<?php
/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package QuickTicket
* @author Philippe Vandenberghe <hide@address.com>
* @copyright 2008-2012 The PHP Group
* @version 2.3 build:20091102
*/
session_start();
require_once('bin/qti_init.php');
if ( !$oVIP->CanView('V5') ) HtmlPage(11);
$oVIP->output='print';
if ( !isset($_GET['a']) ) die('Missing parameter a');
$strAction = strip_tags($_GET['a']);
// INITIALISE
$bMap = UseModule('map');
if ( $bMap ) { if ( empty($_SESSION[QT]['m_map_gkey']) ) $bMap=false; }
if ( $bMap ) { require_once('qtim_map_lib.php'); if ( !QTgcanmap('S',$oVIP->role) ) $bMap=false; }
if ( $bMap ) include(Translate('qtim_map.php'));
$s = -1;
$intYear = 0;
$k1 = '';
$k2 = '';
$k3 = '';
$strOrder = 'lastpostdate';
$strDir = 'DESC';
$intLimit = 0;
$intPage = 1;
$strExtraparam ='';
$arrMe[] = array();
// security check 1
if ( isset($_GET['s']) ) $s = intval(strip_tags($_GET['s']));
if ( isset($_GET['y']) ) $intYear = intval(strip_tags($_GET['y']));
if ( isset($_GET['order']) ) $strOrder = strip_tags($_GET['order']);
if ( isset($_GET['dir']) ) $strDir = strip_tags($_GET['dir']);
if ( isset($_GET['page']) ) $intPage = intval(strip_tags($_GET['page']));
if ( isset($_GET['view']) ) $_SESSION[QT]['viewmode'] = strip_tags($_GET['view']);
if ( isset($_GET['k1']) ) $k1 = strip_tags($_GET['k1']);
if ( isset($_GET['k2']) ) $k2 = strip_tags($_GET['k2']);
if ( isset($_GET['k3']) ) $k3 = strip_tags($_GET['k3']);
if ( isset($_GET['debug']) )
{
echo '$strAction=',$strAction,' | ';
echo '$s=',$s,' | ';
echo '$intYear=',$intYear,' | ';
echo '$strOrder=',$strOrder,' | ';
echo '$strDir=',$strDir,' | ';
echo '$intPage=',$intPage,' | ';
echo '$view=',$_SESSION[QT]['viewmode'],' | ';
echo '$k1=',$k1,' | ';
echo '$k2=',$k2,' | ';
echo '$k3=',$k3,' | ';
}
// security check 2 (no long argument)
if ( strlen($strOrder)>20 ) die('Invalid argument #order');
if ( strlen($strDir)>4 ) die('Invalid argument #dir');
if ( strlen($k3)>24 ) die('Invalid argument #name');
switch($strAction)
{
case 'ref':
$oVIP->selfname = $L['Search_by_ref'];
if ( empty($k1) ) $error = $L['Ref'].' '.$L['E_invalid'];
if ( strstr($k1,'.') ) $error = $L['Ref'].' '.$L['E_invalid'];
if ( strstr($k1,',') ) $error = $L['Ref'].' '.$L['E_invalid'];
if ( !is_numeric($k1) ) $error = $L['Ref'].' '.$L['E_invalid'];
$k1 = intval($k1);
break;
case 'kw':
$oVIP->selfname = $L['Search_by_key'];
if ( empty($k1) ) $error = $L['Keywords'].' '.$L['E_invalid'];
if ( strlen($k1)>64 ) die('Invalid argument #k1');
if ( strlen($k2)>2 ) die('Invalid argument #k2'); // sp: single phrase
if ( strlen($k3)>2 ) die('Invalid argument #k3'); // to: title only
$arrKeys = split(' ',$k1);
if ( $k2!='0' && $k2!='1' ) $error = $L['Keywords'].' k2 > '.$L['E_invalid'];
if ( $k3!='0' && $k3!='1' ) $error = $L['Keywords'].' k3 > '.$L['E_invalid'];
if ( $k2=='1' )
{
