MyBB PHP Cross Reference Discussion Forums

Source: /search.php - 1595 lines - 46386 bytes - Summary - Text - Print

Description: MyBB 1.6 Copyright 2010 MyBB Group, All Rights Reserved

   1  <?php
   2  /**

   3   * MyBB 1.6

   4   * Copyright 2010 MyBB Group, All Rights Reserved

   5   *

   6   * Website: http://mybb.com

   7   * License: http://mybb.com/about/license

   8   *

   9   * $Id$

  10   */
  11  
  12  define("IN_MYBB", 1);
  13  define("IGNORE_CLEAN_VARS", "sid");
  14  define('THIS_SCRIPT', 'search.php');
  15  
  16  $templatelist = "search,forumdisplay_thread_gotounread,search_results_threads_thread,search_results_threads,search_results_posts,search_results_posts_post";
  17  $templatelist .= ",multipage_nextpage,multipage_page_current,multipage_page,multipage_start,multipage_end,multipage,forumdisplay_thread_multipage_more,forumdisplay_thread_multipage_page,forumdisplay_thread_multipage";
  18  $templatelist .= ",search_results_posts_inlinecheck,search_results_posts_nocheck,search_results_threads_inlinecheck,search_results_threads_nocheck,search_results_inlinemodcol,search_results_posts_inlinemoderation_custom_tool";
  19  $templatelist .= ",search_results_posts_inlinemoderation_custom,search_results_posts_inlinemoderation,search_results_threads_inlinemoderation_custom_tool,search_results_threads_inlinemoderation_custom,search_results_threads_inlinemoderation,search_orderarrow,search_moderator_options";
  20  $templatelist .= ",forumdisplay_thread_attachment_count,forumdisplay_threadlist_inlineedit_js,search_threads_inlinemoderation_selectall,search_posts_inlinemoderation_selectall,multipage_prevpage";
  21  
  22  require_once  "./global.php";
  23  
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_search.php";
  26  require_once  MYBB_ROOT."inc/class_parser.php";
  27  $parser = new postParser;
  28  
  29  // Load global language phrases

  30  $lang->load("search");
  31  
  32  add_breadcrumb($lang->nav_search, "search.php");
  33  
  34  switch($mybb->input['action'])
  35  {
  36      case "results":
  37          add_breadcrumb($lang->nav_results);
  38          break;
  39      default:
  40          break;
  41  }
  42  
  43  if($mybb->usergroup['cansearch'] == 0)
  44  {
  45      error_no_permission();
  46  }
  47  
  48  $now = TIME_NOW;
  49  $mybb->input['keywords'] = trim($mybb->input['keywords']);
  50  
  51  $limitsql = "";
  52  if(intval($mybb->settings['searchhardlimit']) > 0)
  53  {
  54      $limitsql = "LIMIT ".intval($mybb->settings['searchhardlimit']);
  55  }
  56  
  57  if($mybb->input['action'] == "results")
  58  {
  59      $sid = $db->escape_string($mybb->input['sid']);
  60      $query = $db->simple_select("searchlog", "*", "sid='$sid'");
  61      $search = $db->fetch_array($query);
  62  
  63      if(!$search['sid'])
  64      {
  65          error($lang->error_invalidsearch);
  66      }
  67  
  68      $plugins->run_hooks("search_results_start");
  69  
  70      // Decide on our sorting fields and sorting order.

  71      $order = my_strtolower(htmlspecialchars_uni($mybb->input['order']));
  72      $sortby = my_strtolower(htmlspecialchars_uni($mybb->input['sortby']));
  73  
  74      switch($sortby)
  75      {
  76          case "replies":
  77              $sortfield = "t.replies";
  78              break;
  79          case "views":
  80              $sortfield = "t.views";
  81              break;
  82          case "subject":
  83              if($search['resulttype'] == "threads")
  84              {
  85                  $sortfield = "t.subject";
  86              }
  87              else
  88              {
  89                  $sortfield = "p.subject";
  90              }
  91              break;
  92          case "forum":
  93              $sortfield = "t.fid";
  94              break;
  95          case "starter":
  96              if($search['resulttype'] == "threads")
  97              {
  98                  $sortfield = "t.username";
  99              }
 100              else
 101              {
 102                  $sortfield = "p.username";
 103              }
 104              break;
 105          case "lastpost":
 106          default:
 107              if($search['resulttype'] == "threads")
 108              {
 109                  $sortfield = "t.lastpost";
 110                  $sortby = "lastpost";
 111              }
 112              else
 113              {
 114                  $sortfield = "p.dateline";
 115                  $sortby = "dateline";
 116              }
 117              break;
 118      }
 119      
 120      if($order != "asc")
 121      {
 122          $order = "desc";
 123          $oppsortnext = "asc";
 124          $oppsort = $lang->asc;
 125      }
 126      else
 127      {
 128          $oppsortnext = "desc";
 129          $oppsort = $lang->desc;        
 130      }
 131      
 132      if(!$mybb->settings['threadsperpage'])
 133      {
 134          $mybb->settings['threadsperpage'] = 20;
 135      }
 136  
 137      // Work out pagination, which page we're at, as well as the limits.

 138      $perpage = $mybb->settings['threadsperpage'];
 139      $page = intval($mybb->input['page']);
 140      if($page > 0)
 141      {
 142          $start = ($page-1) * $perpage;
 143      }
 144      else
 145      {
 146          $start = 0;
 147          $page = 1;
 148      }
 149      $end = $start + $perpage;
 150      $lower = $start+1;
 151      $upper = $end;
 152      
 153      // Work out if we have terms to highlight

 154      $highlight = "";
 155      if($search['keywords'])
 156      {
 157          if($mybb->settings['seourls'] == "yes" || ($mybb->settings['seourls'] == "auto" && $_SERVER['SEO_SUPPORT'] == 1))
 158          {
 159              $highlight = "?highlight=".urlencode($search['keywords']);
 160          }
 161          else
 162          {
 163              $highlight = "&amp;highlight=".urlencode($search['keywords']);
 164          }
 165      }
 166  
 167      $sorturl = "search.php?action=results&amp;sid={$sid}";
 168      $thread_url = "";
 169      $post_url = "";
 170      
 171      eval("\$orderarrow['$sortby'] = \"".$templates->get("search_orderarrow")."\";");
 172  
 173      // Read some caches we will be using

 174      $forumcache = $cache->read("forums");
 175      $icon_cache = $cache->read("posticons");
 176  
 177      $threads = array();
 178  
 179      if($mybb->user['uid'] == 0)
 180      {
 181          // Build a forum cache.

 182          $query = $db->query("
 183              SELECT fid
 184              FROM ".TABLE_PREFIX."forums
 185              WHERE active != 0
 186              ORDER BY pid, disporder
 187          ");
 188          
 189          $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
 190      }
 191      else
 192      {
 193          // Build a forum cache.

