[ Index ]

PHP Cross Reference of MyBB 1.8.26

title

Body

[close]

/ -> search.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'search.php');
  14  
  15  $templatelist = "search,forumdisplay_thread_gotounread,search_results_threads_thread,search_results_threads,search_results_posts,search_results_posts_post,search_results_icon,search_forumlist_forum,search_forumlist";
  16  $templatelist .= ",multipage,multipage_breadcrumb,multipage_end,multipage_jump_page,multipage_nextpage,multipage_page,multipage_page_current,multipage_page_link_current,multipage_prevpage,multipage_start";
  17  $templatelist .= ",search_results_posts_inlinecheck,search_results_posts_nocheck,search_results_threads_inlinecheck,search_results_threads_nocheck,search_results_inlinemodcol,search_results_inlinemodcol_empty,search_results_posts_inlinemoderation_custom_tool";
  18  $templatelist .= ",search_results_posts_inlinemoderation_custom,search_results_posts_inlinemoderation,search_results_threads_inlinemoderation_custom_tool,search_results_threads_inlinemoderation_custom,search_results_threads_inlinemoderation";
  19  $templatelist .= ",forumdisplay_thread_attachment_count,search_threads_inlinemoderation_selectall,search_posts_inlinemoderation_selectall,post_prefixselect_prefix,post_prefixselect_multiple,search_orderarrow";
  20  $templatelist .= ",search_results_posts_forumlink,search_results_threads_forumlink,forumdisplay_thread_multipage_more,forumdisplay_thread_multipage_page,forumdisplay_thread_multipage,search_moderator_options";
  21  
  22  require_once  "./global.php";
  23  require_once  MYBB_ROOT."inc/functions_post.php";
  24  require_once  MYBB_ROOT."inc/functions_search.php";
  25  require_once  MYBB_ROOT."inc/class_parser.php";
  26  $parser = new postParser;
  27  
  28  // Load global language phrases
  29  $lang->load("search");
  30  
  31  add_breadcrumb($lang->nav_search, "search.php");
  32  
  33  $mybb->input['action'] = $mybb->get_input('action');
  34  switch($mybb->input['action'])
  35  {
  36      case "results":
  37          add_breadcrumb($lang->nav_results);
  38          break;
  39      default:
  40          break;
  41  }
  42  
  43  if($mybb->usergroup['cansearch'] == 0)
  44  {
  45      error_no_permission();
  46  }
  47  
  48  $now = TIME_NOW;
  49  $mybb->input['keywords'] = trim($mybb->get_input('keywords'));
  50  
  51  $limitsql = "";
  52  if((int)$mybb->settings['searchhardlimit'] > 0)
  53  {
  54      $limitsql = "LIMIT ".(int)$mybb->settings['searchhardlimit'];
  55  }
  56  
  57  if($mybb->input['action'] == "results")
  58  {
  59      $sid = $db->escape_string($mybb->get_input('sid'));
  60      $query = $db->simple_select("searchlog", "*", "sid='$sid'");
  61      $search = $db->fetch_array($query);
  62  
  63      if(!$search['sid'])
  64      {
  65          error($lang->error_invalidsearch);
  66      }
  67  
  68      $plugins->run_hooks("search_results_start");
  69  
  70      // Decide on our sorting fields and sorting order.
  71      $order = my_strtolower(htmlspecialchars_uni($mybb->get_input('order')));
  72      $sortby = my_strtolower(htmlspecialchars_uni($mybb->get_input('sortby')));
  73  
  74      switch($sortby)
  75      {
  76          case "replies":
  77              $sortfield = "t.replies";
  78              break;
  79          case "views":
  80              $sortfield = "t.views";
  81              break;
  82          case "subject":
  83              if($search['resulttype'] == "threads")
  84              {
  85                  $sortfield = "t.subject";
  86              }
  87              else
  88              {
  89                  $sortfield = "p.subject";
  90              }
  91              break;
  92          case "forum":
  93              $sortfield = "f.name";
  94              break;
  95          case "starter":
  96              if($search['resulttype'] == "threads")
  97              {
  98                  $sortfield = "t.username";
  99              }
 100              else
 101              {
 102                  $sortfield = "p.username";
 103              }
 104              break;
 105          case "lastpost":
 106          default:
 107              if($search['resulttype'] == "threads")
 108              {
 109                  $sortfield = "t.lastpost";
 110                  $sortby = "lastpost";
 111              }
 112              else
 113              {
 114                  $sortfield = "p.dateline";
 115                  $sortby = "dateline";
 116              }
 117              break;
 118      }
 119  
 120      if($order != "asc")
 121      {
 122          $order = "desc";
 123          $oppsortnext = "asc";
 124          $oppsort = $lang->asc;
 125      }
 126      else
 127      {
 128          $oppsortnext = "desc";
 129          $oppsort = $lang->desc;
 130      }
 131  
 132      if(!$mybb->settings['threadsperpage'] || (int)$mybb->settings['threadsperpage'] < 1)
 133      {
 134          $mybb->settings['threadsperpage'] = 20;
 135      }
 136  
 137      // Work out pagination, which page we're at, as well as the limits.
 138      $perpage = $mybb->settings['threadsperpage'];
 139      $page = $mybb->get_input('page');
 140      if($page > 0)
 141      {
 142          $start = ($page-1) * $perpage;
 143      }
 144      else
 145      {
 146          $start = 0;
 147          $page = 1;
 148      }
 149      $end = $start + $perpage;
 150      $lower = $start+1;
 151      $upper = $end;
 152  
 153      // Work out if we have terms to highlight
 154      $highlight = "";
 155      if($search['keywords'])
 156      {
 157          if($mybb->seo_support == true)
 158          {
 159              $highlight = "?highlight=".urlencode($search['keywords']);
 160          }
 161          else
 162          {
 163              $highlight = "&amp;highlight=".urlencode($search['keywords']);
 164          }
 165      }
 166  
 167      $sorturl = "search.php?action=results&amp;sid={$sid}";
 168      $thread_url = "";
 169      $post_url = "";
 170  
 171      $orderarrow = array('replies' => '', 'views' => '', 'subject' => '', 'forum' => '', 'starter' => '', 'lastpost' => '', 'dateline' => '');
 172  
 173      eval("\$orderarrow['$sortby'] = \"".$templates->get("search_orderarrow")."\";");
 174  
 175      // Read some caches we will be using
 176      $forumcache = $cache->read("forums");
 177      $icon_cache = $cache->read("posticons");
 178  
 179      $threads = array();
 180  
 181      if($mybb->user['uid'] == 0)
 182      {
 183          // Build a forum cache.
 184          $query = $db->query("
 185              SELECT fid
 186              FROM ".TABLE_PREFIX."forums
 187              WHERE active != 0
 188              ORDER BY pid, disporder
 189          ");
 190  
 191          $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
 192      }
 193      else
 194      {
 195          // Build a forum cache.