if ( count($arrKeys)<1 ) $k2='0';
if ( count($arrKeys)>5 ) $error = $L['Too_many_keys'];
}
break;
case 'last':
$oVIP->selfname = $L['Search_result'];
break;
case 'news':
$oVIP->selfname = $L['Search_result'];
break;
case 'user':
$oVIP->selfname = $L['Search_result'];
if ( $k1=='' ) $error = 'Userid '.$L['E_invalid'];
$k1 = intval($k1);
if ( $k1<0 ) $error = 'Userid '.$L['E_invalid'];
if ( !empty($k2) ) $k2 = urldecode($k2);
break;
case 'actor':
$oVIP->selfname = $L['Search_result'];
if ( $k1=='' ) $error = 'Userid '.$L['E_invalid'];
$k1 = intval($k1);
if ( $k1<0 ) $error = 'Userid '.$L['E_invalid'];
if ( !empty($k2) ) $k2 = urldecode($k2);
break;
case 'tst': // time status tags
$oVIP->selfname = $L['Advanced_search'];
$k3 = strip_tags($_GET['k3']); if ( substr($k3,-1,1)==';' ) $k3 = substr($k3,0,-1);
if ( empty($k3) ) { $arrTags=array(); } else { $arrTags = explode(';',$k3); }
if ( strlen($k1)>2 ) die('Invalid argument #time');
if ( $intYear<1970 || $intYear>2070 ) die('Invalid argument #y');
break;
}
// stop if error
if ( !empty($error) )
{
$oVIP->EndMessage(NULL,$error,$_SESSION[QT]['skin_dir'],0);
}
// end initialise
$intLimit = ($intPage-1)*$_SESSION[QT]['topics_per_page'];
$oVIP->selfurl = 'qti_search_re.php';
$oVIP->exiturl = 'qti_search.php?'.QTargimplode(QTargexplode());
$oVIP->exitname = $L['Search'];
include('bin/qti_fn_sql.php');
// --------
// QUERY
// --------
$strField = 't.*,s.prefix,p.icon,p.title,p.textmsg,s.numfield ';
// Section option (and check if ref exists)
$bAddRef=false;
$strSection = 't.forum = '.$s;
if ( $s<0 )
{
$strSection = 't.forum>=0 AND s.type<>"1"';
if ( $oVIP->IsStaff() ) $strSection = 't.forum>=0';
if ( count(GetSections($oVIP->role,-1,-1,'s.numfield<>"N"'))>0 ) $bAddRef=TRUE;
}
else
{
if ( count(GetSections('A',-1,-1,'s.numfield<>"N" AND s.id='.$s))>0 ) $bAddRef=TRUE;
}
// Query definition
switch($strAction)
{
case 'ref':
$strFrom = 'FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum=s.id INNER JOIN '.TABPOST.' p ON t.firstpostid = p.id ';
$strWhere = 'WHERE '.$strSection.' AND t.numid='.$k1;
$strCount = 'SELECT count(*) as countid '.$strFrom.$strWhere;
break;
case 'kw':
// full word criteria
$qryTitle = 'UPPER(p.title) LIKE "%'.strtoupper($k1).'%"';
switch ($oDB->type)
{
case 'mssql':$qryMessage = 'UPPER(CAST(p.textmsg AS VARCHAR(2000))) LIKE "%'.strtoupper($k1).'%"'; break;
case 'db2': $qryMessage = 'UPPER(p.textmsg2) LIKE "%'.strtoupper($k1).'%"'; break;
default: $qryMessage = 'UPPER(p.textmsg) LIKE "%'.strtoupper($k1).'%"'; break;
}
// split criteria
if ( $k2=='1' )
{
$qryTitle = '(';
$qryMessage = '(';
$qryOr = '';
foreach($arrKeys as $intKey=>$strValue)
{
$qryTitle .= $qryOr.'UPPER(p.title) LIKE "%'.strtoupper($strValue).'%"';
switch ($oDB->type)
{
case 'mssql':$qryMessage .= $qryOr.'UPPER(CAST(p.textmsg AS VARCHAR(2000))) LIKE "%'.strtoupper($strValue).'%"'; break;