 194          $query = $db->query("
 195              SELECT f.fid, fr.dateline AS lastread
 196              FROM ".TABLE_PREFIX."forums f
 197              LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
 198              WHERE f.active != 0
 199              ORDER BY pid, disporder
 200          ");
 201      }
 202  
 203      while($forum = $db->fetch_array($query))
 204      {
 205          if($mybb->user['uid'] == 0)
 206          {
 207              if($forumsread[$forum['fid']])
 208              {
 209                  $forum['lastread'] = $forumsread[$forum['fid']];
 210              }
 211          }
 212          $readforums[$forum['fid']] = $forum['lastread'];
 213      }
 214      $fpermissions = forum_permissions();
 215      
 216      // Inline Mod Column for moderators

 217      $inlinemodcol = $inlinecookie = '';
 218      $is_mod = $is_supermod = false;
 219      if($mybb->usergroup['issupermod'])
 220      {
 221          $is_supermod = true;
 222      }
 223      if($is_supermod || is_moderator())
 224      {
 225          eval("\$inlinemodcol = \"".$templates->get("search_results_inlinemodcol")."\";");
 226          $inlinecookie = "inlinemod_search".$sid;
 227          $inlinecount = 0;
 228          $is_mod = true;
 229          $return_url = 'search.php?'.htmlspecialchars_uni($_SERVER['QUERY_STRING']);
 230      }
 231  
 232      // Show search results as 'threads'

 233      if($search['resulttype'] == "threads")
 234      {
 235          $threadcount = 0;
 236          
 237          // Moderators can view unapproved threads

 238          $query = $db->simple_select("moderators", "fid", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 239          if($mybb->usergroup['issupermod'] == 1)
 240          {
 241              // Super moderators (and admins)

 242              $unapproved_where = "t.visible>-1";
 243          }
 244          elseif($db->num_rows($query))
 245          {
 246              // Normal moderators

 247              $moderated_forums = '0';
 248              while($forum = $db->fetch_array($query))
 249              {
 250                  $moderated_forums .= ','.$forum['fid'];
 251              }
 252              $unapproved_where = "(t.visible>0 OR (t.visible=0 AND t.fid IN ({$moderated_forums})))";
 253          }
 254          else
 255          {
 256              // Normal users

 257              $unapproved_where = 't.visible>0';
 258          }
 259          
 260          // If we have saved WHERE conditions, execute them

 261          if($search['querycache'] != "")
 262          {
 263              $where_conditions = $search['querycache'];
 264              $query = $db->simple_select("threads t", "t.tid", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' ORDER BY t.lastpost DESC {$limitsql}");
 265              while($thread = $db->fetch_array($query))
 266              {
 267                  $threads[$thread['tid']] = $thread['tid'];
 268                  $threadcount++;
 269              }
 270              // Build our list of threads.

 271              if($threadcount > 0)
 272              {
 273                  $search['threads'] = implode(",", $threads);
 274              }
 275              // No results.

 276              else
 277              {
 278                  error($lang->error_nosearchresults);
 279              }
 280              $where_conditions = "t.tid IN (".$search['threads'].")";
 281          }
 282          // This search doesn't use a query cache, results stored in search table.

 283          else
 284          {
 285              $where_conditions = "t.tid IN (".$search['threads'].")";
 286              $query = $db->simple_select("threads t", "COUNT(t.tid) AS resultcount", $where_conditions. " AND {$unapproved_where} AND t.closed NOT LIKE 'moved|%' {$limitsql}");
 287              $count = $db->fetch_array($query);
 288  
 289              if(!$count['resultcount'])
 290              {
 291                  error($lang->error_nosearchresults);
 292              }
 293              $threadcount = $count['resultcount'];
 294          }
 295          
 296          $permsql = "";
 297          $onlyusfids = array();
 298          
 299          // Check group permissions if we can't view threads not started by us

 300          $group_permissions = forum_permissions();
 301          foreach($group_permissions as $fid => $forum_permissions)
 302          {
 303              if($forum_permissions['canonlyviewownthreads'] == 1)
 304              {
 305                  $onlyusfids[] = $fid;
 306              }
 307          }
 308          if(!empty($onlyusfids))
 309          {
 310              $permsql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 311          }
 312      
 313          $unsearchforums = get_unsearchable_forums();
 314          if($unsearchforums)
 315          {
 316              $permsql .= " AND t.fid NOT IN ($unsearchforums)";
 317          }
 318          $inactiveforums = get_inactive_forums();
 319          if($inactiveforums)
 320          {
 321              $permsql .= " AND t.fid NOT IN ($inactiveforums)";
 322          }
 323          
 324          // Begin selecting matching threads, cache them.

 325          $sqlarray = array(
 326              'order_by' => $sortfield,
 327              'order_dir' => $order,
 328              'limit_start' => $start,
 329              'limit' => $perpage
 330          );
 331          $query = $db->query("
 332              SELECT t.*, u.username AS userusername, p.displaystyle AS threadprefix
 333              FROM ".TABLE_PREFIX."threads t
 334              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=t.uid)
 335              LEFT JOIN ".TABLE_PREFIX."threadprefixes p ON (p.pid=t.prefix)
 336              WHERE $where_conditions AND {$unapproved_where} {$permsql} AND t.closed NOT LIKE 'moved|%'
 337              ORDER BY $sortfield $order
 338              LIMIT $start, $perpage
 339          ");
 340          $thread_cache = array();
 341          while($thread = $db->fetch_array($query))
 342          {
 343              $thread_cache[$thread['tid']] = $thread;
 344          }
 345          $thread_ids = implode(",", array_keys($thread_cache));
 346          
 347          if(empty($thread_ids))
 348          {
 349              error($lang->error_nosearchresults);
 350          }
 351  
 352          // Fetch dot icons if enabled

 353          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] && $thread_cache)
 354          {
 355              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='".$mybb->user['uid']."' AND tid IN(".$thread_ids.")");
 356              while($thread = $db->fetch_array($query))
 357              {
 358                  $thread_cache[$thread['tid']]['dot_icon'] = 1;
 359              }
 360          }
 361  
 362          // Fetch the read threads.

 363          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 364          {
 365              $query = $db->simple_select("threadsread", "tid,dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$thread_ids.")");
 366              while($readthread = $db->fetch_array($query))
 367              {
 368                  $thread_cache[$readthread['tid']]['lastread'] = $readthread['dateline'];
 369              }
 370          }
 371  
 372          if(!$mybb->settings['maxmultipagelinks'])
 373          {
 374              $mybb->settings['maxmultipagelinks'] = 5;
 375          }
 376  
 377          foreach($thread_cache as $thread)
 378          {
 379              $bgcolor = alt_trow();
 380              $folder = '';
 381              $prefix = '';
 382              
 383              // Unapproved colour

 384              if(!$thread['visible'])
 385              {
 386                  $bgcolor = 'trow_shaded';
 387              }
 388  
 389              if($thread['userusername'])
 390              {
 391                  $thread['username'] = $thread['userusername'];
 392              }
 393              $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']);
 394              
 395              // If this thread has a prefix, insert a space between prefix and subject