 196          $query = $db->query("
 197              SELECT f.fid, fr.dateline AS lastread
 198              FROM ".TABLE_PREFIX."forums f
 199              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
 200              WHERE f.active != 0
 201              ORDER BY pid, disporder
 202          ");
 203      }
 204  
 205      while($forum = $db->fetch_array($query))
 206      {
 207          if($mybb->user['uid'] == 0)
 208          {
 209              if($forumsread[$forum['fid']])
 210              {
 211                  $forum['lastread'] = $forumsread[$forum['fid']];
 212              }
 213          }
 214          $readforums[$forum['fid']] = $forum['lastread'];
 215      }
 216      $fpermissions = forum_permissions();
 217  
 218      // Inline Mod Column for moderators
 219      $inlinemodcol = $inlinecookie = '';
 220      $is_mod = $is_supermod = $show_inline_moderation = false;
 221      if($mybb->usergroup['issupermod'])
 222      {
 223          $is_supermod = true;
 224      }
 225      if($is_supermod || is_moderator())
 226      {
 227          $inlinecookie = "inlinemod_search".$sid;
 228          $inlinecount = 0;
 229          $is_mod = true;
 230          $return_url = 'search.php?'.htmlspecialchars_uni($_SERVER['QUERY_STRING']);
 231      }
 232  
 233      // Show search results as 'threads'
 234      if($search['resulttype'] == "threads")
 235      {
 236          $threadcount = 0;
 237  
 238          // Moderators can view unapproved threads and deleted threads from forums they moderate
 239          $unapproved_where_t = get_visible_where('t');
 240  
 241          // If we have saved WHERE conditions, execute them
 242          if($search['querycache'] != "")
 243          {
 244              $where_conditions = $search['querycache'];
 245              $query = $db->simple_select("threads t", "t.tid", $where_conditions. " AND ({$unapproved_where_t}) AND t.closed NOT LIKE 'moved|%' ORDER BY t.lastpost DESC {$limitsql}");
 246              while($thread = $db->fetch_array($query))
 247              {
 248                  $threads[$thread['tid']] = $thread['tid'];
 249                  $threadcount++;
 250              }
 251              // Build our list of threads.
 252              if($threadcount > 0)
 253              {
 254                  $search['threads'] = implode(",", $threads);
 255              }
 256              // No results.
 257              else
 258              {
 259                  error($lang->error_nosearchresults);
 260              }
 261              $where_conditions = "t.tid IN (".$search['threads'].")";
 262          }
 263          // This search doesn't use a query cache, results stored in search table.
 264          else
 265          {
 266              $where_conditions = "t.tid IN (".$search['threads'].")";
 267              $query = $db->simple_select("threads t", "COUNT(t.tid) AS resultcount", $where_conditions. " AND ({$unapproved_where_t}) AND t.closed NOT LIKE 'moved|%' {$limitsql}");
 268              $count = $db->fetch_array($query);
 269  
 270              if(!$count['resultcount'])
 271              {
 272                  error($lang->error_nosearchresults);
 273              }
 274              $threadcount = $count['resultcount'];
 275          }
 276  
 277          $permsql = "";
 278          $onlyusfids = array();
 279  
 280          // Check group permissions if we can't view threads not started by us
 281          $group_permissions = forum_permissions();
 282          foreach($group_permissions as $fid => $forum_permissions)
 283          {
 284              if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 285              {
 286                  $onlyusfids[] = $fid;
 287              }
 288          }
 289          if(!empty($onlyusfids))
 290          {
 291              $permsql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 292          }
 293  
 294          $unsearchforums = get_unsearchable_forums();
 295          if($unsearchforums)
 296          {
 297              $permsql .= " AND t.fid NOT IN ($unsearchforums)";
 298          }
 299          $inactiveforums = get_inactive_forums();
 300          if($inactiveforums)
 301          {
 302              $permsql .= " AND t.fid NOT IN ($inactiveforums)";
 303          }
 304  
 305          $pages = ceil($threadcount / $perpage);
 306          if($page > $pages)
 307          {
 308              $start = 0;
 309              $page = 1;
 310          }
 311  
 312          // Begin selecting matching threads, cache them.
 313          $sqlarray = array(
 314              'order_by' => $sortfield,
 315              'order_dir' => $order,
 316              'limit_start' => $start,
 317              'limit' => $perpage
 318          );
 319          $query = $db->query("
 320              SELECT t.*, u.username AS userusername
 321              FROM ".TABLE_PREFIX."threads t
 322              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
 323              LEFT JOIN ".TABLE_PREFIX."forums f ON (t.fid=f.fid)
 324              WHERE $where_conditions AND ({$unapproved_where_t}) {$permsql} AND t.closed NOT LIKE 'moved|%'
 325              ORDER BY $sortfield $order
 326              LIMIT $start, $perpage
 327          ");
 328  
 329          $threadprefixes = build_prefixes();
 330          $thread_cache = array();
 331          while($thread = $db->fetch_array($query))
 332          {
 333              $thread['threadprefix'] = '';
 334              if($thread['prefix'] && !empty($threadprefixes[$thread['prefix']]))
 335              {
 336                  $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'];
 337              }
 338              $thread_cache[$thread['tid']] = $thread;
 339          }
 340          $thread_ids = implode(",", array_keys($thread_cache));
 341  
 342          if(empty($thread_ids))
 343          {
 344              error($lang->error_nosearchresults);
 345          }
 346  
 347          // Fetch dot icons if enabled
 348          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] && $thread_cache)
 349          {
 350              $unapproved_where_p = str_replace('t.', '', $unapproved_where_t);
 351              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$thread_ids}) AND ({$unapproved_where_p})");
 352              while($thread = $db->fetch_array($query))
 353              {
 354                  $thread_cache[$thread['tid']]['dot_icon'] = 1;
 355              }
 356          }
 357  
 358          // Fetch the read threads.
