| 154 |
154 |
// Show search results_header
|
| 155 |
155 |
echo $search_results_header;
|
| 156 |
156 |
// Search page details only, such as description, keywords, etc.
|
| 157 |
|
$query_pages = "SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by FROM ".TABLE_PREFIX."pages WHERE ";
|
|
157 |
$query_pages = "SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by, visibility FROM ".TABLE_PREFIX."pages WHERE ";
|
| 158 |
158 |
$count = 0;
|
| 159 |
159 |
foreach($string AS $each_string) {
|
| 160 |
160 |
if($count != 0) {
|
| ... | ... | |
| 178 |
178 |
// Loop through pages
|
| 179 |
179 |
if($query_pages->numRows() > 0) {
|
| 180 |
180 |
while($page = $query_pages->fetchRow()) {
|
|
181 |
|
|
182 |
// check if user is allowed to see the page (for private-pages)
|
|
183 |
$visibility = $page['visibility'];
|
|
184 |
if($visibility == 'private') {
|
|
185 |
$access_denied = true;
|
|
186 |
$rightsquery = $database->query("SELECT ".
|
|
187 |
TABLE_PREFIX."pages.viewing_groups, ".
|
|
188 |
TABLE_PREFIX."pages.viewing_users
|
|
189 |
FROM ".TABLE_PREFIX."pages
|
|
190 |
WHERE ".TABLE_PREFIX."pages.page_id='".$page['page_id']."' LIMIT 1 "
|
|
191 |
);
|
|
192 |
$viewing_groups=array() ; $viewing_users=array();
|
|
193 |
if($rightsquery->numRows() > 0) {
|
|
194 |
if($res = $rightsquery->fetchRow()) {
|
|
195 |
$viewing_groups = explode(',', $res['viewing_groups']);
|
|
196 |
$viewing_users = explode(',', $res['viewing_users']);
|
|
197 |
}
|
|
198 |
}
|
|
199 |
if($wb->is_authenticated() == true) {
|
|
200 |
if(in_array($wb->get_group_id(), $viewing_groups) || (in_array($wb->get_user_id(), $viewing_users))) {
|
|
201 |
$access_denied = false;
|
|
202 |
}
|
|
203 |
}
|
|
204 |
if($access_denied) {
|
|
205 |
continue;
|
|
206 |
}
|
|
207 |
}
|
|
208 |
|
| 181 |
209 |
// Get page link
|
| 182 |
210 |
$link = page_link($page['link']);
|
| 183 |
211 |
|
| ... | ... | |
| 270 |
298 |
while($page = $query->fetchRow()) {
|
| 271 |
299 |
// Only show this page if it hasn't already been list
|
| 272 |
300 |
if(!isset($fields['page_id']) OR !isset($pages_listed[$page[$fields['page_id']]])) {
|
|
301 |
|
|
302 |
|
|
303 |
// don't list pages with visibility == none|deleted
|
|
304 |
$query = $database->query("SELECT ".
|
|
305 |
TABLE_PREFIX."pages.visibility
|
|
306 |
FROM ".TABLE_PREFIX."pages
|
|
307 |
WHERE ".TABLE_PREFIX."pages.page_id='".$page[$fields['page_id']]."' LIMIT 1 "
|
|
308 |
);
|
|
309 |
$visibility = 'public';
|
|
310 |
if($query->numRows() > 0) {
|
|
311 |
if($res = $query->fetchRow()) {
|
|
312 |
$visibility = $res['visibility'];
|
|
313 |
}
|
|
314 |
}
|
|
315 |
if($visibility == 'deleted' || $visibility == 'none') {
|
|
316 |
continue;
|
|
317 |
}
|
|
318 |
// check if user is allowed to see the page (for private-pages)
|
|
319 |
if($visibility == 'private') {
|
|
320 |
$access_denied = true;
|
|
321 |
$rightsquery = $database->query("SELECT ".
|
|
322 |
TABLE_PREFIX."pages.viewing_groups, ".
|
|
323 |
TABLE_PREFIX."pages.viewing_users
|
|
324 |
FROM ".TABLE_PREFIX."pages
|
|
325 |
WHERE ".TABLE_PREFIX."pages.page_id='".$page[$fields['page_id']]."' LIMIT 1 "
|
|
326 |
);
|
|
327 |
$viewing_groups=array() ; $viewing_users=array();
|
|
328 |
if($rightsquery->numRows() > 0) {
|
|
329 |
if($res = $rightsquery->fetchRow()) {
|
|
330 |
$viewing_groups = explode(',', $res['viewing_groups']);
|
|
331 |
$viewing_users = explode(',', $res['viewing_users']);
|
|
332 |
}
|
|
333 |
}
|
|
334 |
if($wb->is_authenticated() == true) {
|
|
335 |
if(in_array($wb->get_group_id(), $viewing_groups) || (in_array($wb->get_user_id(), $viewing_users))) {
|
|
336 |
$access_denied = false;
|
|
337 |
}
|
|
338 |
}
|
|
339 |
if($access_denied) {
|
|
340 |
continue;
|
|
341 |
}
|
|
342 |
}
|
|
343 |
|
| 273 |
344 |
// Get page link
|
| 274 |
345 |
$link = page_link($page[$fields['link']]);
|
| 275 |
346 |
|
Fixed ticket #396;
search result displays private and registered pages to not logged in users.
Thanks to thorn