case 'db2': $qryMessage .= $qryOr.'UPPER(p.textmsg2) LIKE "%'.strtoupper($strValue).'%"'; break;
default: $qryMessage .= $qryOr.'UPPER(p.textmsg) LIKE "%'.strtoupper($strValue).'%"'; break;
}
$qryOr = ' OR ';
}
$qryTitle .= ') ';
$qryMessage .= ') ';
}
$strFrom = 'FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum=s.id INNER JOIN '.TABPOST.' p ON t.firstpostid = p.id ';
$strWhere = 'WHERE '.$strSection.' AND '.( $k3=='1' ? $qryTitle : "($qryTitle OR $qryMessage)");
$strCount = 'SELECT count(*) as countid '.$strFrom.$strWhere;
break;
case 'news':
$strFrom = 'FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum=s.id INNER JOIN '.TABPOST.' p ON t.firstpostid = p.id ';
$strWhere = 'WHERE '.$strSection.' AND t.type="A"';
$strCount = 'SELECT count(*) as countid FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum=s.id WHERE '.$strSection.' AND t.type="A"';
break;
case 'last':
// get the lastpost date
$oDB->Query('SELECT max(t.lastpostdate) as f1 FROM '.TABTOPIC.' t ');
$row = $oDB->Getrow();
if ( empty($row['f1']) ) $row['f1'] = date('Ymd');
$strDate = DateAdd($row['f1'],-7,'day');
// query post of this day
$strWhere = 'WHERE '.$strSection.' AND '.SqlDateCondition($strDate,'t.lastpostdate',8,'>');
$strFrom = 'FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum = s.id INNER JOIN '.TABPOST.' p ON t.firstpostid = p.id ';
$strCount = 'SELECT count(*) as countid FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum=s.id '.$strWhere;
break;
case 'user':
$strFrom = 'FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum=s.id INNER JOIN '.TABPOST.' p ON t.firstpostid = p.id ';
$strWhere = 'WHERE t.firstpostuser='.$k1;
$strCount = 'SELECT count(*) as countid FROM '.TABTOPIC.' WHERE firstpostuser='.$k1;
break;
case 'actor':
$strFrom = 'FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum=s.id INNER JOIN '.TABPOST.' p ON t.firstpostid = p.id ';
$strWhere = 'WHERE t.actorid='.$k1;
$strCount = 'SELECT count(*) as countid FROM '.TABTOPIC.' WHERE actorid='.$k1;
break;
case 'tst':
// date this week (by default)
if ( $k1=='m' ) $k1=date('n');
if ( $k1=='-1' )
{
$strWhere = 't.firstpostdate>"0"';
}
elseif ( $k1=='y' )
{
$strWhere = SqlDateCondition($intYear,'t.firstpostdate'); // this year
}
elseif ( $k1=='w' )
{
$strWhere = SqlDateCondition(DateAdd(date('Ymd'),-8,'day'),'t.firstpostdate',8,'>'); // this week
}
else
{
$intMonth = intval($k1); // the month
if ( $intYear==date('Y') && $intMonth>date('n') ) $intYear = $intYear-1; // check if month from previous year
$strWhere = SqlDateCondition(($intYear*100+$intMonth),'t.firstpostdate',6);
}
$strWhere = 'WHERE '.$strSection.' AND '.$strWhere;
// criteria status
if ( $k2!='-1' ) $strWhere .= ' AND t.status="'.$k2.'"';
// criteria tag
$str = '';
foreach($arrTags as $strTag)
{
if ( !empty($str) ) $str .= ' OR ';
$str .= 't.tags LIKE "%'.$strTag.'%"';
