1: <?php
  2: /**
  3:  * This file performs various searches on articles from backend.
  4:  *
  5:  * @package          Core
  6:  * @subpackage       Backend
  7:  * @version          SVN Revision $Rev:$
  8:  *
  9:  * @author           Holger Librenz, Andreas Lindner
 10:  * @copyright        four for business AG <www.4fb.de>
 11:  * @license          http://www.contenido.org/license/LIZENZ.txt
 12:  * @link             http://www.4fb.de
 13:  * @link             http://www.contenido.org
 14:  */
 15: 
 16: if (!defined('CON_FRAMEWORK')) {
 17:     define('CON_FRAMEWORK', true);
 18: }
 19: 
 20: // CONTENIDO startup process
 21: include_once('./includes/startup.php');
 22: 
 23: cRegistry::bootstrap(array(
 24:     'sess' => 'cSession',
 25:     'auth' => 'Contenido_Challenge_Crypt_Auth',
 26:     'perm' => 'cPermission'
 27: ));
 28: 
 29: i18nInit($cfg['path']['contenido_locale'], $belang);
 30: 
 31: // Initialize variables
 32: $db = cRegistry::getDb();
 33: $db2 = cRegistry::getDb();
 34: 
 35: // Session
 36: $sSession = '';
 37: $sSessionTmp = '';
 38: 
 39: // Language ID
 40: $iSpeachId = $lang;
 41: $iSpeachIdTmp = NULL;
 42: 
 43: // Search - ID
 44: $iSearchId = NULL;
 45: $iSearchIdTmp = 0;
 46: 
 47: // Search - Text
 48: $sSearchStr = NULL;
 49: $sSearchStrTmp = '';
 50: 
 51: // Search - Date type
 52: $sSearchStrDateType = NULL;
 53: $sSearchStrDateTypeTmp = '';
 54: 
 55: // Search - Date from
 56: $sSearchStrDateFrom = NULL;
 57: $sSearchStrDateFromTmp = '';
 58: 
 59: // Search - Date to
 60: $sSearchStrDateTo = NULL;
 61: $sSearchStrDateToTmp = '';
 62: 
 63: $bLostAndFound = false;
 64: 
 65: $sWhere = '';
 66: 
 67: $iLangId = ((int) $lang > 0 ? (int) $lang : 1);
 68: 
 69: $sDateFormat = getEffectiveSetting('dateformat', 'date', 'Y-m-d');
 70: 
 71: $sLoadSubnavi = '';
 72: $iIdCat = 0;
 73: $iDisplayMenu = 0;
 74: $iIdTpl = 0;
 75: $sScript = '';
 76: 
 77: 
 78: if (isset($_POST[$sess->name])) {
 79:     $sSessionTmp = trim(strip_tags($_POST[$sess->name]));
 80: } elseif (isset($_GET[$sess->name])) {
 81:     $sSessionTmp = trim(strip_tags($_GET[$sess->name]));
 82: }
 83: if (strlen($sSessionTmp) > 0) {
 84:     $sSession = $sSessionTmp;
 85: }
 86: 
 87: if (isset($_POST['speach'])) {
 88:     $iSpeachIdTmp = (int) $_POST['speach'];
 89:     if ((string) $iSpeachIdTmp === $_POST['speach']) {
 90:         $iSpeachId = $iSpeachIdTmp;
 91:     }
 92: }
 93: if (!empty($sSession)) {
 94:     // Backend
 95:     cRegistry::bootstrap(array(
 96:         'sess' => 'cSession',
 97:         'auth' => 'cAuthHandlerBackend',
 98:         'perm' => 'cPermission'
 99:     ));
100:     i18nInit($cfg['path']['contenido_locale'], $belang);
101: } else {
102:     // Frontend
103:     cRegistry::bootstrap(array(
104:         'sess' => 'cFrontendSession',
105:         'auth' => 'cAuthHandlerFrontend',
106:         'perm' => 'cPermission'
107:     ));
108: }
109: 
110: // Get sorting values - make sure that they only contain valid values!
