friendica/mod/search.php

<?php

function search_saved_searches() {

	$o = '';

	$r = q("select `id`,`term` from `search` WHERE `uid` = %d",
		intval(local_user())
	);

	if(count($r)) {
		$o .= '<div id="saved-search-list" class="widget">';
		$o .= '<h3>' . t('Saved Searches') . '</h3>' . "\r\n";
		$o .= '<ul id="saved-search-ul">' . "\r\n";
		foreach($r as $rr) {
			$o .= '<li class="saved-search-li clear"><a href="search/?f=&remove=1&search=' . $rr['term'] . '" class="icon drophide savedsearchdrop" title="' . t('Remove term') . '" onclick="return confirmDelete();" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a> <a href="search/?f=&search=' . $rr['term'] . '" class="savedsearchterm" >' . $rr['term'] . '</a></li>' . "\r\n";
		}
		$o .= '</ul><div class="clear"></div></div>' . "\r\n";
	}		

	return $o;

}


function search_init(&$a) {

	$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');

	if(local_user()) {
		if(x($_GET,'save') && $search) {
			$r = q("select * from `search` where `uid` = %d and `term` = '%s' limit 1",
				intval(local_user()),
				dbesc($search)
			);
			if(! count($r)) {
				q("insert into `search` ( `uid`,`term` ) values ( %d, '%s') ",
					intval(local_user()),
					dbesc($search)
				);
			}
		}
		if(x($_GET,'remove') && $search) {
			q("delete from `search` where `uid` = %d and `term` = '%s' limit 1",
				intval(local_user()),
				dbesc($search)
			);
		}

		$a->page['aside'] .= search_saved_searches();

	}
	else
		unset($_SESSION['theme']);


}


function search_post(&$a) {
	if(x($_POST,'search'))
		$a->data['search'] = $_POST['search'];
}


function search_content(&$a) {

	if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
		notice( t('Public access denied.') . EOL);
		return;
	}

	nav_set_selected('search');

	require_once("include/bbcode.php");
	require_once('include/security.php');
	require_once('include/conversation.php');

	$o = '<div id="live-search"></div>' . "\r\n";

	$o .= '<h3>' . t('Search') . '</h3>';

	if(x($a->data,'search'))
		$search = notags(trim($a->data['search']));
	else
		$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');

	$tag = false;
	if(x($_GET,'tag')) {
		$tag = true;
		$search = ((x($_GET,'tag')) ? notags(trim(rawurldecode($_GET['tag']))) : '');
	}


	$o .= search($search,'search-box','/search',((local_user()) ? true : false));

	if(strpos($search,'#') === 0) {
		$tag = true;
		$search = substr($search,1);
	}
	if(strpos($search,'@') === 0) {
		require_once('mod/dirfind.php');
		return dirfind_content($a);
	}

	if(! $search)
		return $o;

	if (get_config('system','use_fulltext_engine')) {
		if($tag)
			$sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.dbesc(protect_sprintf($search)));
		else
			$sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search)));
	} else {
		if($tag)
			$sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", 	dbesc('\\]' . protect_sprintf(preg_quote($search)) . '\\['));
		else
			$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
	}


	// Here is the way permissions work in the search module...
	// Only public posts can be shown
	// OR your own posts if you are a logged in member
	// No items will be shown if the member has a blocked profile wall. 

	$r = q("SELECT distinct(`item`.`uri`) as `total`
		FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
		WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
		AND (( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0) 
			OR `item`.`uid` = %d )
		AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
		$sql_extra group by `item`.`uri` ", 
		intval(local_user())
	);

	if(count($r))
		$a->set_pager_total(count($r));
	if(! count($r)) {
		info( t('No results.') . EOL);
		return $o;
	}

	$r = q("SELECT distinct(`item`.`uri`), `item`.*, `item`.`id` AS `item_id`, 
		`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
		`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, 
		`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,
		`user`.`nickname`
		FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
		LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
		WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
		AND (( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) 
			OR `item`.`uid` = %d )
		AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
		$sql_extra
		group by `item`.`uri`	
		ORDER BY `received` DESC LIMIT %d , %d ",
		intval(local_user()),
		intval($a->pager['start']),
		intval($a->pager['itemspage'])