 396              if($thread['prefix'] != 0)
 397              {
 398                  $thread['threadprefix'] .= '&nbsp;';
 399              }
 400              
 401              $thread['subject'] = $parser->parse_badwords($thread['subject']);
 402              $thread['subject'] = htmlspecialchars_uni($thread['subject']);
 403  
 404              if($icon_cache[$thread['icon']])
 405              {
 406                  $posticon = $icon_cache[$thread['icon']];
 407                  $icon = "<img src=\"".$posticon['path']."\" alt=\"".$posticon['name']."\" />";
 408              }
 409              else
 410              {
 411                  $icon = "&nbsp;";
 412              }
 413              if($thread['poll'])
 414              {
 415                  $prefix = $lang->poll_prefix;
 416              }
 417                  
 418              // Determine the folder

 419              $folder = '';
 420              $folder_label = '';
 421              if($thread['dot_icon'])
 422              {
 423                  $folder = "dot_";
 424                  $folder_label .= $lang->icon_dot;
 425              }
 426              $gotounread = '';
 427              $isnew = 0;
 428              $donenew = 0;
 429              $last_read = 0;
 430              
 431              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 432              {
 433                  $forum_read = $readforums[$thread['fid']];
 434              
 435                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 436                  if($forum_read == 0 || $forum_read < $read_cutoff)
 437                  {
 438                      $forum_read = $read_cutoff;
 439                  }
 440              }
 441              else
 442              {
 443                  $forum_read = $forumsread[$thread['fid']];
 444              }
 445              
 446              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $thread['lastpost'] > $forum_read)
 447              {
 448                  if($thread['lastread'])
 449                  {
 450                      $last_read = $thread['lastread'];
 451                  }
 452                  else
 453                  {
 454                      $last_read = $read_cutoff;
 455                  }
 456              }
 457              else
 458              {
 459                  $last_read = my_get_array_cookie("threadread", $thread['tid']);
 460              }
 461      
 462              if($forum_read > $last_read)
 463              {
 464                  $last_read = $forum_read;
 465              }
 466  
 467              if($thread['lastpost'] > $last_read && $last_read)
 468              {
 469                  $folder .= "new";
 470                  $new_class = "subject_new";
 471                  $folder_label .= $lang->icon_new;
 472                  $thread['newpostlink'] = get_thread_link($thread['tid'], 0, "newpost").$highlight;
 473                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 474                  $unreadpost = 1;
 475              }
 476              else
 477              {
 478                  $new_class = 'subject_old';
 479                  $folder_label .= $lang->icon_no_new;
 480              }
 481  
 482              if($thread['replies'] >= $mybb->settings['hottopic'] || $thread['views'] >= $mybb->settings['hottopicviews'])
 483              {
 484                  $folder .= "hot";
 485                  $folder_label .= $lang->icon_hot;
 486              }
 487              if($thread['closed'] == 1)
 488              {
 489                  $folder .= "lock";
 490                  $folder_label .= $lang->icon_lock;
 491              }
 492              $folder .= "folder";
 493              
 494              if(!$mybb->settings['postsperpage'])
 495              {
 496                  $mybb->settings['postperpage'] = 20;
 497              }
 498  
 499              $thread['pages'] = 0;
 500              $thread['multipage'] = '';
 501              $threadpages = '';
 502              $morelink = '';
 503              $thread['posts'] = $thread['replies'] + 1;
 504              if(is_moderator($thread['fid']))
 505              {
 506                  $thread['posts'] += $thread['unapprovedposts'];
 507              }
 508              if($thread['posts'] > $mybb->settings['postsperpage'])
 509              {
 510                  $thread['pages'] = $thread['posts'] / $mybb->settings['postsperpage'];
 511                  $thread['pages'] = ceil($thread['pages']);
 512                  if($thread['pages'] > $mybb->settings['maxmultipagelinks'])
 513                  {
 514                      $pagesstop = $mybb->settings['maxmultipagelinks'] - 1;
 515                      $page_link = get_thread_link($thread['tid'], $thread['pages']).$highlight;
 516                      eval("\$morelink = \"".$templates->get("forumdisplay_thread_multipage_more")."\";");
 517                  }
 518                  else
 519                  {
 520                      $pagesstop = $thread['pages'];
 521                  }
 522                  for($i = 1; $i <= $pagesstop; ++$i)
 523                  {
 524                      $page_link = get_thread_link($thread['tid'], $i).$highlight;
 525                      eval("\$threadpages .= \"".$templates->get("forumdisplay_thread_multipage_page")."\";");
 526                  }
 527                  eval("\$thread['multipage'] = \"".$templates->get("forumdisplay_thread_multipage")."\";");
 528              }
 529              else
 530              {
 531                  $threadpages = '';
 532                  $morelink = '';
 533                  $thread['multipage'] = '';
 534              }
 535              $lastpostdate = my_date($mybb->settings['dateformat'], $thread['lastpost']);
 536              $lastposttime = my_date($mybb->settings['timeformat'], $thread['lastpost']);
 537              $lastposter = $thread['lastposter'];
 538              $thread['lastpostlink'] = get_thread_link($thread['tid'], 0, "lastpost");
 539              $lastposteruid = $thread['lastposteruid'];
 540              $thread_link = get_thread_link($thread['tid']);
 541  
 542              // Don't link to guest's profiles (they have no profile).

 543              if($lastposteruid == 0)
 544              {
 545                  $lastposterlink = $lastposter;
 546              }
 547              else
 548              {
 549                  $lastposterlink = build_profile_link($lastposter, $lastposteruid);
 550              }
 551  
 552              $thread['replies'] = my_number_format($thread['replies']);
 553              $thread['views'] = my_number_format($thread['views']);
 554  
 555              if($forumcache[$thread['fid']])
 556              {
 557                  $thread['forumlink'] = "<a href=\"".get_forum_link($thread['fid'])."\">".$forumcache[$thread['fid']]['name']."</a>";
 558              }
 559              else
 560              {
 561                  $thread['forumlink'] = "";
 562              }
 563  
 564              // If this user is the author of the thread and it is not closed or they are a moderator, they can edit

 565              if(($thread['uid'] == $mybb->user['uid'] && $thread['closed'] != 1 && $mybb->user['uid'] != 0 && $fpermissions[$thread['fid']]['caneditposts'] == 1) || is_moderator($thread['fid'], "caneditposts"))
 566              {
 567                  $inline_edit_class = "subject_editable";
 568              }
 569              else
 570              {
 571                  $inline_edit_class = "";
 572              }
 573              $load_inline_edit_js = 1;
 574  
 575              // If this thread has 1 or more attachments show the papperclip

 576              if($thread['attachmentcount'] > 0)
 577              {
 578                  if($thread['attachmentcount'] > 1)
 579                  {
 580                      $attachment_count = $lang->sprintf($lang->attachment_count_multiple, $thread['attachmentcount']);
 581                  }
 582                  else
 583                  {
 584                      $attachment_count = $lang->attachment_count;
 585                  }
 586  
 587                  eval("\$attachment_count = \"".$templates->get("forumdisplay_thread_attachment_count")."\";");
 588              }
 589              else
 590              {
 591                  $attachment_count = '';
 592              }
 593  
 594              $inline_edit_tid = $thread['tid'];
 595              
 596              // Inline thread moderation