 359          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 360          {
 361              $query = $db->simple_select("threadsread", "tid,dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$thread_ids.")");
 362              while($readthread = $db->fetch_array($query))
 363              {
 364                  $thread_cache[$readthread['tid']]['lastread'] = $readthread['dateline'];
 365              }
 366          }
 367  
 368          if(!$mybb->settings['maxmultipagelinks'])
 369          {
 370              $mybb->settings['maxmultipagelinks'] = 5;
 371          }
 372  
 373          $results = '';
 374  
 375          foreach($thread_cache as $thread)
 376          {
 377              $bgcolor = alt_trow();
 378              $folder = '';
 379              $prefix = '';
 380  
 381              // Unapproved colour
 382              if($thread['visible'] == 0)
 383              {
 384                  $bgcolor = 'trow_shaded';
 385              }
 386              elseif($thread['visible'] == -1)
 387              {
 388                  $bgcolor = 'trow_shaded trow_deleted';
 389              }
 390  
 391              if($thread['userusername'])
 392              {
 393                  $thread['username'] = $thread['userusername'];
 394              }
 395              $thread['username'] = htmlspecialchars_uni($thread['username']);
 396              $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
 397  
 398              // If this thread has a prefix, insert a space between prefix and subject
 399              if($thread['prefix'] != 0)
 400              {
 401                  $thread['threadprefix'] .= '&nbsp;';
 402              }
 403  
 404              $thread['subject'] = $parser->parse_badwords($thread['subject']);
 405              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
 406  
 407              if(isset($icon_cache[$thread['icon']]))
 408              {
 409                  $posticon = $icon_cache[$thread['icon']];
 410                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 411                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 412                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 413                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 414              }
 415              else
 416              {
 417                  $icon = "&nbsp;";
 418              }
 419              if($thread['poll'])
 420              {
 421                  $prefix = $lang->poll_prefix;
 422              }
 423  
 424              // Determine the folder
 425              $folder = '';
 426              $folder_label = '';
 427              if(isset($thread['dot_icon']))
 428              {
 429                  $folder = "dot_";
 430                  $folder_label .= $lang->icon_dot;
 431              }
 432              $gotounread = '';
 433              $isnew = 0;
 434              $donenew = 0;
 435              $last_read = 0;
 436  
 437              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 438              {
 439                  $forum_read = $readforums[$thread['fid']];
 440  
 441                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 442                  if($forum_read == 0 || $forum_read < $read_cutoff)
 443                  {
 444                      $forum_read = $read_cutoff;
 445                  }
 446              }
 447              else
 448              {
 449                  $forum_read = $forumsread[$thread['fid']];
 450              }
 451  
 452              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $thread['lastpost'] > $forum_read)
 453              {
 454                  if($thread['lastread'])
 455                  {
 456                      $last_read = $thread['lastread'];
 457                  }
 458                  else
 459                  {
 460                      $last_read = $read_cutoff;
 461                  }
 462              }
 463              else
 464              {
 465                  $last_read = my_get_array_cookie("threadread", $thread['tid']);
 466              }
 467  
 468              if($forum_read > $last_read)
 469              {
 470                  $last_read = $forum_read;
 471              }
 472  
 473              if($thread['lastpost'] > $last_read && $last_read)
 474              {
 475                  $folder .= "new";
 476                  $new_class = "subject_new";
 477                  $folder_label .= $lang->icon_new;
 478                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost").$highlight;
 479                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 480                  $unreadpost = 1;
 481              }
 482              else
 483              {
 484                  $new_class = 'subject_old';
 485                  $folder_label .= $lang->icon_no_new;
 486              }
 487  
 488              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
 489              {
 490                  $folder .= "hot";
 491                  $folder_label .= $lang->icon_hot;
 492              }
 493              if($thread['closed'] == 1)
 494              {
 495                  $folder .= "close";
 496                  $folder_label .= $lang->icon_close;
 497              }
 498              $folder .= "folder";
 499  
 500              if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 501              {
 502                  $mybb->settings['postsperpage'] = 20;
 503              }
 504  
 505              $thread['pages'] = 0;
 506              $thread['multipage'] = '';
 507              $threadpages = '';
 508              $morelink = '';
 509              $thread['posts'] = $thread['replies'] + 1;
 510              if(is_moderator($thread['fid'], "canviewdeleted") == true || is_moderator($thread['fid'], "canviewunapprove") == true)
 511              {
 512                  if(is_moderator($thread['fid'], "canviewdeleted") == true)
 513                  {
 514                      $thread['posts'] += $thread['deletedposts'];
 515                  }
 516                  if(is_moderator($thread['fid'], "canviewunapprove") == true)
 517                  {
 518                      $thread['posts'] += $thread['unapprovedposts'];
 519                  }
 520              }
 521              elseif($group_permissions[$thread['fid']]['canviewdeletionnotice'] != 0)
 522              {
 523                  $thread['posts'] += $thread['deletedposts'];
 524              }
 525  
 526              if($thread['posts'] > $mybb->settings['postsperpage'])
 527              {
 528                  $thread['pages'] = $thread['posts'] / $mybb->settings['postsperpage'];
 529                  $thread['pages'] = ceil($thread['pages']);
 530                  if($thread['pages'] > $mybb->settings['maxmultipagelinks'])
 531                  {
 532                      $pagesstop = $mybb->settings['maxmultipagelinks'] - 1;
 533                      $page_link = get_thread_link($thread['tid'], $thread['pages']).$highlight;
 534                      eval("\$morelink = \"".$templates->get("forumdisplay_thread_multipage_more")."\";");
 535                  }
 536                  else
 537                  {
 538                      $pagesstop = $thread['pages'];
 539                  }
 540                  for($i = 1; $i <= $pagesstop; ++$i)
 541                  {
 542                      $page_link = get_thread_link($thread['tid'], $i).$highlight;
 543                      eval("\$threadpages .= \"".$templates->get("forumdisplay_thread_multipage_page")."\";");
 544                  }
 545                  eval("\$thread['multipage'] = \"".$templates->get("forumdisplay_thread_multipage")."\";");
 546              }
 547              else
 548              {
 549                  $threadpages = '';
 550                  $morelink = '';
 551                  $thread['multipage'] = '';
 552              }
 553              $lastpostdate = my_date('relative', $thread['lastpost']);
 554              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
 555              $lastposteruid = $thread['lastposteruid'];
 556              if(!$lastposteruid && !$thread['lastposter'])
 557              {
 558                  $lastposter = htmlspecialchars_uni($lang->guest);
 559              }
 560              else
 561              {
 562                  $lastposter = htmlspecialchars_uni($thread['lastposter']);
 563              }
 564              $thread_link = get_thread_link($thread['tid']);
 565  
 566              // Don't link to guest's profiles (they have no profile).
 567              if($lastposteruid == 0)
 568              {
 569                  $lastposterlink = $lastposter;
 570              }
 571              else
 572              {
 573                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
 574              }
 575  
 576              $thread['replies'] = my_number_format($thread['replies']);
 577              $thread['views'] = my_number_format($thread['views']);
 578  
 579              $thread['forumlink'] = '';
 580              if($forumcache[$thread['fid']])
 581              {
 582                  $thread['forumlink_link'] = get_forum_link($thread['fid']);
 583                  $thread['forumlink_name'] = $forumcache[$thread['fid']]['name'];
 584                  eval("\$thread['forumlink'] = \"".$templates->get("search_results_threads_forumlink")."\";");
 585              }
 586  
 587              // If this user is the author of the thread and it is not closed or they are a moderator, they can edit
 588              if(($thread['uid'] == $mybb->user['uid'] && $thread['closed'] != 1 && $mybb->user['uid'] != 0 && $fpermissions[$thread['fid']]['caneditposts'] == 1) || is_moderator($thread['fid'], "caneditposts"))
 589              {
 590                  $inline_edit_class = "subject_editable";
 591              }
 592              else
 593              {
 594                  $inline_edit_class = "";
 595              }
 596  
 597              // If this thread has 1 or more attachments show the papperclip