	);

	if($tag) 
		$o .= '<h2>Items tagged with: ' . $search . '</h2>';
	else
		$o .= '<h2>Search results for: ' . $search . '</h2>';

	$o .= conversation($a,$r,'search',false);

	$o .= paginate($a);

	return $o;
}
added search 2010-11-09 02:30:00 +01:00			`<?php`

saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 06:42:52 +02:00			`function search_saved_searches() {`

			`$o = '';`

dynamic delete icons for saved-search on network page 2011-12-02 03:27:45 +01:00			$r = q("select `id`,`term` from `search` WHERE `uid` = %d",
saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 06:42:52 +02:00			`intval(local_user())`
			`);`

			`if(count($r)) {`
added widget class to saved arch block on search page added header to search results where there are results 2011-09-25 23:01:05 +02:00			`$o .= '<div id="saved-search-list" class="widget">';`
saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 06:42:52 +02:00			`$o .= '<h3>' . t('Saved Searches') . '</h3>' . "\r\n";`
added widget class to saved arch block on search page added header to search results where there are results 2011-09-25 23:01:05 +02:00			`$o .= '<ul id="saved-search-ul">' . "\r\n";`
saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 06:42:52 +02:00			`foreach($r as $rr) {`
?f did not have = after it 2011-10-03 10:58:01 +02:00			`$o .= '<li class="saved-search-li clear"><a href="search/?f=&remove=1&search=' . $rr['term'] . '" class="icon drophide savedsearchdrop" title="' . t('Remove term') . '" onclick="return confirmDelete();" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a> <a href="search/?f=&search=' . $rr['term'] . '" class="savedsearchterm" >' . $rr['term'] . '</a></li>' . "\r\n";`
saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 06:42:52 +02:00			`}`
add contact_widgets and provide widgets on appropriate pages, fix the saved search widget fix directory page on testbubble, don't use system theme for community, directory, and search if the viewer is logged in. 2011-10-12 04:27:58 +02:00			`$o .= '</ul><div class="clear"></div></div>' . "\r\n";`
saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 06:42:52 +02:00			`}`

			`return $o;`

			`}`


			`function search_init(&$a) {`

			`$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');`

			`if(local_user()) {`
			`if(x($_GET,'save') && $search) {`
			$r = q("select * from `search` where `uid` = %d and `term` = '%s' limit 1",
			`intval(local_user()),`
			`dbesc($search)`
			`);`
			`if(! count($r)) {`
			q("insert into `search` ( `uid`,`term` ) values ( %d, '%s') ",
			`intval(local_user()),`
			`dbesc($search)`
			`);`
			`}`
			`}`
			`if(x($_GET,'remove') && $search) {`
			q("delete from `search` where `uid` = %d and `term` = '%s' limit 1",
			`intval(local_user()),`
			`dbesc($search)`
			`);`
			`}`

			`$a->page['aside'] .= search_saved_searches();`

			`}`
add contact_widgets and provide widgets on appropriate pages, fix the saved search widget fix directory page on testbubble, don't use system theme for community, directory, and search if the viewer is logged in. 2011-10-12 04:27:58 +02:00			`else`
			`unset($_SESSION['theme']);`

saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 06:42:52 +02:00

			`}`


added search 2010-11-09 02:30:00 +01:00
make both content and people search POSTable 2010-12-13 03:43:32 +01:00			`function search_post(&$a) {`
			`if(x($_POST,'search'))`
			`$a->data['search'] = $_POST['search'];`
			`}`


added search 2010-11-09 02:30:00 +01:00			`function search_content(&$a) {`

"firewall" setting - block all public pages from the public if configured to do so 2011-04-22 02:29:47 +02:00			`if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {`
			`notice( t('Public access denied.') . EOL);`
			`return;`
			`}`
Saved searches now can search for tags as well 2012-05-26 11:51:48 +02:00
remove javascript to set selectect nav item. enanche img template prefetch ignoring 2011-08-17 18:36:24 +02:00			`nav_set_selected('search');`
"firewall" setting - block all public pages from the public if configured to do so 2011-04-22 02:29:47 +02:00
move all message display sub-functions from boot.php into conversation.php 2011-04-13 02:58:16 +02:00			`require_once("include/bbcode.php");`
			`require_once('include/security.php');`
			`require_once('include/conversation.php');`

added search 2010-11-09 02:30:00 +01:00			`$o = '<div id="live-search"></div>' . "\r\n";`

search with leading @ performs directory search (# for tag search), nothing for text search 2012-05-20 06:53:27 +02:00			`$o .= '<h3>' . t('Search') . '</h3>';`
added search 2010-11-09 02:30:00 +01:00
make both content and people search POSTable 2010-12-13 03:43:32 +01:00			`if(x($a->data,'search'))`
			`$search = notags(trim($a->data['search']));`
			`else`
			`$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');`
added search 2010-11-09 02:30:00 +01:00
separate tag search from body search 2012-04-24 07:41:32 +02:00			`$tag = false;`
			`if(x($_GET,'tag')) {`
			`$tag = true;`
			`$search = ((x($_GET,'tag')) ? notags(trim(rawurldecode($_GET['tag']))) : '');`
			`}`


saved searches on search page, templates: Invalid argument supplied for foreach() on line 167 2011-09-09 06:42:52 +02:00			`$o .= search($search,'search-box','/search',((local_user()) ? true : false));`
added search 2010-11-09 02:30:00 +01:00
backend support for 'x' deliveries per process - x is configurable, more importantly any search starting with # is automatically a tag search. TODO: Need to extend this to people searches starting with @ 2012-05-19 11:42:11 +02:00			`if(strpos($search,'#') === 0) {`
			`$tag = true;`
			`$search = substr($search,1);`
			`}`
search with leading @ performs directory search (# for tag search), nothing for text search 2012-05-20 06:53:27 +02:00			`if(strpos($search,'@') === 0) {`
			`require_once('mod/dirfind.php');`
			`return dirfind_content($a);`
			`}`
backend support for 'x' deliveries per process - x is configurable, more importantly any search starting with # is automatically a tag search. TODO: Need to extend this to people searches starting with @ 2012-05-19 11:42:11 +02:00
added search 2010-11-09 02:30:00 +01:00			`if(! $search)`
			`return $o;`

Speed optimisation by enabling the posibility of the MySQL fulltext engine 2012-05-26 03:21:07 +02:00			`if (get_config('system','use_fulltext_engine')) {`
			`if($tag)`
possible sql injection in search 2012-05-30 02:14:35 +02:00			$sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.dbesc(protect_sprintf($search)));
Speed optimisation by enabling the posibility of the MySQL fulltext engine 2012-05-26 03:21:07 +02:00			`else`
Merge https://github.com/friendica/friendica into pull Conflicts: mod/search.php 2012-05-30 01:50:42 +02:00			$sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search)));
Speed optimisation by enabling the posibility of the MySQL fulltext engine 2012-05-26 03:21:07 +02:00			`} else {`
			`if($tag)`
Merge https://github.com/friendica/friendica into pull Conflicts: mod/search.php 2012-05-30 01:50:42 +02:00			$sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . protect_sprintf(preg_quote($search)) . '\\['));
Speed optimisation by enabling the posibility of the MySQL fulltext engine 2012-05-26 03:21:07 +02:00			`else`
Merge https://github.com/friendica/friendica into pull Conflicts: mod/search.php 2012-05-30 01:50:42 +02:00			$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
Speed optimisation by enabling the posibility of the MySQL fulltext engine 2012-05-26 03:21:07 +02:00			`}`
separate tag search from body search 2012-04-24 07:41:32 +02:00