 597              $inline_mod_checkbox = '';
 598              if($is_supermod || is_moderator($thread['fid']))
 599              {
 600                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_inlinecheck")."\";");
 601              }
 602              elseif($is_mod)
 603              {
 604                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_threads_nocheck")."\";");
 605              }
 606  
 607              $plugins->run_hooks("search_results_thread");
 608              eval("\$results .= \"".$templates->get("search_results_threads_thread")."\";");
 609          }
 610          if(!$results)
 611          {
 612              error($lang->error_nosearchresults);
 613          }
 614          else
 615          {
 616              if($load_inline_edit_js == 1)
 617              {
 618                  eval("\$inline_edit_js = \"".$templates->get("forumdisplay_threadlist_inlineedit_js")."\";");
 619              }
 620          }
 621          $multipage = multipage($threadcount, $perpage, $page, "search.php?action=results&amp;sid=$sid&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->input['uid']);
 622          if($upper > $threadcount)
 623          {
 624              $upper = $threadcount;
 625          }
 626          
 627          // Inline Thread Moderation Options

 628          if($is_mod)
 629          {
 630              // If user has moderation tools available, prepare the Select All feature

 631              $lang->page_selected = $lang->sprintf($lang->page_selected, count($thread_cache));
 632              $lang->all_selected = $lang->sprintf($lang->all_selected, intval($threadcount));
 633              $lang->select_all = $lang->sprintf($lang->select_all, intval($threadcount));
 634              eval("\$selectall = \"".$templates->get("search_threads_inlinemoderation_selectall")."\";");
 635              
 636              $customthreadtools = '';
 637              switch($db->type)
 638              {
 639                  case "pgsql":
 640                  case "sqlite":
 641                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
 642                      break;
 643                  default:
 644                      $query = $db->simple_select("modtools", "tid, name", "type='t' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
 645              }
 646              
 647              while($tool = $db->fetch_array($query))
 648              {
 649                  eval("\$customthreadtools .= \"".$templates->get("search_results_threads_inlinemoderation_custom_tool")."\";");
 650              }
 651              // Build inline moderation dropdown

 652              if(!empty($customthreadtools))
 653              {
 654                  eval("\$customthreadtools = \"".$templates->get("search_results_threads_inlinemoderation_custom")."\";");
 655              }
 656              eval("\$inlinemod = \"".$templates->get("search_results_threads_inlinemoderation")."\";");
 657          }
 658          
 659          $plugins->run_hooks("search_results_end");
 660          
 661          eval("\$searchresults = \"".$templates->get("search_results_threads")."\";");
 662          output_page($searchresults);
 663      }
 664      else // Displaying results as posts
 665      {
 666          if(!$search['posts'])
 667          {
 668              error($lang->error_nosearchresults);
 669          }
 670          
 671          $postcount = 0;
 672          
 673          // Moderators can view unapproved threads

 674          $query = $db->simple_select("moderators", "fid", "(id='{$mybb->user['uid']}' AND isgroup='0') OR (id='{$mybb->user['usergroup']}' AND isgroup='1')");
 675          if($mybb->usergroup['issupermod'] == 1)
 676          {
 677              // Super moderators (and admins)

 678              $p_unapproved_where = "visible >= 0";
 679              $t_unapproved_where = "visible < 0";
 680          }
 681          elseif($db->num_rows($query))
 682          {
 683              // Normal moderators

 684              $moderated_forums = '0';
 685              while($forum = $db->fetch_array($query))
 686              {
 687                  $moderated_forums .= ','.$forum['fid'];
 688                  $test_moderated_forums[$forum['fid']] = $forum['fid'];
 689              }
 690              $p_unapproved_where = "visible >= 0";
 691              $t_unapproved_where = "visible < 0 AND fid NOT IN ({$moderated_forums})";
 692          }
 693          else
 694          {
 695              // Normal users

 696              $p_unapproved_where = 'visible=1';
 697              $t_unapproved_where = 'visible < 1';
 698          }    
 699          
 700          $post_cache_options = array();
 701          if(intval($mybb->settings['searchhardlimit']) > 0)
 702          {
 703              $post_cache_options['limit'] = intval($mybb->settings['searchhardlimit']);
 704          }
 705          
 706          if(strpos($sortfield, 'p.') !== false)
 707          {
 708              $post_cache_options['order_by'] = str_replace('p.', '', $sortfield);
 709              $post_cache_options['order_dir'] = $order;
 710          }
 711  
 712          $tids = array();
 713          $pids = array();
 714          // Make sure the posts we're viewing we have permission to view.

 715          $query = $db->simple_select("posts", "pid, tid", "pid IN(".$db->escape_string($search['posts']).") AND {$p_unapproved_where}", $post_cache_options);
 716          while($post = $db->fetch_array($query))
 717          {
 718              $pids[$post['pid']] = $post['tid'];
 719              $tids[$post['tid']][$post['pid']] = $post['pid'];
 720          }
 721          
 722          if(!empty($pids))
 723          {
 724              $temp_pids = array();
 725  
 726              // Check the thread records as well. If we don't have permissions, remove them from the listing.

 727              $query = $db->simple_select("threads", "tid", "tid IN(".$db->escape_string(implode(',', $pids)).") AND ({$t_unapproved_where} OR closed LIKE 'moved|%')");
 728              while($thread = $db->fetch_array($query))
 729              {
 730                  if(array_key_exists($thread['tid'], $tids) != false)
 731                  {
 732                      $temp_pids = $tids[$thread['tid']];
 733                      foreach($temp_pids as $pid)
 734                      {
 735                          unset($pids[$pid]);
 736                          unset($tids[$thread['tid']]);
 737                      }
 738                  }
 739              }
 740              unset($temp_pids);
 741          }
 742      
 743          // Declare our post count

 744          $postcount = count($pids);
 745          
 746          if(!$postcount)
 747          {
 748              error($lang->error_nosearchresults);
 749          }
 750          
 751          // And now we have our sanatized post list

 752          $search['posts'] = implode(',', array_keys($pids));
 753          
 754          $tids = implode(",", array_keys($tids));
 755          
 756          // Read threads