 598              if($mybb->settings['enableattachments'] == 1 && $thread['attachmentcount'] > 0)
 599              {
 600                  if($thread['attachmentcount'] > 1)
 601                  {
 602                      $attachment_count = $lang->sprintf($lang->attachment_count_multiple, $thread['attachmentcount']);
 603                  }
 604                  else
 605                  {
 606                      $attachment_count = $lang->attachment_count;
 607                  }
 608  
 609                  eval("\$attachment_count = \"".$templates->get("forumdisplay_thread_attachment_count")."\";");
 610              }
 611              else
 612              {
 613                  $attachment_count = '';
 614              }
 615  
 616              $inline_edit_tid = $thread['tid'];
 617  
 618              // Inline thread moderation
 619              $inline_mod_checkbox = '';
 620              if($is_supermod || is_moderator($thread['fid']))
 621              {
 622                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$thread['tid']}|") !== false)
 623                  {
 624                      $inlinecheck = "checked=\"checked\"";
 625                      ++$inlinecount;
 626                  }
 627                  else
 628                  {
 629                      $inlinecheck = '';
 630                  }
 631  
 632                  // If this user is allowed to use the inline moderation tools for at least one thread, include the necessary scripts
 633                  $show_inline_moderation = true;
 634  
 635                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_inlinecheck")."\";");
 636              }
 637              elseif($is_mod)
 638              {
 639                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_nocheck")."\";");
 640              }
 641  
 642              $plugins->run_hooks("search_results_thread");
 643              eval("\$results .= \"".$templates->get("search_results_threads_thread")."\";");
 644          }
 645          if(!$results)
 646          {
 647              error($lang->error_nosearchresults);
 648          }
 649          $multipage = multipage($threadcount, $perpage, $page, "search.php?action=results&amp;sid=$sid&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
 650          if($upper > $threadcount)
 651          {
 652              $upper = $threadcount;
 653          }
 654  
 655          // Inline Thread Moderation Options
 656          if($show_inline_moderation)
 657          {
 658              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
 659  
 660              // If user has moderation tools available, prepare the Select All feature
 661              $lang->page_selected = $lang->sprintf($lang->page_selected, count($thread_cache));
 662              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$threadcount);
 663              $lang->select_all = $lang->sprintf($lang->select_all, (int)$threadcount);
 664              eval("\$selectall = \"".$templates->get("search_threads_inlinemoderation_selectall")."\";");
 665  
 666              $customthreadtools = '';
 667              switch($db->type)
 668              {
 669                  case "pgsql":
 670                  case "sqlite":
 671                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
 672                      break;
 673                  default:
 674                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
 675              }
 676  
 677              while($tool = $db->fetch_array($query))
 678              {
 679                  $tool['name'] = htmlspecialchars_uni($tool['name']);
 680                  eval("\$customthreadtools .= \"".$templates->get("search_results_threads_inlinemoderation_custom_tool")."\";");
 681              }
 682              // Build inline moderation dropdown
 683              if(!empty($customthreadtools))
 684              {
 685                  eval("\$customthreadtools = \"".$templates->get("search_results_threads_inlinemoderation_custom")."\";");
 686              }
 687              eval("\$inlinemod = \"".$templates->get("search_results_threads_inlinemoderation")."\";");
 688          }
 689          elseif($is_mod)
 690          {
 691              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
 692          }
 693  
 694          $plugins->run_hooks("search_results_end");
 695  
 696          eval("\$searchresults = \"".$templates->get("search_results_threads")."\";");
 697          output_page($searchresults);
 698      }
 699      else // Displaying results as posts
 700      {
 701          if(!$search['posts'])
 702          {
 703              error($lang->error_nosearchresults);
 704          }
 705  
 706          $postcount = 0;
 707  
 708          // Moderators can view unapproved threads and deleted threads from forums they moderate
 709          $unapproved_where = get_visible_where();
 710  
 711          $post_cache_options = array();
 712          if((int)$mybb->settings['searchhardlimit'] > 0)
 713          {
 714              $post_cache_options['limit'] = (int)$mybb->settings['searchhardlimit'];
 715          }
 716  
 717          if(strpos($sortfield, 'p.') !== false)
 718          {
 719              $post_cache_options['order_by'] = str_replace('p.', '', $sortfield);
 720              $post_cache_options['order_dir'] = $order;
 721          }
 722  
 723          $tids = array();
 724          $pids = array();
 725          // Make sure the posts we're viewing we have permission to view.
 726          $query = $db->simple_select("posts", "pid, tid", "pid IN(".$db->escape_string($search['posts']).") AND ({$unapproved_where})", $post_cache_options);
 727          while($post = $db->fetch_array($query))
 728          {
 729              $pids[$post['pid']] = $post['tid'];
 730              $tids[$post['tid']][$post['pid']] = $post['pid'];
 731          }
 732  
 733          if(!empty($pids))
 734          {
 735              $temp_pids = array();
 736  
 737              $group_permissions = forum_permissions();
 738              $permsql = '';
 739              $onlyusfids = array();
 740  
 741              foreach($group_permissions as $fid => $forum_permissions)
 742              {
 743                  if(!empty($forum_permissions['canonlyviewownthreads']))
 744                  {
 745                      $onlyusfids[] = $fid;
 746                  }
 747              }
 748  
 749              if($onlyusfids)
 750              {
 751                  $permsql .= " OR (fid IN(".implode(',', $onlyusfids).") AND uid!={$mybb->user['uid']})";
 752              }
 753              $unsearchforums = get_unsearchable_forums();
 754              if($unsearchforums)
 755              {
 756                  $permsql .= " OR fid IN ($unsearchforums)";
 757              }
 758              $inactiveforums = get_inactive_forums();
 759              if($inactiveforums)
 760              {
 761                  $permsql .= " OR fid IN ($inactiveforums)";
 762              }
 763  
 764              // Find threads in our list that we don't have permission to view and remove them
 765              $query = $db->simple_select("threads", "tid", "tid IN(".$db->escape_string(implode(',', array_keys($tids))).") AND (NOT ({$unapproved_where}){$permsql} OR closed LIKE 'moved|%')");
 766              while($thread = $db->fetch_array($query))
 767              {
 768                  if(array_key_exists($thread['tid'], $tids))
 769                  {
 770                      $temp_pids = $tids[$thread['tid']];
 771                      foreach($temp_pids as $pid)
 772                      {
 773                          unset($pids[$pid]);
 774                          unset($tids[$thread['tid']]);
 775                      }
 776                      unset($tids[$thread['tid']]);
 777                  }
 778              }
 779              unset($temp_pids);
 780          }
 781  
 782          // Declare our post count
 783          $postcount = count($pids);
 784  
 785          if(!$postcount)
 786          {
 787              error($lang->error_nosearchresults);
 788          }
 789  
 790          // And now we have our sanatized post list
 791          $search['posts'] = implode(',', array_keys($pids));
 792  
 793          $tids = implode(",", array_keys($tids));
 794  
 795          // Read threads
 796          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 797          {
 798              $query = $db->simple_select("threadsread", "tid, dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$db->escape_string($tids).")");
 799              while($readthread = $db->fetch_array($query))
 800              {
 801                  $readthreads[$readthread['tid']] = $readthread['dateline'];
 802              }
 803          }
 804  
 805          $dot_icon = array();
 806          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] != 0)
 807          {
 808              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='{$mybb->user['uid']}' AND tid IN({$db->escape_string($tids)}) AND ({$unapproved_where})");
 809              while($post = $db->fetch_array($query))
 810              {
 811                  $dot_icon[$post['tid']] = true;
 812              }
 813          }
 814  
 815          $results = '';
 816  
 817          $pages = ceil($postcount / $perpage);
 818          if($page > $pages)
 819          {
 820              $start = 0;
 821              $page = 1;
 822          }
 823  
 824          $query = $db->query("
 825              SELECT p.*, u.username AS userusername, t.subject AS thread_subject, t.replies AS thread_replies, t.views AS thread_views, t.lastpost AS thread_lastpost, t.closed AS thread_closed, t.uid as thread_uid
 826              FROM ".TABLE_PREFIX."posts p
 827              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 828              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 829              LEFT JOIN ".TABLE_PREFIX."forums f ON (t.fid=f.fid)
