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1313      }
1314      $inactiveforums = get_inactive_forums();
1315      if($inactiveforums)
1316      {
1317          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1318      }
1319  
1320      $permsql = "";
1321      $onlyusfids = array();
1322  
1323      // Check group permissions if we can't view threads not started by us
1324      $group_permissions = forum_permissions();
1325      foreach($group_permissions as $fid => $forum_permissions)
1326      {
1327          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1328          {
1329              $onlyusfids[] = $fid;
1330          }
1331      }
1332      if(!empty($onlyusfids))
1333      {
1334          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1335      }
1336  
1337      $tids = '';
1338      $comma = '';
1339      $query = $db->simple_select("threads", "tid", $where_sql);
1340      while($tid = $db->fetch_field($query, "tid"))
1341      {
1342              $tids .= $comma.$tid;
1343              $comma = ',';
1344      }
1345  
1346      $sid = md5(uniqid(microtime(), true));
1347      $searcharray = array(
1348          "sid" => $db->escape_string($sid),
1349          "uid" => $mybb->user['uid'],
1350          "dateline" => TIME_NOW,
1351          "ipaddress" => $db->escape_binary($session->packedip),
1352          "threads" => $db->escape_string($tids),
1353          "posts" => '',
1354          "resulttype" => "threads",
1355          "querycache" => $db->escape_string($where_sql),
1356          "keywords" => ''
1357      );
1358      $plugins->run_hooks("search_do_search_process");
1359      $db->insert_query("searchlog", $searcharray);
1360      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1361  }
1362  elseif($mybb->input['action'] == "getnew")
1363  {
1364  
1365      $where_sql = "lastpost >= '".(int)$mybb->user['lastvisit']."'";
1366  
1367      if($mybb->get_input('fid', MyBB::INPUT_INT))
1368      {
1369          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1370      }
1371      else if($mybb->get_input('fids'))
1372      {
1373          $fids = explode(',', $mybb->get_input('fids'));
1374          foreach($fids as $key => $fid)
1375          {
1376              $fids[$key] = (int)$fid;
1377          }
1378  
1379          if(!empty($fids))
1380          {
1381              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1382          }
1383      }
1384  
1385      $unsearchforums = get_unsearchable_forums();
1386      if($unsearchforums)
1387      {
1388          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1389      }
1390      $inactiveforums = get_inactive_forums();
1391      if($inactiveforums)
1392      {
1393          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1394      }
1395  
1396      $permsql = "";
1397      $onlyusfids = array();
1398  
1399      // Check group permissions if we can't view threads not started by us
1400      $group_permissions = forum_permissions();
1401      foreach($group_permissions as $fid => $forum_permissions)
1402      {
1403          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1404          {
1405              $onlyusfids[] = $fid;
1406          }
1407      }
1408      if(!empty($onlyusfids))
1409      {
1410          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1411      }
1412      
1413      $tids = '';
1414      $comma = '';
1415      $query = $db->simple_select("threads", "tid", $where_sql);
1416      while($tid = $db->fetch_field($query, "tid"))
1417      {
1418              $tids .= $comma.$tid;
1419              $comma = ',';
1420      }
1421  
1422      $sid = md5(uniqid(microtime(), true));
1423      $searcharray = array(
1424          "sid" => $db->escape_string($sid),
1425          "uid" => $mybb->user['uid'],
1426          "dateline" => TIME_NOW,
1427          "ipaddress" => $db->escape_binary($session->packedip),
1428          "threads" => $db->escape_string($tids),
1429          "posts" => '',
1430          "resulttype" => "threads",
1431          "querycache" => $db->escape_string($where_sql),
1432          "keywords" => ''
1433      );
1434  
1435      $plugins->run_hooks("search_do_search_process");
1436      $db->insert_query("searchlog", $searcharray);
1437      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1438  }
1439  elseif($mybb->input['action'] == "getdaily")
1440  {
1441      if($mybb->get_input('days', MyBB::INPUT_INT) < 1)
1442      {
1443          $days = 1;
1444      }
1445      else
1446      {
1447          $days = $mybb->get_input('days', MyBB::INPUT_INT);
1448      }
1449      $datecut = TIME_NOW-(86400*$days);
1450  
1451      $where_sql = "lastpost >='".$datecut."'";
1452  
1453      if($mybb->get_input('fid', MyBB::INPUT_INT))
1454      {
1455          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1456      }
1457      else if($mybb->get_input('fids'))
1458      {
1459          $fids = explode(',', $mybb->get_input('fids'));
1460          foreach($fids as $key => $fid)
1461          {
1462              $fids[$key] = (int)$fid;
1463          }
1464  
1465          if(!empty($fids))
1466          {
1467              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1468          }
1469      }
1470  
1471      $unsearchforums = get_unsearchable_forums();
