Revision 480
Added by Matthias over 17 years ago
| search.php | ||
|---|---|---|
| 154 | 154 |
// Show search results_header |
| 155 | 155 |
echo $search_results_header; |
| 156 | 156 |
// Search page details only, such as description, keywords, etc. |
| 157 |
$query_pages = "SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by FROM ".TABLE_PREFIX."pages WHERE "; |
|
| 157 |
$query_pages = "SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by, visibility FROM ".TABLE_PREFIX."pages WHERE ";
|
|
| 158 | 158 |
$count = 0; |
| 159 | 159 |
foreach($string AS $each_string) {
|
| 160 | 160 |
if($count != 0) {
|
| ... | ... | |
| 178 | 178 |
// Loop through pages |
| 179 | 179 |
if($query_pages->numRows() > 0) {
|
| 180 | 180 |
while($page = $query_pages->fetchRow()) {
|
| 181 |
|
|
| 182 |
// check if user is allowed to see the page (for private-pages) |
|
| 183 |
$visibility = $page['visibility']; |
|
| 184 |
if($visibility == 'private') {
|
|
| 185 |
$access_denied = true; |
|
| 186 |
$rightsquery = $database->query("SELECT ".
|
|
| 187 |
TABLE_PREFIX."pages.viewing_groups, ". |
|
| 188 |
TABLE_PREFIX."pages.viewing_users |
|
| 189 |
FROM ".TABLE_PREFIX."pages |
|
| 190 |
WHERE ".TABLE_PREFIX."pages.page_id='".$page['page_id']."' LIMIT 1 " |
|
| 191 |
); |
|
| 192 |
$viewing_groups=array() ; $viewing_users=array(); |
|
| 193 |
if($rightsquery->numRows() > 0) {
|
|
| 194 |
if($res = $rightsquery->fetchRow()) {
|
|
| 195 |
$viewing_groups = explode(',', $res['viewing_groups']);
|
|
| 196 |
$viewing_users = explode(',', $res['viewing_users']);
|
|
| 197 |
} |
|
| 198 |
} |
|
| 199 |
if($wb->is_authenticated() == true) {
|
|
| 200 |
if(in_array($wb->get_group_id(), $viewing_groups) || (in_array($wb->get_user_id(), $viewing_users))) {
|
|
| 201 |
$access_denied = false; |
|
| 202 |
} |
|
| 203 |
} |
|
| 204 |
if($access_denied) {
|
|
| 205 |
continue; |
|
| 206 |
} |
|
| 207 |
} |
|
| 208 |
|
|
| 181 | 209 |
// Get page link |
| 182 | 210 |
$link = page_link($page['link']); |
| 183 | 211 |
|
| ... | ... | |
| 270 | 298 |
while($page = $query->fetchRow()) {
|
| 271 | 299 |
// Only show this page if it hasn't already been list |
| 272 | 300 |
if(!isset($fields['page_id']) OR !isset($pages_listed[$page[$fields['page_id']]])) {
|
| 301 |
|
|
| 302 |
|
|
| 303 |
// don't list pages with visibility == none|deleted |
|
| 304 |
$query = $database->query("SELECT ".
|
|
| 305 |
TABLE_PREFIX."pages.visibility |
|
| 306 |
FROM ".TABLE_PREFIX."pages |
|
| 307 |
WHERE ".TABLE_PREFIX."pages.page_id='".$page[$fields['page_id']]."' LIMIT 1 " |
|
| 308 |
); |
|
| 309 |
$visibility = 'public'; |
|
| 310 |
if($query->numRows() > 0) {
|
|
| 311 |
if($res = $query->fetchRow()) {
|
|
| 312 |
$visibility = $res['visibility']; |
|
| 313 |
} |
|
| 314 |
} |
|
| 315 |
if($visibility == 'deleted' || $visibility == 'none') {
|
|
| 316 |
continue; |
|
| 317 |
} |
|
| 318 |
// check if user is allowed to see the page (for private-pages) |
|
| 319 |
if($visibility == 'private') {
|
|
| 320 |
$access_denied = true; |
|
| 321 |
$rightsquery = $database->query("SELECT ".
|
|
| 322 |
TABLE_PREFIX."pages.viewing_groups, ". |
|
| 323 |
TABLE_PREFIX."pages.viewing_users |
|
| 324 |
FROM ".TABLE_PREFIX."pages |
|
| 325 |
WHERE ".TABLE_PREFIX."pages.page_id='".$page[$fields['page_id']]."' LIMIT 1 " |
|
| 326 |
); |
|
| 327 |
$viewing_groups=array() ; $viewing_users=array(); |
|
| 328 |
if($rightsquery->numRows() > 0) {
|
|
| 329 |
if($res = $rightsquery->fetchRow()) {
|
|
| 330 |
$viewing_groups = explode(',', $res['viewing_groups']);
|
|
| 331 |
$viewing_users = explode(',', $res['viewing_users']);
|
|
| 332 |
} |
|
| 333 |
} |
|
| 334 |
if($wb->is_authenticated() == true) {
|
|
| 335 |
if(in_array($wb->get_group_id(), $viewing_groups) || (in_array($wb->get_user_id(), $viewing_users))) {
|
|
| 336 |
$access_denied = false; |
|
| 337 |
} |
|
| 338 |
} |
|
| 339 |
if($access_denied) {
|
|
| 340 |
continue; |
|
| 341 |
} |
|
| 342 |
} |
|
| 343 |
|
|
| 273 | 344 |
// Get page link |
| 274 | 345 |
$link = page_link($page[$fields['link']]); |
| 275 | 346 |
|
Also available in: Unified diff
Fixed ticket #396;
search result displays private and registered pages to not logged in users.
Thanks to thorn