 830              WHERE p.pid IN (".$db->escape_string($search['posts']).")
 831              ORDER BY $sortfield $order
 832              LIMIT $start, $perpage
 833          ");
 834          while($post = $db->fetch_array($query))
 835          {
 836              $bgcolor = alt_trow();
 837              if($post['visible'] == 0)
 838              {
 839                  $bgcolor = 'trow_shaded';
 840              }
 841              elseif($post['visible'] == -1)
 842              {
 843                  $bgcolor = 'trow_shaded trow_deleted';
 844              }
 845              if($post['userusername'])
 846              {
 847                  $post['username'] = $post['userusername'];
 848              }
 849              $post['username'] = htmlspecialchars_uni($post['username']);
 850              $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
 851              $post['subject'] = $parser->parse_badwords($post['subject']);
 852              $post['thread_subject'] = $parser->parse_badwords($post['thread_subject']);
 853              $post['thread_subject'] = htmlspecialchars_uni($post['thread_subject']);
 854  
 855              if(isset($icon_cache[$post['icon']]))
 856              {
 857                  $posticon = $icon_cache[$post['icon']];
 858                  $posticon['path'] = str_replace("{theme}", $theme['imgdir'], $posticon['path']);
 859                  $posticon['path'] = htmlspecialchars_uni($posticon['path']);
 860                  $posticon['name'] = htmlspecialchars_uni($posticon['name']);
 861                  eval("\$icon = \"".$templates->get("search_results_icon")."\";");
 862              }
 863              else
 864              {
 865                  $icon = "&nbsp;";
 866              }
 867  
 868              $post['forumlink'] = '';
 869              if(!empty($forumcache[$post['fid']]))
 870              {
 871                  $post['forumlink_link'] = get_forum_link($post['fid']);
 872                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
 873                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
 874              }
 875  
 876              // Determine the folder
 877              $folder = '';
 878              $folder_label = '';
 879              $gotounread = '';
 880              $isnew = 0;
 881              $donenew = 0;
 882              $last_read = 0;
 883              $post['thread_lastread'] = $readthreads[$post['tid']];
 884  
 885              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 886              {
 887                  $forum_read = $readforums[$post['fid']];
 888  
 889                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 890                  if($forum_read == 0 || $forum_read < $read_cutoff)
 891                  {
 892                      $forum_read = $read_cutoff;
 893                  }
 894              }
 895              else
 896              {
 897                  $forum_read = $forumsread[$post['fid']];
 898              }
 899  
 900              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $post['thread_lastpost'] > $forum_read)
 901              {
 902                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 903                  if($post['thread_lastpost'] > $cutoff)
 904                  {
 905                      if($post['thread_lastread'])
 906                      {
 907                          $last_read = $post['thread_lastread'];
 908                      }
 909                      else
 910                      {
 911                          $last_read = 1;
 912                      }
 913                  }
 914              }
 915  
 916              if(isset($dot_icon[$post['tid']]))
 917              {
 918                  $folder = "dot_";
 919                  $folder_label .= $lang->icon_dot;
 920              }
 921  
 922              if(!$last_read)
 923              {
 924                  $readcookie = $threadread = my_get_array_cookie("threadread", $post['tid']);
 925                  if($readcookie > $forum_read)
 926                  {
 927                      $last_read = $readcookie;
 928                  }
 929                  elseif($forum_read > $mybb->user['lastvisit'])
 930                  {
 931                      $last_read = $forum_read;
 932                  }
 933                  else
 934                  {
 935                      $last_read = $mybb->user['lastvisit'];
 936                  }
 937              }
 938  
 939              if($post['thread_lastpost'] > $last_read && $last_read)
 940              {
 941                  $folder .= "new";
 942                  $folder_label .= $lang->icon_new;
 943                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 944                  $unreadpost = 1;
 945              }
 946              else
 947              {
 948                  $folder_label .= $lang->icon_no_new;
 949              }
 950  
 951              if($post['thread_replies'] >= $mybb->settings['hottopic'] || $post['thread_views'] >= $mybb->settings['hottopicviews'])
 952              {
 953                  $folder .= "hot";
 954                  $folder_label .= $lang->icon_hot;
 955              }
 956              if($post['thread_closed'] == 1)
 957              {
 958                  $folder .= "close";
 959                  $folder_label .= $lang->icon_close;
 960              }
 961              $folder .= "folder";
 962  
 963              $post['thread_replies'] = my_number_format($post['thread_replies']);
 964              $post['thread_views'] = my_number_format($post['thread_views']);
 965  
 966              $post['forumlink'] = '';
 967              if($forumcache[$post['fid']])
 968              {
 969                  $post['forumlink_link'] = get_forum_link($post['fid']);
 970                  $post['forumlink_name'] = $forumcache[$post['fid']]['name'];
 971                  eval("\$post['forumlink'] = \"".$templates->get("search_results_posts_forumlink")."\";");
 972              }
 973  
 974              if(!$post['subject'])
 975              {
 976                  $post['subject'] = $post['message'];
 977              }
 978              if(my_strlen($post['subject']) > 50)
 979              {
 980                  $post['subject'] = htmlspecialchars_uni(my_substr($post['subject'], 0, 50)."...");
 981              }
 982              else
 983              {
 984                  $post['subject'] = htmlspecialchars_uni($post['subject']);
 985              }
 986              // What we do here is parse the post using our post parser, then strip the tags from it
 987              $parser_options = array(
 988                  'allow_html' => 0,
 989                  'allow_mycode' => 1,
 990                  'allow_smilies' => 0,
 991                  'allow_imgcode' => 0,
 992                  'me_username' => $post['username'],
 993                  'filter_badwords' => 1
 994              );
 995              $post['message'] = strip_tags($parser->text_parse_message($post['message'], $parser_options));
 996              if(my_strlen($post['message']) > 200)
 997              {
 998                  $prev = my_substr($post['message'], 0, 200)."...";
 999              }
1000              else
1001              {
1002                  $prev = $post['message'];
1003              }
1004              $posted = my_date('relative', $post['dateline']);
1005  
1006              $thread_url = get_thread_link($post['tid']);
1007              $post_url = get_post_link($post['pid'], $post['tid']);
1008  
1009              // Inline post moderation
1010              $inline_mod_checkbox = '';
1011              if($is_supermod || is_moderator($post['fid']))
1012              {