}
if ( !empty($str) ) $strWhere .= ' AND ('.$str.')';
$strFrom = 'FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum=s.id INNER JOIN '.TABPOST.' p ON t.firstpostid = p.id ';
$strCount = 'SELECT count(*) as countid FROM '.TABTOPIC.' t INNER JOIN '.TABSECTION.' s ON t.forum=s.id '.$strWhere;
break;
}
// MAP MODULE
if ( UseModule('map') ) { $strCheck='S'; include('qtim_map_ini.php'); } else { $bMap=false; }
// --------
// HTML START
// --------
$bJava = false;
include('qti_p_header.php');
echo '<h2>',$oVIP->selfname,'</h2>',N;
// -----
// COUNT
// -----
$oDB->Query( $strCount );
$row = $oDB->Getrow();
$intCount = $row['countid'];
// FOUND
switch($strAction)
{
case 'ref':
$strSubtitle = $k1;
if ( $s>=0 ) $strSubtitle .= ' ('.$L['Section'].': '.(isset($oVIP->sections[$s]) ? $oVIP->sections[$s] : '').')';
$strSubtitle = $L['Ref'].': '.$strSubtitle.' · '.LangS('Result',$intCount);
break;
case 'kw':
$strSubtitle = '"'.$k1.'" · '.LangS('Result',$intCount);
if ( $k2=='0' && count($arrKeys)>1 )
{
$strSubtitle .= ' · <a href="'.$oVIP->selfurl.'?a=kw&k1='.$k1.'&k2=1&s='.$s.'&k3='.$k3.'">'.$L['Search_by_words'].'</a>';
}
if ( $k2=='1' && count($arrKeys)>1 )
{
$strSubtitle = '"'.implode('" '.$L['or'].' "',$arrKeys).'" · '.LangS('Result',$intCount);
$strSubtitle .= ' · <a href="'.$oVIP->selfurl.'?a=kw&k1='.$k1.'&k2=0&s='.$s.'&k3='.$k3.'">'.$L['Search_exact_words'].' "'.$k1.'"</a>';
}
$strExtraparam = '&k2='.$k2.'&k3='.$k3;
break;
case 'news':
$strSubtitle = $L['All_news'];
if ( $s>=0 ) $strSubtitle .= ' ('.$L['Section'].': '.(isset($oVIP->sections[$s]) ? $oVIP->sections[$s] : '').')';
break;
case 'last':
$strSubtitle = $L['Recent_messages'];
if ( $s>=0 ) $strSubtitle .= ' ('.$L['Section'].': '.(isset($oVIP->sections[$s]) ? $oVIP->sections[$s] : '').')';
break;
case 'user':
$strSubtitle = $L['Topics'].' '.strtolower($L['By']).' '.$k2;
if ( $s>=0 ) $strSubtitle .= ' ('.$L['Section'].': '.(isset($oVIP->sections[$s]) ? $oVIP->sections[$s] : '').')';
$strExtraparam = '&k2='.urlencode($k2);
break;
case 'actor':
$strSubtitle = $L['Topics_handled'].' '.strtolower($L['By']).' '.$k2;
if ( $s>=0 ) $strSubtitle .= ' ('.$L['Section'].': '.(isset($oVIP->sections[$s]) ? $oVIP->sections[$s] : '').')';
$strExtraparam = '&k2='.urlencode($k2);
break;
case 'tst':
$strSubtitle='';
if ( $k1=='-1' ) { $strSubtitle = $L['Any_time']; }
elseif ( $k1=='w' ) { $strSubtitle = $L['This_week']; }
elseif ( $k1=='m' ) { $strSubtitle = $L['This_month']; }
elseif ( $k1=='y' ) { $strSubtitle = $L['This_year']; }
elseif ( is_numeric($k1) ) $strSubtitle = $L['dateMMM'][intval($k1)].' '.$intYear;
if ( $k2=='-1' )
{
$strSubtitle .= ', '.$L['Any_status'];
}
else
{
$strSubtitle .= ', '.$oVIP->statuses[$k2]['statusname'];
}
if ( count($arrTags)>0 ) $strSubtitle .= ', '.$L['Tag_only'].' '.implode(' or ',$arrTags);