 757          if($mybb->user['uid'] && $mybb->settings['threadreadcut'] > 0)
 758          {
 759              $query = $db->simple_select("threadsread", "tid, dateline", "uid='".$mybb->user['uid']."' AND tid IN(".$db->escape_string($tids).")");
 760              while($readthread = $db->fetch_array($query))
 761              {
 762                  $readthreads[$readthread['tid']] = $readthread['dateline'];
 763              }
 764          }
 765  
 766          $dot_icon = array();
 767          if($mybb->settings['dotfolders'] != 0 && $mybb->user['uid'] != 0)
 768          {
 769              $query = $db->simple_select("posts", "DISTINCT tid,uid", "uid='".$mybb->user['uid']."' AND tid IN(".$db->escape_string($tids).")");
 770              while($post = $db->fetch_array($query))
 771              {
 772                  $dot_icon[$post['tid']] = true;
 773              }
 774          }
 775  
 776          $query = $db->query("
 777              SELECT p.*, u.username AS userusername, t.subject AS thread_subject, t.replies AS thread_replies, t.views AS thread_views, t.lastpost AS thread_lastpost, t.closed AS thread_closed, t.uid as thread_uid
 778              FROM ".TABLE_PREFIX."posts p
 779              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 780              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 781              WHERE p.pid IN (".$db->escape_string($search['posts']).")
 782              ORDER BY $sortfield $order
 783              LIMIT $start, $perpage
 784          ");
 785          while($post = $db->fetch_array($query))
 786          {
 787              $bgcolor = alt_trow();
 788              if(!$post['visible'])
 789              {
 790                  $bgcolor = 'trow_shaded';
 791              }
 792              if($post['userusername'])
 793              {
 794                  $post['username'] = $post['userusername'];
 795              }
 796              $post['profilelink'] = build_profile_link($post['username'], $post['uid']);
 797              $post['subject'] = $parser->parse_badwords($post['subject']);
 798              $post['thread_subject'] = $parser->parse_badwords($post['thread_subject']);
 799              $post['thread_subject'] = htmlspecialchars_uni($post['thread_subject']);
 800  
 801              if($icon_cache[$post['icon']])
 802              {
 803                  $posticon = $icon_cache[$post['icon']];
 804                  $icon = "<img src=\"".$posticon['path']."\" alt=\"".$posticon['name']."\" />";
 805              }
 806              else
 807              {
 808                  $icon = "&nbsp;";
 809              }
 810  
 811              if($forumcache[$thread['fid']])
 812              {
 813                  $post['forumlink'] = "<a href=\"".get_forum_link($post['fid'])."\">".$forumcache[$post['fid']]['name']."</a>";
 814              }
 815              else
 816              {
 817                  $post['forumlink'] = "";
 818              }
 819              // Determine the folder

 820              $folder = '';
 821              $folder_label = '';
 822              $gotounread = '';
 823              $isnew = 0;
 824              $donenew = 0;
 825              $last_read = 0;
 826              $post['thread_lastread'] = $readthreads[$post['tid']];
 827  
 828              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'])
 829              {
 830                  $forum_read = $readforums[$post['fid']];
 831              
 832                  $read_cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 833                  if($forum_read == 0 || $forum_read < $read_cutoff)
 834                  {
 835                      $forum_read = $read_cutoff;
 836                  }
 837              }
 838              else
 839              {
 840                  $forum_read = $forumsread[$post['fid']];
 841              }
 842  
 843              if($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid'] && $post['thread_lastpost'] > $forum_read)
 844              {
 845                  $cutoff = TIME_NOW-$mybb->settings['threadreadcut']*60*60*24;
 846                  if($post['thread_lastpost'] > $cutoff)
 847                  {
 848                      if($post['thread_lastread'])
 849                      {
 850                          $last_read = $post['thread_lastread'];
 851                      }
 852                      else
 853                      {
 854                          $last_read = 1;
 855                      }
 856                  }
 857              }
 858  
 859              if($dot_icon[$post['tid']])
 860              {
 861                  $folder = "dot_";
 862                  $folder_label .= $lang->icon_dot;
 863              }
 864  
 865              if(!$last_read)
 866              {
 867                  $readcookie = $threadread = my_get_array_cookie("threadread", $post['tid']);
 868                  if($readcookie > $forum_read)
 869                  {
 870                      $last_read = $readcookie;
 871                  }
 872                  elseif($forum_read > $mybb->user['lastvisit'])
 873                  {
 874                      $last_read = $forum_read;
 875                  }
 876                  else
 877                  {
 878                      $last_read = $mybb->user['lastvisit'];
 879                  }
 880              }
 881  
 882              if($post['thread_lastpost'] > $last_read && $last_read)
 883              {
 884                  $folder .= "new";
 885                  $folder_label .= $lang->icon_new;
 886                  eval("\$gotounread = \"".$templates->get("forumdisplay_thread_gotounread")."\";");
 887                  $unreadpost = 1;
 888              }
 889              else
 890              {
 891                  $folder_label .= $lang->icon_no_new;
 892              }
 893  
 894              if($post['thread_replies'] >= $mybb->settings['hottopic'] || $post['thread_views'] >= $mybb->settings['hottopicviews'])
 895              {
 896                  $folder .= "hot";
 897                  $folder_label .= $lang->icon_hot;
 898              }
 899              if($post['thread_closed'] == 1)
 900              {
 901                  $folder .= "lock";
 902                  $folder_label .= $lang->icon_lock;
 903              }
 904              $folder .= "folder";
 905  
 906              $post['thread_replies'] = my_number_format($post['thread_replies']);
 907              $post['thread_views'] = my_number_format($post['thread_views']);
 908  
 909              if($forumcache[$post['fid']])
 910              {
 911                  $post['forumlink'] = "<a href=\"".get_forum_link($post['fid'])."\">".$forumcache[$post['fid']]['name']."</a>";
 912              }
 913              else
 914              {
 915                  $post['forumlink'] = "";
 916              }
 917  
 918              if(!$post['subject'])
 919              {
 920                  $post['subject'] = $post['message'];
 921              }
 922              if(my_strlen($post['subject']) > 50)
 923              {
 924                  $post['subject'] = htmlspecialchars_uni(my_substr($post['subject'], 0, 50)."...");
 925              }
 926              else
 927              {
 928                  $post['subject'] = htmlspecialchars_uni($post['subject']);
 929              }
 930              // What we do here is parse the post using our post parser, then strip the tags from it

 931              $parser_options = array(
 932                  'allow_html' => 0,
 933                  'allow_mycode' => 1,
 934                  'allow_smilies' => 0,
 935                  'allow_imgcode' => 0,
 936                  'filter_badwords' => 1
 937              );
 938              $post['message'] = strip_tags($parser->parse_message($post['message'], $parser_options));
 939              if(my_strlen($post['message']) > 200)
 940              {
 941                  $prev = my_substr($post['message'], 0, 200)."...";
 942              }
 943              else
 944              {
 945                  $prev = $post['message'];
 946              }
 947              $posted = my_date($mybb->settings['dateformat'], $post['dateline']).", ".my_date($mybb->settings['timeformat'], $post['dateline']);
 948              
 949              $thread_url = get_thread_link($post['tid']);
 950              $post_url = get_post_link($post['pid'], $post['tid']);
 951              
 952              // Inline post moderation

 953              $inline_mod_checkbox = '';
 954              if($is_supermod || is_moderator($post['fid']))
 955              {
 956                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_inlinecheck")."\";");
 957              }
 958              elseif($is_mod)
 959              {
 960                  eval("\$inline_mod_checkbox = \"".$templates->get("search_results_posts_nocheck")."\";");
 961              }
 962  
 963              $plugins->run_hooks("search_results_post");
 964              eval("\$results .= \"".$templates->get("search_results_posts_post")."\";");
 965          }
 966          if(!$results)
 967          {
 968              error($lang->error_nosearchresults);
 969          }
 970          $multipage = multipage($postcount, $perpage, $page, "search.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->input['sid'])."&amp;sortby=$sortby&amp;order=$order&amp;uid=".$mybb->input['uid']);
 971          if($upper > $postcount)
 972          {
 973              $upper = $postcount;
 974          }
 975          
 976          // Inline Post Moderation Options