1013                  if(isset($mybb->cookies[$inlinecookie]) && my_strpos($mybb->cookies[$inlinecookie], "|{$post['pid']}|") !== false)
1014                  {
1015                      $inlinecheck = "checked=\"checked\"";
1016                      ++$inlinecount;
1017                  }
1018                  else
1019                  {
1020                      $inlinecheck = '';
1021                  }
1022  
1023                  $show_inline_moderation = true;
1024  
1025                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_inlinecheck")."\";");
1026              }
1027              elseif($is_mod)
1028              {
1029                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_nocheck")."\";");
1030              }
1031  
1032              $plugins->run_hooks("search_results_post");
1033              eval("\$results .= \"".$templates->get("search_results_posts_post")."\";");
1034          }
1035          if(!$results)
1036          {
1037              error($lang->error_nosearchresults);
1038          }
1039          $multipage = multipage($postcount, $perpage, $page, "search.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->get_input('sid'))."&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->get_input('uid', MyBB::INPUT_INT));
1040          if($upper > $postcount)
1041          {
1042              $upper = $postcount;
1043          }
1044  
1045          // Inline Post Moderation Options
1046          if($show_inline_moderation)
1047          {
1048              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
1049  
1050              // If user has moderation tools available, prepare the Select All feature
1051              $num_results = $db->num_rows($query);
1052              $lang->page_selected = $lang->sprintf($lang->page_selected, (int)$num_results);
1053              $lang->select_all = $lang->sprintf($lang->select_all, (int)$postcount);
1054              $lang->all_selected = $lang->sprintf($lang->all_selected, (int)$postcount);
1055              eval("\$selectall = \"".$templates->get("search_posts_inlinemoderation_selectall")."\";");
1056  
1057              $customthreadtools = $customposttools = '';
1058              switch($db->type)
1059              {
1060                  case "pgsql":
1061                  case "sqlite":
1062                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
1063                      break;
1064                  default:
1065                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
1066              }
1067  
1068              while($tool = $db->fetch_array($query))
1069              {
1070                  eval("\$customposttools .= \"".$templates->get("search_results_posts_inlinemoderation_custom_tool")."\";");
1071              }
1072              // Build inline moderation dropdown
1073              if(!empty($customposttools))
1074              {
1075                  eval("\$customposttools = \"".$templates->get("search_results_posts_inlinemoderation_custom")."\";");
1076              }
1077              eval("\$inlinemod = \"".$templates->get("search_results_posts_inlinemoderation")."\";");
1078          }
1079          elseif($is_mod)
1080          {
1081              eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol_empty")."\";");
1082          }
1083  
1084          $plugins->run_hooks("search_results_end");
1085  
1086          eval("\$searchresults = \"".$templates->get("search_results_posts")."\";");
1087          output_page($searchresults);
1088      }
1089  }
1090  elseif($mybb->input['action'] == "findguest")
1091  {
1092      $where_sql = "uid='0'";
1093  
1094      $unsearchforums = get_unsearchable_forums();
1095      if($unsearchforums)
1096      {
1097          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1098      }
1099      $inactiveforums = get_inactive_forums();
1100      if($inactiveforums)
1101      {
1102          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1103      }
1104  
1105      // Moderators can view unapproved threads and deleted threads from forums they moderate
1106      $unapproved_where = get_visible_where();
1107      $where_sql .= " AND ({$unapproved_where})";
1108  
1109      $permsql = "";
1110      $onlyusfids = array();
1111  
1112      // Check group permissions if we can't view threads not started by us
1113      $group_permissions = forum_permissions();
1114      foreach($group_permissions as $fid => $forum_permissions)
1115      {
1116          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1117          {
1118              $onlyusfids[] = $fid;
1119          }
1120      }
1121      if(!empty($onlyusfids))
1122      {
1123          $where_sql .= " AND fid NOT IN(".implode(',', $onlyusfids).")";
1124      }
1125  
1126      $options = array(
1127          'order_by' => 'dateline',
1128          'order_dir' => 'desc'
1129      );
1130  
1131      // Do we have a hard search limit?
1132      if($mybb->settings['searchhardlimit'] > 0)
1133      {
1134          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1135      }
1136  
1137      $pids = '';
1138      $comma = '';
1139      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1140      while($pid = $db->fetch_field($query, "pid"))
1141      {
1142              $pids .= $comma.$pid;
1143              $comma = ',';
1144      }
1145  
1146      $tids = '';
1147      $comma = '';
1148      $query = $db->simple_select("threads", "tid", $where_sql);
1149      while($tid = $db->fetch_field($query, "tid"))
1150      {
1151              $tids .= $comma.$tid;
1152              $comma = ',';
1153      }
1154  
1155      $sid = md5(uniqid(microtime(), true));
1156      $searcharray = array(
1157          "sid" => $db->escape_string($sid),
1158          "uid" => $mybb->user['uid'],
1159          "dateline" => TIME_NOW,
1160          "ipaddress" => $db->escape_binary($session->packedip),
1161          "threads" => $db->escape_string($tids),
1162          "posts" => $db->escape_string($pids),
1163          "resulttype" => "posts",
1164          "querycache" => '',
1165          "keywords" => ''
1166      );
1167      $plugins->run_hooks("search_do_search_process");
1168      $db->insert_query("searchlog", $searcharray);
1169      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1170  }
1171  elseif($mybb->input['action'] == "finduser")
1172  {
1173      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1174  
1175      $unsearchforums = get_unsearchable_forums();
1176      if($unsearchforums)
1177      {
1178          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1179      }
1180      $inactiveforums = get_inactive_forums();
1181      if($inactiveforums)
1182      {
1183          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1184      }
1185  
1186      // Moderators can view unapproved threads and deleted threads from forums they moderate
1187      $unapproved_where = get_visible_where();
1188      $where_sql .= " AND ({$unapproved_where})";
1189  
1190      $permsql = "";
1191      $onlyusfids = array();
1192  
1193      // Check group permissions if we can't view threads not started by us
1194      $group_permissions = forum_permissions();
1195      foreach($group_permissions as $fid => $forum_permissions)
1196      {
1197          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1198          {
1199              $onlyusfids[] = $fid;
1200          }
1201      }
1202      if(!empty($onlyusfids))
1203      {
1204          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1205      }
1206  
1207      $options = array(
1208          'order_by' => 'dateline',
1209          'order_dir' => 'desc'
1210      );
1211  
1212      // Do we have a hard search limit?