if ( $s>=0 ) $strSubtitle .= ' ('.$L['Section'].': '.(isset($oVIP->sections[$s]) ? $oVIP->sections[$s] : '').')';
$strSubtitle = '<p>'.$strSubtitle.' · '.LangS('Result',$intCount).'</p>';
$strExtraparam = '&k2='.$k2.'&k3='.$k3.'&y='.$intYear;
break;
}
// NO RESULT
if ($intCount==0)
{
echo '<p>',$strSubtitle,'</p>',N;
echo '<p>',$L['None'],'</p>',N;
echo '<p>« <a href="',$oVIP->exiturl,'">',$oVIP->exitname,'</a></p>';
include('qti_p_footer.php');
exit;
}
// -----
// QUERY
// -----
// order
$strFullOrder = 't.'.$strOrder.' '.$strDir;
if ( $strOrder=='title' ) $strFullOrder='p.title'.' '.$strDir;
if ( $strOrder=='sectiontitle' ) $strFullOrder='s.title'.' '.$strDir;
// second order
if ( $strOrder!='lastpostdate' ) $strFullOrder .= ',t.lastpostdate DESC';
if ( QTI_LIST_ME && $oVIP->numpost>0 )
{
$oDB->Query( 'SELECT p.topic,p.issuedate FROM '.TABPOST.' p INNER JOIN '.TABSECTION.' s ON p.forum=s.id WHERE '.str_replace('t.forum','p.forum',$strSection).' AND p.type="R" AND p.userid='.$oVIP->id.' AND p.issuedate>"'.DateAdd(date('Ymd'),-2,'year').'" ORDER BY p.issuedate DESC' );
while($row=$oDB->Getrow()) { $i=intval($row['topic']); if ( !isset($arrMe[$i]) ) $arrMe[$i]=$row['issuedate']; if ( count($arrMe)>100 ) break; }
}
$oDB->Query( LimitSQL($strField.$strFrom.$strWhere,$strFullOrder,$intLimit,$_SESSION[QT]['topics_per_page'],$intCount) );
// --------
// DISPLAY
// --------
echo '<p>',$strSubtitle,'</p>',N;
// Button line and pager
$strPager = MakePager("$oVIP->selfurl?a=$strAction&k1=$k1&s=$s&page=1".$strExtraparam,$intCount,$_SESSION[QT]['topics_per_page'],$intPage);
if ($strPager!='') $strPager = $L['Page'].$strPager;
// -- Displays pager --
echo '<table class="hidden" cellspacing="0">
<tr class="hidden">
<td class="hidden" id="pager_zt"> ',$strPager,'</td>
</tr></table>
';
// -- result --
echo '<table class="data_t" cellspacing="0">',N;
echo '<tr class="data_t data_t0">',N;
// ========
$arrFLD = array();
$oFLD = new cFLD('icon',' '); $oFLD->uid='status';$oFLD->desc='class=th_t th_t_ico th_t_first'; $arrFLD['icon']=$oFLD;
$oFLD = new cFLD('numid',$L['Ref']); $oFLD->desc='class=th_t th_t_ref;style=background-color:%bg'; if ( $bAddRef ) $arrFLD['numid']=$oFLD;
$oFLD = new cFLD('smile',' '); $oFLD->desc='class=th_t th_t_smi'; $arrFLD['smile']=$oFLD;
$oFLD = new cFLD('title',$L['Topics']); $oFLD->desc='class=th_t th_t_tit'; $arrFLD['title']=$oFLD;
$oFLD = new cFLD('you',' '); $oFLD->desc='class=th_t th_t_inf;style=width:10px'; if ( QTI_LIST_ME ) $arrFLD['you']=$oFLD;
$oFLD = new cFLD('sectiontitle',$L['Section']); $oFLD->desc='class=th_t th_t_inf'; $arrFLD['sectiontitle']=$oFLD;
$oFLD = new cFLD('firstpostname',$L['Topic_starter']); $oFLD->desc='class=th_t th_t_inf;style=width:125px'; $arrFLD['firstpostname']=$oFLD;
$oFLD = new cFLD('lastpostdate',$L['Last_message']); $oFLD->desc='class=th_t th_t_inf;style=width:135px'; $arrFLD['lastpostdate']=$oFLD;