 977          if($is_mod)
 978          {
 979              // If user has moderation tools available, prepare the Select All feature

 980              $num_results = $db->num_rows($query);
 981              $lang->page_selected = $lang->sprintf($lang->page_selected, intval($num_results));
 982              $lang->select_all = $lang->sprintf($lang->select_all, intval($postcount));
 983              $lang->all_selected = $lang->sprintf($lang->all_selected, intval($postcount));
 984              eval("\$selectall = \"".$templates->get("search_posts_inlinemoderation_selectall")."\";");
 985              
 986              $customthreadtools = $customposttools = '';
 987              switch($db->type)
 988              {
 989                  case "pgsql":
 990                  case "sqlite":
 991                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (','||forums||',' LIKE '%,-1,%' OR forums='')");
 992                      break;
 993                  default:
 994                      $query = $db->simple_select("modtools", "tid, name, type", "type='p' AND (CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='')");
 995              }
 996              
 997              while($tool = $db->fetch_array($query))
 998              {
 999                  eval("\$customposttools .= \"".$templates->get("search_results_posts_inlinemoderation_custom_tool")."\";");
1000              }
1001              // Build inline moderation dropdown

1002              if(!empty($customposttools))
1003              {
1004                  eval("\$customposttools = \"".$templates->get("search_results_posts_inlinemoderation_custom")."\";");
1005              }
1006              eval("\$inlinemod = \"".$templates->get("search_results_posts_inlinemoderation")."\";");
1007          }
1008          
1009          $plugins->run_hooks("search_results_end");
1010  
1011          eval("\$searchresults = \"".$templates->get("search_results_posts")."\";");
1012          output_page($searchresults);
1013      }
1014  }
1015  elseif($mybb->input['action'] == "findguest")
1016  {
1017      $where_sql = "uid='0'";
1018  
1019      $unsearchforums = get_unsearchable_forums();
1020      if($unsearchforums)
1021      {
1022          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1023      }
1024      $inactiveforums = get_inactive_forums();
1025      if($inactiveforums)
1026      {
1027          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1028      }
1029      
1030      $permsql = "";
1031      $onlyusfids = array();
1032  
1033      // Check group permissions if we can't view threads not started by us

1034      $group_permissions = forum_permissions();
1035      foreach($group_permissions as $fid => $forum_permissions)
1036      {
1037          if($forum_permissions['canonlyviewownthreads'] == 1)
1038          {
1039              $onlyusfids[] = $fid;
1040          }
1041      }
1042      if(!empty($onlyusfids))
1043      {
1044          $where_sql .= " AND fid NOT IN(".implode(',', $onlyusfids).")";
1045      }
1046      
1047      $options = array(
1048          'order_by' => 'dateline',
1049          'order_dir' => 'desc'
1050      );
1051  
1052      // Do we have a hard search limit?

1053      if($mybb->settings['searchhardlimit'] > 0)
1054      {
1055          $options['limit'] = intval($mybb->settings['searchhardlimit']);
1056      }
1057  
1058      $pids = '';
1059      $comma = '';
1060      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1061      while($pid = $db->fetch_field($query, "pid"))
1062      {
1063              $pids .= $comma.$pid;
1064              $comma = ',';
1065      }
1066  
1067      $tids = '';
1068      $comma = '';
1069      $query = $db->simple_select("threads", "tid", $where_sql);
1070      while($tid = $db->fetch_field($query, "tid"))
1071      {
1072              $tids .= $comma.$tid;
1073              $comma = ',';
1074      }
1075  
1076      $sid = md5(uniqid(microtime(), 1));
1077      $searcharray = array(
1078          "sid" => $db->escape_string($sid),
1079          "uid" => $mybb->user['uid'],
1080          "dateline" => TIME_NOW,
1081          "ipaddress" => $db->escape_string($session->ipaddress),
1082          "threads" => $db->escape_string($tids),
1083          "posts" => $db->escape_string($pids),
1084          "resulttype" => "posts",
1085          "querycache" => '',
1086          "keywords" => ''
1087      );
1088      $plugins->run_hooks("search_do_search_process");
1089      $db->insert_query("searchlog", $searcharray);
1090      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1091  }
1092  elseif($mybb->input['action'] == "finduser")
1093  {
1094      $where_sql = "uid='".intval($mybb->input['uid'])."'";
1095      
1096      $unsearchforums = get_unsearchable_forums();
1097      if($unsearchforums)
1098      {
1099          $where_sql .= " AND fid NOT IN ($unsearchforums)";
1100      }
1101      $inactiveforums = get_inactive_forums();
1102      if($inactiveforums)
1103      {
1104          $where_sql .= " AND fid NOT IN ($inactiveforums)";
1105      }
1106      
1107      $permsql = "";
1108      $onlyusfids = array();
1109  
1110      // Check group permissions if we can't view threads not started by us

1111      $group_permissions = forum_permissions();
1112      foreach($group_permissions as $fid => $forum_permissions)
1113      {
1114          if($forum_permissions['canonlyviewownthreads'] == 1)
1115          {
1116              $onlyusfids[] = $fid;
1117          }
1118      }
1119      if(!empty($onlyusfids))
1120      {
1121          $where_sql .= "AND ((fid IN(".implode(',', $onlyusfids).") AND uid='{$mybb->user['uid']}') OR fid NOT IN(".implode(',', $onlyusfids)."))";
1122      }
1123  
1124      $options = array(
1125          'order_by' => 'dateline',
1126          'order_dir' => 'desc'
1127      );
1128  
1129      // Do we have a hard search limit?

1130      if($mybb->settings['searchhardlimit'] > 0)
1131      {
1132          $options['limit'] = intval($mybb->settings['searchhardlimit']);
1133      }
1134  
1135      $pids = '';
1136      $comma = '';
1137      $query = $db->simple_select("posts", "pid", "{$where_sql}", $options);
1138      while($pid = $db->fetch_field($query, "pid"))
1139      {
1140              $pids .= $comma.$pid;
1141              $comma = ',';
1142      }
1143  
1144      $tids = '';
1145      $comma = '';
1146      $query = $db->simple_select("threads", "tid", $where_sql);
1147      while($tid = $db->fetch_field($query, "tid"))
1148      {
1149              $tids .= $comma.$tid;
1150              $comma = ',';
1151      }
1152  
1153      $sid = md5(uniqid(microtime(), 1));
1154      $searcharray = array(
1155          "sid" => $db->escape_string($sid),
1156          "uid" => $mybb->user['uid'],
1157          "dateline" => TIME_NOW,
1158          "ipaddress" => $db->escape_string($session->ipaddress),
1159          "threads" => $db->escape_string($tids),
1160          "posts" => $db->escape_string($pids),
1161          "resulttype" => "posts",
1162          "querycache" => '',
1163          "keywords" => ''
1164      );
1165      $plugins->run_hooks("search_do_search_process");
1166      $db->insert_query("searchlog", $searcharray);
1167      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1168  }
1169  elseif($mybb->input['action'] == "finduserthreads")
1170  {
1171      $where_sql = "t.uid='".intval($mybb->input['uid'])."'";
1172  
1173      $unsearchforums = get_unsearchable_forums();
1174      if($unsearchforums)
1175      {
1176          $where_sql .= " AND t.fid NOT IN ($unsearchforums)";
1177      }
1178      $inactiveforums = get_inactive_forums();
1179      if($inactiveforums)
1180      {
1181          $where_sql .= " AND t.fid NOT IN ($inactiveforums)";
1182      }
1183      
1184      $permsql = "";
1185      $onlyusfids = array();
1186  
1187      // Check group permissions if we can't view threads not started by us