1213      if($mybb->settings['searchhardlimit'] > 0)
1214      {
1215          $options['limit'] = (int)$mybb->settings['searchhardlimit'];
1216      }
1217  
1218      $pids = '';
1219      $comma = '';
1220      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1221      while($pid = $db->fetch_field($query, "pid"))
1222      {
1223              $pids .= $comma.$pid;
1224              $comma = ',';
1225      }
1226  
1227      $tids = '';
1228      $comma = '';
1229      $query = $db->simple_select("threads", "tid", $where_sql);
1230      while($tid = $db->fetch_field($query, "tid"))
1231      {
1232              $tids .= $comma.$tid;
1233              $comma = ',';
1234      }
1235  
1236      $sid = md5(uniqid(microtime(), true));
1237      $searcharray = array(
1238          "sid" => $db->escape_string($sid),
1239          "uid" => $mybb->user['uid'],
1240          "dateline" => TIME_NOW,
1241          "ipaddress" => $db->escape_binary($session->packedip),
1242          "threads" => $db->escape_string($tids),
1243          "posts" => $db->escape_string($pids),
1244          "resulttype" => "posts",
1245          "querycache" => '',
1246          "keywords" => ''
1247      );
1248      $plugins->run_hooks("search_do_search_process");
1249      $db->insert_query("searchlog", $searcharray);
1250      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1251  }
1252  elseif($mybb->input['action'] == "finduserthreads")
1253  {
1254      $where_sql = "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'";
1255  
1256      $unsearchforums = get_unsearchable_forums();
1257      if($unsearchforums)
1258      {
1259          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1260      }
1261      $inactiveforums = get_inactive_forums();
1262      if($inactiveforums)
1263      {
1264          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1265      }
1266  
1267      // Moderators can view unapproved threads and deleted threads from forums they moderate
1268      $unapproved_where = get_visible_where();
1269      $where_sql .= " AND ({$unapproved_where})";
1270  
1271      $permsql = "";
1272      $onlyusfids = array();
1273  
1274      // Check group permissions if we can't view threads not started by us
1275      $group_permissions = forum_permissions();
1276      foreach($group_permissions as $fid => $forum_permissions)
1277      {
1278          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1279          {
1280              $onlyusfids[] = $fid;
1281          }
1282      }
1283      if(!empty($onlyusfids))
1284      {
1285          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1286      }
1287  
1288      $tids = '';
1289      $comma = '';
1290      $query = $db->simple_select("threads", "tid", $where_sql);
1291      while($tid = $db->fetch_field($query, "tid"))
1292      {
1293              $tids .= $comma.$tid;
1294              $comma = ',';
1295      }
1296  
1297      $sid = md5(uniqid(microtime(), true));
1298      $searcharray = array(
1299          "sid" => $db->escape_string($sid),
1300          "uid" => $mybb->user['uid'],
1301          "dateline" => TIME_NOW,
1302          "ipaddress" => $db->escape_binary($session->packedip),
1303          "threads" => $db->escape_string($tids),
1304          "posts" => '',
1305          "resulttype" => "threads",
1306          "querycache" => $db->escape_string($where_sql),
1307          "keywords" => ''
1308      );
1309      $plugins->run_hooks("search_do_search_process");
1310      $db->insert_query("searchlog", $searcharray);
1311      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1312  }
1313  elseif($mybb->input['action'] == "getnew")
1314  {
1315  
1316      $where_sql = "lastpost >= '".(int)$mybb->user['lastvisit']."'";
1317  
1318      if($mybb->get_input('fid', MyBB::INPUT_INT))
1319      {
1320          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1321      }
1322      else if($mybb->get_input('fids'))
1323      {
1324          $fids = explode(',', $mybb->get_input('fids'));
1325          foreach($fids as $key => $fid)
1326          {
1327              $fids[$key] = (int)$fid;
1328          }
1329  
1330          if(!empty($fids))
1331          {
1332              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1333          }
1334      }
1335  
1336      $unsearchforums = get_unsearchable_forums();
1337      if($unsearchforums)
1338      {
1339          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1340      }
1341      $inactiveforums = get_inactive_forums();
1342      if($inactiveforums)
1343      {
1344          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1345      }
1346  
1347      // Moderators can view unapproved threads and deleted threads from forums they moderate
1348      $unapproved_where = get_visible_where();
1349      $where_sql .= " AND ({$unapproved_where})";
1350  
1351      $permsql = "";
1352      $onlyusfids = array();
1353  
1354      // Check group permissions if we can't view threads not started by us
1355      $group_permissions = forum_permissions();
1356      foreach($group_permissions as $fid => $forum_permissions)
1357      {
1358          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1359          {
1360              $onlyusfids[] = $fid;
1361          }
1362      }
1363      if(!empty($onlyusfids))
1364      {
1365          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1366      }
1367  
1368      $tids = '';
1369      $comma = '';
1370      $query = $db->simple_select("threads", "tid", $where_sql);
1371      while($tid = $db->fetch_field($query, "tid"))
1372      {
1373              $tids .= $comma.$tid;
1374              $comma = ',';
1375      }
1376  
1377      $sid = md5(uniqid(microtime(), true));
1378      $searcharray = array(
1379          "sid" => $db->escape_string($sid),
1380          "uid" => $mybb->user['uid'],
1381          "dateline" => TIME_NOW,
1382          "ipaddress" => $db->escape_binary($session->packedip),
1383          "threads" => $db->escape_string($tids),
1384          "posts" => '',
1385          "resulttype" => "threads",
1386          "querycache" => $db->escape_string($where_sql),
1387          "keywords" => ''
1388      );
1389  
1390      $plugins->run_hooks("search_do_search_process");
1391      $db->insert_query("searchlog", $searcharray);
1392      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1393  }
1394  elseif($mybb->input['action'] == "getdaily")
1395  {
1396      if($mybb->get_input('days', MyBB::INPUT_INT) < 1)
1397      {
1398          $days = 1;
1399      }
1400      else
1401      {
1402          $days = $mybb->get_input('days', MyBB::INPUT_INT);
1403      }
1404      $datecut = TIME_NOW-(86400*$days);
1405  
1406      $where_sql = "lastpost >='".$datecut."'";
1407  
1408      if($mybb->get_input('fid', MyBB::INPUT_INT))
1409      {
1410          $where_sql .= " AND fid='".$mybb->get_input('fid', MyBB::INPUT_INT)."'";
1411      }
1412      else if($mybb->get_input('fids'))
1413      {
1414          $fids = explode(',', $mybb->get_input('fids'));
1415          foreach($fids as $key => $fid)
1416          {
1417              $fids[$key] = (int)$fid;
1418          }
1419  
1420          if(!empty($fids))
1421          {
1422              $where_sql .= " AND fid IN (".implode(',', $fids).")";
1423          }
1424      }
1425  
1426      $unsearchforums = get_unsearchable_forums();
1427      if($unsearchforums)
1428      {
1429          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1430      }
1431      $inactiveforums = get_inactive_forums();
1432      if($inactiveforums)
1433      {
1434          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1435      }
1436  
1437      // Moderators can view unapproved threads and deleted threads from forums they moderate
1438      $unapproved_where = get_visible_where();
1439      $where_sql .= " AND ({$unapproved_where})";
1440  
1441      $permsql = "";
1442      $onlyusfids = array();
1443  
1444      // Check group permissions if we can't view threads not started by us
1445      $group_permissions = forum_permissions();
1446      foreach($group_permissions as $fid => $forum_permissions)
1447      {
1448          if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
1449          {
1450              $onlyusfids[] = $fid;
1451          }
1452      }
1453      if(!empty($onlyusfids))
1454      {
1455          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1456      }
1457  
1458      $tids = '';
1459      $comma = '';
1460      $query = $db->simple_select("threads", "tid", $where_sql);
1461      while($tid = $db->fetch_field($query, "tid"))
1462      {
1463              $tids .= $comma.$tid;
1464              $comma = ',';
1465      }
1466  
1467      $sid = md5(uniqid(microtime(), true));
1468      $searcharray = array(
1469          "sid" => $db->escape_string($sid),
1470          "uid" => $mybb->user['uid'],
1471          "dateline" => TIME_NOW,
1472          "ipaddress" => $db->escape_binary($session->packedip),
1473          "threads" => $db->escape_string($tids),
1474          "posts" => '',