if ( $strAction=='tst' && !empty($k3) )
{
$oFLD = new cFLD('tags',$L['Tags']); $oFLD->desc='class=th_t th_t_inf th_t_last;style=width:80px'; $arrFLD['tags']=$oFLD;
}
else
{
$oFLD = new cFLD('replies',$L['Replys']); $oFLD->desc='class=th_t th_t_sta th_t_last;style=width:70px'; $arrFLD['replies']=$oFLD;
}
// ========
TableHeader($arrFLD,$intCount,"qti_search_re.php?a=$strAction&k1=$k1&s=$s&page=1".$strExtraparam,$strOrder,$strDir);
// ========
echo '</tr>',N;
foreach($arrFLD as $strKey=>$oFLD) if ( !empty($oFLD->desc) ) { $oFLD->desc = str_replace('th_','td_',$oFLD->desc); $arrFLD[$strKey]=$oFLD; }
// ========
$intWhile=0;
$strAlt='r1';
while($row=$oDB->Getrow())
{
TableRow($arrFLD,$row,true,null,$strAlt);
if ( $strAlt=='r1' ) { $strAlt='r2'; } else { $strAlt='r1'; }
$intWhile++;
//odbcbreak
if ( $intWhile>=$_SESSION[QT]['topics_per_page'] ) break;
}
// ========
echo '<tr class="tf_t">',N;
echo '<td class="tf_t tf_t_first"></td>',N;
For ($i=0;$i<(count($arrFLD)-2);$i++)
{
echo '<td class="tf_t"></td>',N;
}
echo '<td class="tf_t tf_t_last"></td>',N;
echo '</tr>',N;
echo '</table>',N;
// -- no data --
if ( $intWhile==0 ) echo '<p>',$L['None'],'...</p>',N;
// -- Displays pager --
echo '<table class="hidden" cellspacing="0"><tr class="hidden"><td class="hidden" id="pager_zb">',$strPager,'</td></tr></table>';
// MAP MODULE
if ( $bMap )
{
if ( count($arrExtData)==0 )
{
echo '<p class="gmap">'.$L['map']['E_noposition'].'</p>';
}
else
{
//select zoomto (maximum 15 items in the list)
if ( count($arrExtData)>1 )
{
$str = '<p class="gmap" style="margin:0 0 4px 0"><a class="gmap" href="javascript:void(0)" onclick="zoomToFullExtend(); return false;">'.$L['map']['zoomtoall'].'</a> | '.$L['Goto'].' <select class="gmap" id="zoomto" name="zoomto" size="1" onchange="map.setCenter(eval(this.value));">';
$str .= '<option class="gmap" value="new GLatLng('.QTgety($_SESSION[QT]['m_map_gcenter']).','.QTgetx($_SESSION[QT]['m_map_gcenter']).')"> </option>';
$i=0;
foreach($arrExtData as $intKey=>$oMapPoint)
{
$str .= '<option class="gmap" value="new GLatLng('.$oMapPoint->y.','.$oMapPoint->x.')">'.$oMapPoint->title.'</option>';
$i++; if ( $i>15 ) break;
}
$str .= '</select></p>';
}
echo '
<table class="hidden" style="margin-top:5px;">
<tr class="hidden">
<td class="gmap">
',( count($arrExtData)>1 ? $str :'' ),'
<div id="map_canvas" style="width:100%; height:350px;"></div>
<p class="gmap" style="margin:4px 0 0 0">',sprintf($L['map']['items'],strtolower( LangS('Topic',count($arrExtData))),strtolower(LangS('Topic',$intCount)) ),'</p>
</td>
</tr>
</table>
';
}
}
// --------
// HTML END
// --------
// MAP MODULE
if ( $bMap )
{
if ( count($arrExtData)>0 ) { include('qtim_map_load.php'); } else { echo '<script type="text/javascript">function GUnload() { return true; }</script>'; }
}
include('qti_p_footer.php');