improved search - ensure you can see all your own content (logged in members). Visitors can only see public wall posts. 2011-07-03 14:00:11 +02:00			`// Here is the way permissions work in the search module...`
slightly relax overly strict permissions in community and search to match those in display - tl;dr public conversations are publicly visible 2012-03-20 22:55:18 +01:00			`// Only public posts can be shown`
improved search - ensure you can see all your own content (logged in members). Visitors can only see public wall posts. 2011-07-03 14:00:11 +02:00			`// OR your own posts if you are a logged in member`
slightly relax overly strict permissions in community and search to match those in display - tl;dr public conversations are publicly visible 2012-03-20 22:55:18 +01:00			`// No items will be shown if the member has a blocked profile wall.`
added search 2010-11-09 02:30:00 +01:00
suppress duplicates in search 2012-04-03 11:44:29 +02:00			$r = q("SELECT distinct(`item`.`uri`) as `total`
move hidewall to user table - queries are getting too complicated and servers falling over 2011-07-06 08:23:43 +02:00			FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
implement "moderate" flag on items 2012-01-24 05:56:11 +01:00			WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
slightly relax overly strict permissions in community and search to match those in display - tl;dr public conversations are publicly visible 2012-03-20 22:55:18 +01:00			AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0)
improved search - ensure you can see all your own content (logged in members). Visitors can only see public wall posts. 2011-07-03 14:00:11 +02:00			OR `item`.`uid` = %d )
move hidewall to user table - queries are getting too complicated and servers falling over 2011-07-06 08:23:43 +02:00			AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
separate tag search from body search 2012-04-24 07:41:32 +02:00			$sql_extra group by `item`.`uri` ",
			`intval(local_user())`
added search 2010-11-09 02:30:00 +01:00			`);`

			`if(count($r))`
suppress duplicates in search 2012-04-03 11:44:29 +02:00			`$a->set_pager_total(count($r));`
			`if(! count($r)) {`
add info() function. Works like notice() but show messages in a div with class info-message. update code to use info() instead of notice() when appropriate (non-error message) add info-message class style in themes 2011-05-23 11:39:57 +02:00			`info( t('No results.') . EOL);`
added search 2010-11-09 02:30:00 +01:00			`return $o;`
			`}`

suppress duplicates in search 2012-04-03 11:44:29 +02:00			$r = q("SELECT distinct(`item`.`uri`), `item`.*, `item`.`id` AS `item_id`,
added search 2010-11-09 02:30:00 +01:00			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
pull in new 'writable' dfrn flag 2011-04-11 12:22:09 +02:00			`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
added search 2010-11-09 02:30:00 +01:00			`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,
move hidewall to user table - queries are getting too complicated and servers falling over 2011-07-06 08:23:43 +02:00			`user`.`nickname`
added search 2010-11-09 02:30:00 +01:00			FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
posts from hidden walls not allowed in search results 2011-07-03 14:54:40 +02:00			LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
implement "moderate" flag on items 2012-01-24 05:56:11 +01:00			WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
slightly relax overly strict permissions in community and search to match those in display - tl;dr public conversations are publicly visible 2012-03-20 22:55:18 +01:00			AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 )
improved search - ensure you can see all your own content (logged in members). Visitors can only see public wall posts. 2011-07-03 14:00:11 +02:00			OR `item`.`uid` = %d )
move hidewall to user table - queries are getting too complicated and servers falling over 2011-07-06 08:23:43 +02:00			AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
separate tag search from body search 2012-04-24 07:41:32 +02:00			`$sql_extra`
suppress duplicates in search 2012-04-03 11:44:29 +02:00			group by `item`.`uri`
community page 2011-07-05 05:57:07 +02:00			ORDER BY `received` DESC LIMIT %d , %d ",
loosen search restrictions 2010-11-09 06:10:53 +01:00			`intval(local_user()),`
community page 2011-07-05 05:57:07 +02:00			`intval($a->pager['start']),`
			`intval($a->pager['itemspage'])`

added search 2010-11-09 02:30:00 +01:00			`);`

separate tag search from body search 2012-04-24 07:41:32 +02:00			`if($tag)`
			`$o .= '<h2>Items tagged with: ' . $search . '</h2>';`
			`else`
			`$o .= '<h2>Search results for: ' . $search . '</h2>';`
all conversations unified except photos 2011-04-11 10:31:04 +02:00
			`$o .= conversation($a,$r,'search',false);`
no pagination on search page 2010-11-25 03:37:10 +01:00
			`$o .= paginate($a);`

added search 2010-11-09 02:30:00 +01:00			`return $o;`
			`}`