1475          "resulttype" => "threads",
1476          "querycache" => $db->escape_string($where_sql),
1477          "keywords" => ''
1478      );
1479  
1480      $plugins->run_hooks("search_do_search_process");
1481      $db->insert_query("searchlog", $searcharray);
1482      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1483  }
1484  elseif($mybb->input['action'] == "do_search")
1485  {
1486      $plugins->run_hooks("search_do_search_start");
1487  
1488      // Check if search flood checking is enabled and user is not admin
1489      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1490      {
1491          // Fetch the time this user last searched
1492          if($mybb->user['uid'])
1493          {
1494              $conditions = "uid='{$mybb->user['uid']}'";
1495          }
1496          else
1497          {
1498              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1499          }
1500          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1501          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1502          $last_search = $db->fetch_array($query);
1503          // Users last search was within the flood time, show the error
1504          if($last_search['sid'])
1505          {
1506              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1507              if($remaining_time == 1)
1508              {
1509                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1510              }
1511              else
1512              {
1513                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1514              }
1515              error($lang->error_searchflooding);
1516          }
1517      }
1518      if($mybb->get_input('showresults') == "threads")
1519      {
1520          $resulttype = "threads";
1521      }
1522      else
1523      {
1524          $resulttype = "posts";
1525      }
1526  
1527      $search_data = array(
1528          "keywords" => $mybb->input['keywords'],
1529          "author" => $mybb->get_input('author'),
1530          "postthread" => $mybb->get_input('postthread', MyBB::INPUT_INT),
1531          "matchusername" => $mybb->get_input('matchusername', MyBB::INPUT_INT),
1532          "postdate" => $mybb->get_input('postdate', MyBB::INPUT_INT),
1533          "pddir" => $mybb->get_input('pddir', MyBB::INPUT_INT),
1534          "forums" => $mybb->input['forums'],
1535          "findthreadst" => $mybb->get_input('findthreadst', MyBB::INPUT_INT),
1536          "numreplies" => $mybb->get_input('numreplies', MyBB::INPUT_INT),
1537          "threadprefix" => $mybb->get_input('threadprefix', MyBB::INPUT_ARRAY)
1538      );
1539  
1540      if(is_moderator() && !empty($mybb->input['visible']))
1541      {
1542          $search_data['visible'] = $mybb->get_input('visible', MyBB::INPUT_INT);
1543      }
1544  
1545      if($db->can_search == true)
1546      {
1547          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1548          {
1549              $search_results = perform_search_mysql_ft($search_data);
1550          }
1551          else
1552          {
1553              $search_results = perform_search_mysql($search_data);
1554          }
1555      }
1556      else
1557      {
1558          error($lang->error_no_search_support);
1559      }
1560      $sid = md5(uniqid(microtime(), true));
1561      $searcharray = array(
1562          "sid" => $db->escape_string($sid),
1563          "uid" => $mybb->user['uid'],
1564          "dateline" => $now,
1565          "ipaddress" => $db->escape_binary($session->packedip),
1566          "threads" => $search_results['threads'],
1567          "posts" => $search_results['posts'],
1568          "resulttype" => $resulttype,
1569          "querycache" => $search_results['querycache'],
1570          "keywords" => $db->escape_string($mybb->input['keywords']),
1571      );
1572      $plugins->run_hooks("search_do_search_process");
1573  
1574      $db->insert_query("searchlog", $searcharray);
1575  
1576      if(my_strtolower($mybb->get_input('sortordr')) == "asc" || my_strtolower($mybb->get_input('sortordr') == "desc"))
1577      {
1578          $sortorder = $mybb->get_input('sortordr');
1579      }
1580      else
1581      {
1582          $sortorder = "desc";
1583      }
1584      $sortby = htmlspecialchars_uni($mybb->get_input('sortby'));
1585      $plugins->run_hooks("search_do_search_end");
1586      redirect("search.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
1587  }
1588  else if($mybb->input['action'] == "thread")
1589  {
1590      // Fetch thread info
1591      $thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
1592      $ismod = is_moderator($thread['fid']);
1593  
1594      if(!$thread || ($thread['visible'] != 1 && $ismod == false && ($thread['visible'] != -1 || $mybb->settings['soft_delete'] != 1 || !$mybb->user['uid'] || $mybb->user['uid'] != $thread['uid'])) || ($thread['visible'] > 1 && $ismod == true))
1595      {
1596          error($lang->error_invalidthread);
1597      }
1598  
1599      // Get forum info
1600      $forum = get_forum($thread['fid']);
1601      if(!$forum)
1602      {
1603          error($lang->error_invalidforum);
1604      }
1605  
1606      $forum_permissions = forum_permissions($forum['fid']);
1607  
1608      if($forum['open'] == 0 || $forum['type'] != "f")
1609      {
1610          error($lang->error_closedinvalidforum);
1611      }
1612      if($forum_permissions['canview'] == 0 || $forum_permissions['canviewthreads'] != 1 || (isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1613      {
1614          error_no_permission();
1615      }
1616  
1617      $plugins->run_hooks("search_thread_start");
1618  
1619      // Check if search flood checking is enabled and user is not admin
1620      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1621      {
1622          // Fetch the time this user last searched
1623          if($mybb->user['uid'])
1624          {
1625              $conditions = "uid='{$mybb->user['uid']}'";
1626          }
1627          else
1628          {
1629              $conditions = "uid='0' AND ipaddress=".$db->escape_binary($session->packedip);
1630          }
1631          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1632          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1633          $last_search = $db->fetch_array($query);
1634  
1635          // We shouldn't show remaining time if time is 0 or under.
1636          $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1637          // Users last search was within the flood time, show the error.
1638          if($last_search['sid'] && $remaining_time > 0)
1639          {
1640              if($remaining_time == 1)
1641              {
1642                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1643              }
1644              else
1645              {
1646                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1647              }
1648              error($lang->error_searchflooding);
1649          }
1650      }
1651  
1652      $search_data = array(
1653          "keywords" => $mybb->input['keywords'],
1654          "postthread" => 1,
1655          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT)
1656      );
1657  
1658      if($db->can_search == true)
1659      {
1660          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1661          {
1662              $search_results = perform_search_mysql_ft($search_data);
1663          }
1664          else
1665          {
1666              $search_results = perform_search_mysql($search_data);
1667          }
1668      }
1669      else
1670      {
1671          error($lang->error_no_search_support);
1672      }
1673      $sid = md5(uniqid(microtime(), true));
1674      $searcharray = array(
1675          "sid" => $db->escape_string($sid),
1676          "uid" => $mybb->user['uid'],
1677          "dateline" => $now,
1678          "ipaddress" => $db->escape_binary($session->packedip),
1679          "threads" => $search_results['threads'],
1680          "posts" => $search_results['posts'],
1681          "resulttype" => 'posts',
1682          "querycache" => $search_results['querycache'],
1683          "keywords" => $db->escape_string($mybb->input['keywords'])
1684      );
1685      $plugins->run_hooks("search_thread_process");
1686  
1687      $db->insert_query("searchlog", $searcharray);
1688  
1689      $plugins->run_hooks("search_do_search_end");
1690      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1691  }
1692  else
1693  {
1694      $plugins->run_hooks("search_start");
1695      $srchlist = make_searchable_forums();
1696      $prefixselect = build_prefix_select('all', 'any', 1);
1697  
1698      $rowspan = 5;
1699  
1700      $moderator_options = '';
1701      if(is_moderator())
1702      {
1703          $rowspan += 2;
1704          eval("\$moderator_options = \"".$templates->get("search_moderator_options")."\";");
1705      }
1706  
1707      $plugins->run_hooks("search_end");
1708  
1709      eval("\$search = \"".$templates->get("search")."\";");
1710      output_page($search);
1711  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref