'INT', 'cpage' => 'INT')); typecast($_REQUEST, array('cat' => 'INT', 'final' => 'STRING', 'preview' => 'STRING', 'what' => 'STRING', 'name' => 'STRING', 'condition' => 'STRING', 'keywords' => 'STRING', 'whenterm' => 'STRING', 'when' => 'INT')); authenticate(); if ( $Globals['ppboards'] == "closed" && $User['adminedit'] != 1 ) { diewell( $Globals['closedmsg'] ); } if ( $Globals['searchreg'] == "yes" && $User['userid'] == 0 ) { diewell( $Globals['pp_lang']['searchreg'] ); } $ipaddress = addslashes( findenv("REMOTE_ADDR") ); topmenu(); if ( $searchid ) { $squery = ppmysql_query("SELECT idlist,searchtype,searchterms,numresults,preview FROM {$Globals['pp_db_prefix']}searchids WHERE searchid=$searchid LIMIT 1", $link); $sresult = mysqli_fetch_assoc($squery); if ( !$sresult['idlist'] ) { diewell( $Globals['pp_lang']['searchid'] ); } $sresults = explode( ",", $sresult['idlist'] ); $numresults = $sresult[numresults]; $sterms = explode(" ", trim($sresult['searchterms'])); $keyhtml = htmlspecialchars( $sresult['searchterms'] ); if ( $pperpage > 0 ) { $pages = ($numresults/$pperpage); } else { $pperpage = $Globals['defaultposts']; $pages = ($numresults/$pperpage); } if ( intval($pages) < $pages ) { $pages = intval($pages)+1; } else { $pages = intval($pages); } if ( $cpage ) { $cstartnumb = ($cpage*$pperpage)-$pperpage; } else { $cpage = 1; $cstartnumb = 0; } $idlist = null; $limitq = 0; for ( $x = $cstartnumb; $x < ($cstartnumb+$pperpage); $x++ ) { if ( $sresults[$x] ) { $idlist .= ( $idlist ? "," : "" ). $sresults[$x]; $limitq++; } } if ( !$limitq || !$idlist ) { diewell( $Globals['pp_lang']['nophotos'] ); } if ( $sresult[searchtype] == "p" ) { $getsearch = ppmysql_query("SELECT id,user,userid,date,bigimage,cat,storecat,rating,title,description FROM {$Globals['pp_db_prefix']}photos WHERE id IN ($idlist) LIMIT $limitq", $link); } else { $getsearch = ppmysql_query("SELECT c.id,c.username,c.userid AS comuserid,c.date,c.rating,c.comment AS description,c.cat,c.photo,p.bigimage,p.cat,p.storecat,p.user,p.userid,p.title FROM {$Globals['pp_db_prefix']}comments c LEFT JOIN {$Globals['pp_db_prefix']}photos p ON p.id=c.photo WHERE c.id IN ($idlist) LIMIT $limitq", $link); } $itemnum = 0; while( $getphoto = mysqli_fetch_assoc($getsearch) ) { $results['cid'][$itemnum] = $getphoto[id]; if ( $sresult[searchtype] == "p" ) { $ucuser[$itemnum] = "$getphoto[user]"; } else { $ucuser[$itemnum] = "$getphoto[user]"; } $cuserid[$itemnum] = $getphoto[userid]; $imgtime[$itemnum] = formatpptime( $getphoto[date] ); $imgdate[$itemnum] = formatppdate( $getphoto[date] ); if ($getphoto[rating] > 0 && $Globals['allowrate'] == "yes" ) { $ratingdisp[$itemnum] = "
{$Globals['pp_lang']['rating']}: $getphoto[rating] "; } else { $ratingdisp[$itemnum] = null; } reset($sterms); foreach($sterms as $key) { $key = trim(addslashes($key)); if ( $key ) { $getphoto[description] = preg_replace( "/($key)/i", "[i]$1[/i]", $getphoto[description] ); $getphoto[title] = preg_replace( "/($key)/i", "[i]$1[/i]", $getphoto[title] ); } } $getphoto[title] = convert_markups($getphoto[title]); if ( $getphoto[title] ) { $getphoto[title] = "$getphoto[title] "; } if ( $sresult[searchtype] == "c" ) { $getphoto[title] .= "({$Globals['pp_lang']['commentby']} ". htmlspecialchars($getphoto[username]) .")"; } if ( $getphoto[title] ) { $getphoto[title] .= "