1188      $group_permissions = forum_permissions();
1189      foreach($group_permissions as $fid => $forum_permissions)
1190      {
1191          if($forum_permissions['canonlyviewownthreads'] == 1)
1192          {
1193              $onlyusfids[] = $fid;
1194          }
1195      }
1196      if(!empty($onlyusfids))
1197      {
1198          $where_sql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
1199      }
1200  
1201      $sid = md5(uniqid(microtime(), 1));
1202      $searcharray = array(
1203          "sid" => $db->escape_string($sid),
1204          "uid" => $mybb->user['uid'],
1205          "dateline" => TIME_NOW,
1206          "ipaddress" => $db->escape_string($session->ipaddress),
1207          "threads" => '',
1208          "posts" => '',
1209          "resulttype" => "threads",
1210          "querycache" => $db->escape_string($where_sql),
1211          "keywords" => ''
1212      );
1213      $plugins->run_hooks("search_do_search_process");
1214      $db->insert_query("searchlog", $searcharray);
1215      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1216  }
1217  elseif($mybb->input['action'] == "getnew")
1218  {
1219      
1220      $where_sql = "t.lastpost >= '".intval($mybb->user['lastvisit'])."'";
1221  
1222      if($mybb->input['fid'])
1223      {
1224          $where_sql .= " AND t.fid='".intval($mybb->input['fid'])."'";
1225      }
1226      else if($mybb->input['fids'])
1227      {
1228          $fids = explode(',', $mybb->input['fids']);
1229          foreach($fids as $key => $fid)
1230          {
1231              $fids[$key] = intval($fid);
1232          }
1233          
1234          if(!empty($fids))
1235          {
1236              $where_sql .= " AND t.fid IN (".implode(',', $fids).")";
1237          }
1238      }
1239      
1240      $unsearchforums = get_unsearchable_forums();
1241      if($unsearchforums)
1242      {
1243          $where_sql .= " AND t.fid NOT IN ($unsearchforums)";
1244      }
1245      $inactiveforums = get_inactive_forums();
1246      if($inactiveforums)
1247      {
1248          $where_sql .= " AND t.fid NOT IN ($inactiveforums)";
1249      }
1250      
1251      $permsql = "";
1252      $onlyusfids = array();
1253  
1254      // Check group permissions if we can't view threads not started by us

1255      $group_permissions = forum_permissions();
1256      foreach($group_permissions as $fid => $forum_permissions)
1257      {
1258          if($forum_permissions['canonlyviewownthreads'] == 1)
1259          {
1260              $onlyusfids[] = $fid;
1261          }
1262      }
1263      if(!empty($onlyusfids))
1264      {
1265          $where_sql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
1266      }
1267  
1268      $sid = md5(uniqid(microtime(), 1));
1269      $searcharray = array(
1270          "sid" => $db->escape_string($sid),
1271          "uid" => $mybb->user['uid'],
1272          "dateline" => TIME_NOW,
1273          "ipaddress" => $db->escape_string($session->ipaddress),
1274          "threads" => '',
1275          "posts" => '',
1276          "resulttype" => "threads",
1277          "querycache" => $db->escape_string($where_sql),
1278          "keywords" => ''
1279      );
1280  
1281      $plugins->run_hooks("search_do_search_process");
1282      $db->insert_query("searchlog", $searcharray);
1283      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1284  }
1285  elseif($mybb->input['action'] == "getdaily")
1286  {
1287      if($mybb->input['days'] < 1)
1288      {
1289          $days = 1;
1290      }
1291      else
1292      {
1293          $days = intval($mybb->input['days']);
1294      }
1295      $datecut = TIME_NOW-(86400*$days);
1296  
1297      $where_sql = "t.lastpost >='".$datecut."'";
1298  
1299      if($mybb->input['fid'])
1300      {
1301          $where_sql .= " AND t.fid='".intval($mybb->input['fid'])."'";
1302      }
1303      else if($mybb->input['fids'])
1304      {
1305          $fids = explode(',', $mybb->input['fids']);
1306          foreach($fids as $key => $fid)
1307          {
1308              $fids[$key] = intval($fid);
1309          }
1310          
1311          if(!empty($fids))
1312          {
1313              $where_sql .= " AND t.fid IN (".implode(',', $fids).")";
1314          }
1315      }
1316      
1317      $unsearchforums = get_unsearchable_forums();
1318      if($unsearchforums)
1319      {
1320          $where_sql .= " AND t.fid NOT IN ($unsearchforums)";
1321      }
1322      $inactiveforums = get_inactive_forums();
1323      if($inactiveforums)
1324      {
1325          $where_sql .= " AND t.fid NOT IN ($inactiveforums)";
1326      }
1327      
1328      $permsql = "";
1329      $onlyusfids = array();
1330  
1331      // Check group permissions if we can't view threads not started by us

1332      $group_permissions = forum_permissions();
1333      foreach($group_permissions as $fid => $forum_permissions)
1334      {
1335          if($forum_permissions['canonlyviewownthreads'] == 1)
1336          {
1337              $onlyusfids[] = $fid;
1338          }
1339      }
1340      if(!empty($onlyusfids))
1341      {
1342          $where_sql .= "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
1343      }
1344  
1345      $sid = md5(uniqid(microtime(), 1));
1346      $searcharray = array(
1347          "sid" => $db->escape_string($sid),
1348          "uid" => $mybb->user['uid'],
1349          "dateline" => TIME_NOW,
1350          "ipaddress" => $db->escape_string($session->ipaddress),
1351          "threads" => '',
1352          "posts" => '',
1353          "resulttype" => "threads",
1354          "querycache" => $db->escape_string($where_sql),
1355          "keywords" => ''
1356      );
1357  
1358      $plugins->run_hooks("search_do_search_process");
1359      $db->insert_query("searchlog", $searcharray);
1360      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1361  }
1362  elseif($mybb->input['action'] == "do_search" && $mybb->request_method == "post")
1363  {
1364      $plugins->run_hooks("search_do_search_start");
1365  
1366      // Check if search flood checking is enabled and user is not admin

1367      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1368      {
1369          // Fetch the time this user last searched

1370          if($mybb->user['uid'])
1371          {
1372              $conditions = "uid='{$mybb->user['uid']}'";
1373          }
1374          else
1375          {
1376              $conditions = "uid='0' AND ipaddress='".$db->escape_string($session->ipaddress)."'";
1377          }
1378          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1379          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1380          $last_search = $db->fetch_array($query);
1381          // Users last search was within the flood time, show the error