1472      if($unsearchforums)
1473      {
1474          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1475      }
1476      $inactiveforums = get_inactive_forums();
1477      if($inactiveforums)
1478      {
1479          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1480      }
1481  
1482      $permsql = "";
1483      $onlyusfids = array();
1484  
1485      // Check group permissions if we can't view threads not started by us
1486      $group_permissions = forum_permissions();
1487      foreach($group_permissions as $fid => $forum_permissions)
1488      {
1489          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1490          {
1491              $onlyusfids[] = $fid;
1492          }
1493      }
1494      if(!empty($onlyusfids))
1495      {
1496          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1497      }
1498  
1499      $tids = '';
1500      $comma = '';
1501      $query = $db->simple_select("threads", "tid", $where_sql);
1502      while($tid = $db->fetch_field($query, "tid"))
1503      {
1504              $tids .= $comma.$tid;
1505              $comma = ',';
1506      }
1507      
1508      $sid = md5(uniqid(microtime(), true));
1509      $searcharray = array(
1510          "sid" => $db->escape_string($sid),
1511          "uid" => $mybb->user['uid'],
1512          "dateline" => TIME_NOW,
1513          "ipaddress" => $db->escape_binary($session->packedip),
1514          "threads" => $db->escape_string($tids),
1515          "posts" => '',
1516          "resulttype" => "threads",
1517          "querycache" => $db->escape_string($where_sql),
1518          "keywords" => ''
1519      );
1520  
1521      $plugins->run_hooks("search_do_search_process");
1522      $db->insert_query("searchlog", $searcharray);
1523      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1524  }
1525  elseif($mybb->input['action'] == "do_search" && $mybb->request_method == "post")
1526  {
1527      $plugins->run_hooks("search_do_search_start");
1528  
1529      // Check if search flood checking is enabled and user is not admin
1530      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1531      {
1532          // Fetch the time this user last searched
1533          if($mybb->user['uid'])
1534          {
1535              $conditions = "uid='{$mybb->user['uid']}'";
1536          }
1537          else
1538          {
1539              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1540          }
1541          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1542          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1543          $last_search = $db->fetch_array($query);
1544          // Users last search was within the flood time, show the error
1545          if($last_search['sid'])
1546          {
1547              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1548              if($remaining_time == 1)
1549              {
1550                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1551              }
1552              else
1553              {
1554                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1555              }
1556              error($lang->error_searchflooding);
1557          }
1558      }
1559      if($mybb->get_input('showresults') == "threads")
1560      {
1561          $resulttype = "threads";
1562      }
1563      else
1564      {
1565          $resulttype = "posts";
1566      }
1567  
1568      $search_data = array(
1569          "keywords" => $mybb->input['keywords'],
1570          "author" => $mybb->get_input('author'),
1571          "postthread" => $mybb->get_input('postthread', MyBB::INPUT_INT),
1572          "matchusername" => $mybb->get_input('matchusername', MyBB::INPUT_INT),
1573          "postdate" => $mybb->get_input('postdate', MyBB::INPUT_INT),
1574          "pddir" => $mybb->get_input('pddir', MyBB::INPUT_INT),
1575          "forums" => $mybb->input['forums'],
1576          "findthreadst" => $mybb->get_input('findthreadst', MyBB::INPUT_INT),
1577          "numreplies" => $mybb->get_input('numreplies', MyBB::INPUT_INT),
1578          "threadprefix" => $mybb->get_input('threadprefix', MyBB::INPUT_ARRAY)
1579      );
1580  
1581      if(is_moderator() && !empty($mybb->input['visible']))
1582      {
1583          $search_data['visible'] = $mybb->get_input('visible', MyBB::INPUT_INT);
1584      }
1585  
1586      if($db->can_search == true)
1587      {
1588          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1589          {
1590              $search_results = perform_search_mysql_ft($search_data);
1591          }
1592          else
1593          {
1594              $search_results = perform_search_mysql($search_data);
1595          }
1596      }
1597      else
1598      {
1599          error($lang->error_no_search_support);
1600      }
1601      $sid = md5(uniqid(microtime(), true));
1602      $searcharray = array(
1603          "sid" => $db->escape_string($sid),
1604          "uid" => $mybb->user['uid'],
1605          "dateline" => $now,
1606          "ipaddress" => $db->escape_binary($session->packedip),
1607          "threads" => $search_results['threads'],
1608          "posts" => $search_results['posts'],
1609          "resulttype" => $resulttype,
1610          "querycache" => $search_results['querycache'],