"; } $restitle[$itemnum] = convert_returns($getphoto[title]); if ( VB3_ENHANCEDINT == "on" ) { $getphoto[description] = convert_markups(un_htmlspecialchars($getphoto[description])); } else { $getphoto[description] = convert_markups($getphoto[description]); } $restext[$itemnum] = convert_returns($getphoto[description]); $ccat[$itemnum] = $getphoto[cat]; $cphoto[$itemnum] = $getphoto[id]; $thumbrc[$itemnum] = null; if ( $sresult[preview] == 1 ) { if ( $getphoto[storecat] ) { $getphoto[cat] = $getphoto[storecat]; } $thisthumb = get_imagethumb( $getphoto[bigimage], $getphoto[cat], $getphoto[userid], 1 ); if ( $sresult[searchtype] == "p" ) { $thumbrc[$itemnum] = "$thisthumb
"; } else { $thumbrc[$itemnum] = "$thisthumb
"; } } $itemnum++; } $more = " "; $less = " "; if ( $cpage != $pages && $pages > 1 ) { $nextpage = $cpage+1; $more = "{$Globals['pp_lang']['nextpage']}"; } if ( $cpage > 1 ) { $prevpage = $cpage-1; $less = "{$Globals['pp_lang']['prevpage']}"; } printheader( 0, $Globals['pp_lang']['search'] ); include( "{$Globals['PP_PATH']}/{$Globals['TMPL_PATH']}/menubar.tmpl" ); include( "{$Globals['PP_PATH']}/{$Globals['TMPL_PATH']}/search-r.tmpl" ); printfooter(); exit; } if ( !$keywords && !$name ) { // Remove expired searches $expiredate = time() - ( $Globals['searchhold'] * 86400 ); $queryq = ppmysql_query("DELETE FROM {$Globals['pp_db_prefix']}searchids WHERE date < $expiredate", $link); $seltext = "selected=\"selected\""; if ( $cat > 0 ) { $seltext = null; $selected = $cat; } quickcats(0,1); printheader( 0, $Globals['pp_lang']['search'] ); include( "{$Globals['PP_PATH']}/{$Globals['TMPL_PATH']}/menubar.tmpl" ); include( "{$Globals['PP_PATH']}/{$Globals['TMPL_PATH']}/search.tmpl" ); printfooter(); } else { if ( !isset($what) ) { $what = "allfields"; } if ( !isset($name) ) { $name = null; } if ( !isset($cats) ) { $cats = null; } if ( $User['userid'] > 0 ) { $lasts = ppmysql_query("SELECT searchid,searchterms,name,date FROM {$Globals['pp_db_prefix']}searchids WHERE userid={$User['userid']} ORDER BY date DESC LIMIT 3", $link); } else { // If not logged in, use ip address $lasts = ppmysql_query("SELECT searchid,searchterms,name,date FROM {$Globals['pp_db_prefix']}searchids WHERE ipaddress='$ipaddress' ORDER BY date DESC LIMIT 3", $link); } list( $searchid, $kwords, $sname, $lastdate ) = mysqli_fetch_row($lasts); if ( $lastdate ) { $tdiff = time() - $lastdate; if ( $tdiff < $Globals['searchto'] ) { $tdiff = $Globals['searchto'] - $tdiff; $prevsearches = "". htmlspecialchars( $kwords ) ."
"; while (list( $searchid, $kwords, $sname, $lastdate ) = mysqli_fetch_row($lasts) ) { if ( $sname ) { $kwords .= " ". htmlspecialchars( $sname ); } $prevsearches .= "". htmlspecialchars( $kwords ) ."
"; } $Globals['pp_lang']['searchwait'] = str_replace( "%tdiff%", $tdiff, $Globals['pp_lang']['searchwait'] ); $Globals['pp_lang']['searchwait'] = str_replace( "%prevsearches%", $prevsearches, $Globals['pp_lang']['searchwait'] ); diewell( $Globals['pp_lang']['searchwait'] ); } } $scats = null; if ( @is_array( $_POST['cats'] ) ) { $filtercats = array_filter( $_POST['cats'], "intarray" ); $scats = addslashes(implode( ",", $filtercats )); $mcats = $scats; } elseif ( @is_array( $_GET['cats'] ) ) { $filtercats = array_filter( $_GET['cats'], "intarray" ); $scats = addslashes(implode( ",", $filtercats )); $mcats = $scats; } elseif ( !empty($cats) ) { $filtercats = array_filter( $cats, "intarray" ); $scats = addslashes(implode( ",", $filtercats )); $mcats = $scats; } elseif ( $cat ) { $mcats = $cat; $catcheck = " AND cat=$cat"; } // time frame (days is default) if ( $when && $whenterm ) { if ( $whenterm == "w" ) { $days = ($when * 7); } elseif ( $whenterm == "m" ) { $days = ($when * 30); } elseif ( $whenterm == "y" ) { $days = ($when * 365); } else { $days = $when; $whenterm = "d"; } $searchdate = time() - ($days * ((24 * 3600))); $datephrase .