1382          if($last_search['sid'])
1383          {
1384              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1385              if($remaining_time == 1)
1386              {
1387                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1388              }
1389              else
1390              {
1391                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1392              }
1393              error($lang->error_searchflooding);
1394          }
1395      }
1396      if($mybb->input['showresults'] == "threads")
1397      {
1398          $resulttype = "threads";
1399      }
1400      else
1401      {
1402          $resulttype = "posts";
1403      }
1404  
1405      $search_data = array(
1406          "keywords" => $mybb->input['keywords'],
1407          "author" => $mybb->input['author'],
1408          "postthread" => $mybb->input['postthread'],
1409          "matchusername" => $mybb->input['matchusername'],
1410          "postdate" => $mybb->input['postdate'],
1411          "pddir" => $mybb->input['pddir'],
1412          "forums" => $mybb->input['forums'],
1413          "findthreadst" => $mybb->input['findthreadst'],
1414          "numreplies" => $mybb->input['numreplies'],
1415          "threadprefix" => $mybb->input['threadprefix']
1416      );
1417      
1418      if(is_moderator() && !empty($mybb->input['visible']))
1419      {
1420          if($mybb->input['visible'] == 1)
1421          {
1422              $search_data['visible'] = 1;
1423          }
1424          else
1425          {
1426              $search_data['visible'] = 0;
1427          }
1428      }
1429  
1430      if($db->can_search == true)
1431      {
1432          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1433          {
1434              $search_results = perform_search_mysql_ft($search_data);
1435          }
1436          else
1437          {
1438              $search_results = perform_search_mysql($search_data);
1439          }
1440      }
1441      else
1442      {
1443          error($lang->error_no_search_support);
1444      }
1445      $sid = md5(uniqid(microtime(), 1));
1446      $searcharray = array(
1447          "sid" => $db->escape_string($sid),
1448          "uid" => $mybb->user['uid'],
1449          "dateline" => $now,
1450          "ipaddress" => $db->escape_string($session->ipaddress),
1451          "threads" => $search_results['threads'],
1452          "posts" => $search_results['posts'],
1453          "resulttype" => $resulttype,
1454          "querycache" => $search_results['querycache'],
1455          "keywords" => $db->escape_string($mybb->input['keywords']),
1456      );
1457      $plugins->run_hooks("search_do_search_process");
1458  
1459      $db->insert_query("searchlog", $searcharray);
1460  
1461      if(my_strtolower($mybb->input['sortordr']) == "asc" || my_strtolower($mybb->input['sortordr'] == "desc"))
1462      {
1463          $sortorder = $mybb->input['sortordr'];
1464      }
1465      else
1466      {
1467          $sortorder = "desc";
1468      }
1469      $sortby = htmlspecialchars_uni($mybb->input['sortby']);
1470      $plugins->run_hooks("search_do_search_end");
1471      redirect("search.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
1472  }
1473  else if($mybb->input['action'] == "thread")
1474  {
1475      // Fetch thread info

1476      $thread = get_thread($mybb->input['tid']);
1477      if(!$thread['tid'] || (($thread['visible'] == 0 && !is_moderator($thread['fid'])) || $thread['visible'] < 0))
1478      {
1479          error($lang->error_invalidthread);
1480      }
1481  
1482      // Get forum info

1483      $forum = get_forum($thread['fid']);
1484      if(!$forum)
1485      {
1486          error($lang->error_invalidforum);
1487      }
1488  
1489      $forum_permissions = forum_permissions($forum['fid']);
1490  
1491      if($forum['open'] == 0 || $forum['type'] != "f")
1492      {
1493          error($lang->error_closedinvalidforum);
1494      }
1495      if($forum_permissions['canview'] == 0 || $forum_permissions['canviewthreads'] != 1 || (isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
1496      {
1497          error_no_permission();
1498      }
1499  
1500      $plugins->run_hooks("search_thread_start");
1501  
1502      // Check if search flood checking is enabled and user is not admin

1503      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
1504      {
1505          // Fetch the time this user last searched

1506          if($mybb->user['uid'])
1507          {
1508              $conditions = "uid='{$mybb->user['uid']}'";
1509          }
1510          else
1511          {
1512              $conditions = "uid='0' AND ipaddress='".$db->escape_string($session->ipaddress)."'";
1513          }
1514          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
1515          $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
1516          $last_search = $db->fetch_array($query);
1517  
1518          // We shouldn't show remaining time if time is 0 or under.

1519          $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
1520          // Users last search was within the flood time, show the error.

1521          if($last_search['sid'] && $remaining_time > 0)
1522          {
1523              if($remaining_time == 1)
1524              {
1525                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
1526              }
1527              else
1528              {
1529                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
1530              }
1531              error($lang->error_searchflooding);
1532          }
1533      }
1534  
1535      $search_data = array(
1536          "keywords" => $mybb->input['keywords'],
1537          "postthread" => 1,
1538          "tid" => $mybb->input['tid']
1539      );
1540  
1541      if($db->can_search == true)
1542      {
1543          if($mybb->settings['searchtype'] == "fulltext" && $db->supports_fulltext_boolean("posts") && $db->is_fulltext("posts"))
1544          {
1545              $search_results = perform_search_mysql_ft($search_data);
1546          }
1547          else
1548          {
1549              $search_results = perform_search_mysql($search_data);
1550          }
1551      }
1552      else
1553      {
1554          error($lang->error_no_search_support);
1555      }
1556      $sid = md5(uniqid(microtime(), 1));
1557      $searcharray = array(
1558          "sid" => $db->escape_string($sid),
1559          "uid" => $mybb->user['uid'],
1560          "dateline" => $now,
1561          "ipaddress" => $db->escape_string($session->ipaddress),
1562          "threads" => $search_results['threads'],
1563          "posts" => $search_results['posts'],
1564          "resulttype" => 'posts',
1565          "querycache" => $search_results['querycache'],
1566          "keywords" => $db->escape_string($mybb->input['keywords'])
1567      );
1568      $plugins->run_hooks("search_thread_process");
1569  
1570      $db->insert_query("searchlog", $searcharray);
1571  
1572      $plugins->run_hooks("search_do_search_end");
1573      redirect("search.php?action=results&sid=".$sid, $lang->redirect_searchresults);
1574  }
1575  else
1576  {
1577      $plugins->run_hooks("search_start");
1578      $srchlist = make_searchable_forums("", $fid);
1579      $prefixselect = build_prefix_select('all', 'any', 1);
1580      
1581      $rowspan = 5;
1582      
1583      if(is_moderator())
1584      {
1585          $rowspan += 2;
1586          eval("\$moderator_options = \"".$templates->get("search_moderator_options")."\";");
1587      }
1588      
1589      $plugins->run_hooks("search_end");
1590      
1591      eval("\$search = \"".$templates->get("search")."\";");
1592      output_page($search);
1593  }
1594  
1595  ?>

title

Description

title

Description

title

Description

title

title

Body