1611          "keywords" => $db->escape_string($mybb->input['keywords']),
1612      );
1613      $plugins->run_hooks("search_do_search_process");
1614  
1615      $db->insert_query("searchlog", $searcharray);
1616  
1617      if(my_strtolower($mybb->get_input('sortordr')) == "asc" || my_strtolower($mybb->get_input('sortordr') == "desc"))
1618      {
1619          $sortorder = $mybb->get_input('sortordr');
1620      }
1621      else
1622      {
1623          $sortorder = "desc";
1624      }
1625      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
1626      $plugins->run_hooks("search_do_search_end");
1627      redirect("search.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
1628  }
1629  else if($mybb->input['action'] == "thread")
1630  {
1631      // Fetch thread info
1632      $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
1633      $ismod = is_moderator($thread['fid']);
1634  
1635      if(!$thread || ($thread['visible'] != 1 && $ismod == false && ($thread['visible'] != -1 || $mybb->settings['soft_delete'] != 1 || !$mybb->user['uid'] || $mybb->user['uid'] != $thread['uid'])) || ($thread['visible'] > 1 && $ismod == true))
1636      {
1637          error($lang->error_invalidthread);
1638      }
1639  
1640      // Get forum info
1641      $forum = get_forum($thread['fid']);
1642      if(!$forum)
1643      {
1644          error($lang->error_invalidforum);
1645      }
1646  
1647      $forum_permissions = forum_permissions($forum['fid']);
1648  
1649      if($forum['open'] == 0 || $forum['type'] != "f")
1650      {
1651          error($lang->error_closedinvalidforum);
1652      }
1653      if($forum_permissions['canview'] == 0 || $forum_permissions['canviewthreads'] != 1 || (isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1654      {
1655          error_no_permission();
1656      }
1657  
1658      $plugins->run_hooks("search_thread_start");
1659  
1660      // Check if search flood checking is enabled and user is not admin
1661      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1662      {
1663          // Fetch the time this user last searched
1664          if($mybb->user['uid'])
1665          {
1666              $conditions = "uid='{$mybb->user['uid']}'";
1667          }
1668          else
1669          {
1670              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1671          }
1672          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1673          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1674          $last_search = $db->fetch_array($query);
1675  
1676          // We shouldn't show remaining time if time is 0 or under.
1677          $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1678          // Users last search was within the flood time, show the error.
1679          if($last_search['sid'] && $remaining_time > 0)
1680          {
1681              if($remaining_time == 1)
1682              {
1683                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1684              }
1685              else
1686              {
1687                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1688              }
1689              error($lang->error_searchflooding);
1690          }
1691      }
1692  
1693      $search_data = array(
1694          "keywords" => $mybb->input['keywords'],
1695          "postthread" => 1,
1696          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT)
1697      );
1698  
1699      if($db->can_search == true)
1700      {
1701          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1702          {
1703              $search_results = perform_search_mysql_ft($search_data);
1704          }
1705          else
1706          {
1707              $search_results = perform_search_mysql($search_data);
1708          }
1709      }
1710      else
1711      {
1712          error($lang->error_no_search_support);
1713      }
1714      $sid = md5(uniqid(microtime(), true));
1715      $searcharray = array(
1716          "sid" => $db->escape_string($sid),
1717          "uid" => $mybb->user['uid'],
1718          "dateline" => $now,
1719          "ipaddress" => $db->escape_binary($session->packedip),
1720          "threads" => $search_results['threads'],
1721          "posts" => $search_results['posts'],
1722          "resulttype" => 'posts',
1723          "querycache" => $search_results['querycache'],
1724          "keywords" => $db->escape_string($mybb->input['keywords'])
1725      );
1726      $plugins->run_hooks("search_thread_process");
1727  
1728      $db->insert_query("searchlog", $searcharray);
1729  
1730      $plugins->run_hooks("search_do_search_end");
1731      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1732  }
1733  else
1734  {
1735      $plugins->run_hooks("search_start");
1736      $srchlist = make_searchable_forums();
1737      $prefixselect = build_prefix_select('all', 'any', 1);
1738  
1739      $rowspan = 5;
1740  
1741      $moderator_options = '';
1742      if(is_moderator())
1743      {
1744          $rowspan += 2;
1745          eval("\$moderator_options = \"".$templates->get("search_moderator_options")."\";");
1746      }
1747  
1748      $plugins->run_hooks("search_end");
1749  
1750      eval("\$search = \"".$templates->get("search")."\";");
1751      output_page($search);
1752  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1