= " AND date > $searchdate"; $searchterm = "$when-$whenterm"; } if ( $what == "comments" ) { // multiple cats if ( $mcats && $mcats != "all" ) { $catcheck = " AND cat IN ($mcats)"; } $query = "SELECT id,cat FROM {$Globals['pp_db_prefix']}comments"; $keyphrase = null; if ( $Globals['moderatecoms'] == "no" ) { $keyphrase .= " AND approved=1"; } // search terms $searchterms = explode(" ", trim($keywords)); if ( !isset($condition) ) { $condition = "AND"; } if ( $condition == "or" ) { $scond = "OR"; } else { $scond = "AND"; } foreach( $searchterms as $key ) { $key = trim(addslashes($key)); if ( $key ) { $keyphrase .= " $scond ((comment LIKE \"% $key%\") OR (comment LIKE \"$key%\"))"; } } if ( $name ) { $keyphrase .= " AND (username LIKE '%$name%')"; } $query .= " WHERE comment != '' $catcheck $exclude_cat $keyphrase$datephrase ORDER BY date DESC LIMIT {$Globals['searchmax']}"; $searchtype = "c"; $preview = ( $preview == "yes" ? 1 : 0 ); } else { $query = "SELECT id,cat FROM {$Globals['pp_db_prefix']}photos "; // search terms $searchterms = explode(" ", trim(un_htmlspecialchars($keywords))); $keyphrase = null; foreach ( $searchterms as $key ) { $key = trim(addslashes($key)); $key = str_replace( "%", "\%", $key); if ( $key ) { if ( !$condition ) { $scond = "AND"; } elseif ( $condition == "or" ) { $scond = "OR"; } else { $scond = "AND"; } if ( $what == "allfields" ) { $keyphrase .= ( empty($keyphrase) ? "AND " : "$scond " ); $keyphrase .= "((title LIKE \"% $key%\" OR description LIKE \"% $key%\" OR keywords LIKE \"% $key%\" OR bigimage LIKE \"% $key%\" OR extra1 LIKE \"% $key%\" OR extra2 LIKE \"% $key%\" OR extra3 LIKE \"% $key%\" OR extra4 LIKE \"% $key%\" OR extra5 LIKE \"% $key%\" OR extra6 LIKE \"% $key%\")"; $keyphrase .= " OR (title LIKE \"$key%\" OR description LIKE \"$key%\" OR keywords LIKE \"$key%\" OR bigimage LIKE \"$key%\" OR extra1 LIKE \"%$key%\" OR extra2 LIKE \"%$key%\" OR extra3 LIKE \"%$key%\" OR extra4 LIKE \"%$key%\" OR extra5 LIKE \"%$key%\" OR extra6 LIKE \"%$key%\"))"; } elseif ( $what == "title" ) { $keyphrase .= ( empty($keyphrase) ? "AND " : "$scond " ); $keyphrase .= "((title LIKE \"% $key%\") OR (title LIKE \"$key%\"))"; } elseif ( $what == "titledesc" ) { $keyphrase .= ( empty($keyphrase) ? "AND " : "$scond " ); $keyphrase .= "((title LIKE \"% $key%\" OR description LIKE \"% $key%\")"; $keyphrase .= " OR (title LIKE \"$key%\" OR description LIKE \"$key%\"))"; } else { unset( $what ); } } } if ( $name ) { $keyphrase .= " AND (user LIKE '%$name%')"; } $query .= "WHERE approved=1 AND storecat=0 $keyphrase$datephrase ORDER BY date DESC LIMIT {$Globals['searchmax']}"; $searchtype = "p"; $preview = 1; } $stime = microtime(); $queryv = ppmysql_query($query, $link); $etime = microtime(); $searchtime = ($etime - $stime); $ids = array(); while ( list( $pid, $pcat ) = mysqli_fetch_row($queryv) ) { $is_private = is_image_private( $pcat ); if ( $is_private == "no" ) { $ids[] = $pid; } } $searchlist = implode( ",", $ids ); $searchcount = count($ids); if ( $searchcount ) { $keywords = addslashes($keywords); $dateterm = addslashes($dateterm); $mcats = addslashes($mcats); $name = addslashes($name); $julian = time(); // Store the restuls $ressult = ppmysql_query("INSERT INTO {$Globals['pp_db_prefix']}searchids (searchid,userid,searchtype,searchterms,searchdate,cats,name,preview,idlist,numresults,ipaddress,searchtime,date) VALUES ( NULL, {$User['userid']}, '$searchtype', '$keywords', '$searchterm', '$mcats', '$name', $preview, '$searchlist', $searchcount, '$ipaddress', '$searchtime', $julian)", $link ); $searchid = mysqli_insert_id( $link ); forward( "search.php?searchid=$searchid", $Globals['pp_lang']['searchfor'] ); } else { // No results diewell( $Globals['pp_lang']['searchnone'] ); exit; } } ?>