111: $sSortByValues = array('title', 'lastmodified', 'published', 'artsort');
112: $sSortBy = in_array($_POST['sortby'], $sSortByValues) ? $_POST['sortby'] : 'lastmodified';
113: $sSortMode = ($_POST['sortmode'] == 'asc') ? 'asc' : 'desc';
114: 
115: /*
116:  * SAVE SEARCH
117:  * Some orientation info:
118:  * 1. User is calling a stored search -> fetch search values from con_properties and put them in PHP variables used for searching
119:  * 2. User has entered some search values -> standard search in DB
120:  * 3. User pressed 'save search' -> show 'successfully stored' message & use the stored search id to show the result again
121:  */
122: 
123: $sSaveTitle = 'save_title';
124: $sSaveId = 'save_id';
125: $sSaveDateFrom = 'save_date_from';
126: $sSaveDateFromYear = 'save_date_from_year';
127: $sSaveDateFromMonth = 'save_date_from_month';
128: $sSaveDateFromDay = 'save_date_from_day';
129: $sSaveDateTo = 'save_date_to';
130: $sSaveDateToYear = 'save_date_to_year';
131: $sSaveDateToMonth = 'save_date_to_month';
132: $sSaveDateToDay = 'save_date_to_day';
133: $sSaveDateField = 'save_date_field';
134: $sSaveAuthor = 'save_author';
135: $sSaveName = 'save_name';
136: $sType = 'savedsearch';  // section for saved searches in con_properties
137: $sRefreshScript = '';        // refresh top left frame
138: $sSaveSuccessfull = '';    // Sucessfully stored message
139: 
140: 
141: /**
142:  * Generating refresh JavaScript for form in left_top
143:  * @global string $sSaveTitle
144:  * @global string $sSaveId
145:  * @global string $sSaveDateFromYear
146:  * @global string $sSaveDateFromMonth
147:  * @global string $sSaveDateFromDay
148:  * @global string $sSaveDateToYear
149:  * @global string $sSaveDateToMonth
150:  * @global string $sSaveDateToDay
151:  * @global string $sSaveDateField
152:  * @global string $sSaveAuthor
153:  * @global string $sSaveName
154:  * @param array $aValues
155:  * @return string
156:  */
157: function generateJs($aValues) {
158:     if (is_array($aValues)) {
159:         global $sSaveTitle;
160:         global $sSaveId;
161:         global $sSaveDateFromYear;
162:         global $sSaveDateFromMonth;
163:         global $sSaveDateFromDay;
164:         global $sSaveDateToYear;
165:         global $sSaveDateToMonth;
166:         global $sSaveDateToDay;
167:         global $sSaveDateField;
168:         global $sSaveAuthor;
169:         global $sSaveName;
170: 
171:         return 'function refreshArticleSearchForm(refresh) {
172:                     var oFrame = Con.getFrame("left_top");
173:                     if (oFrame) {
174:                         oForm = oFrame.document.backend_search;
175: 
176:                         oForm.bs_search_text.value = "' . $aValues[$sSaveTitle] . '";
177:                         oForm.bs_search_id.value = "' . $aValues[$sSaveId] . '";
178:                         oForm.bs_search_date_type.value = "' . $aValues[$sSaveDateField] . '";
179: 
180:                         oFrame.toggle_tr_visibility("tr_date_from");
181:                         oFrame.toggle_tr_visibility("tr_date_to");
182: 
183:                         oForm.bs_search_date_from_day.value = "' . $aValues[$sSaveDateFromDay] . '";
184:                         oForm.bs_search_date_from_month.value = "' . $aValues[$sSaveDateToMonth] . '";
185:                         oForm.bs_search_date_from_year.value = "' . $aValues[$sSaveDateFromYear] . '";
186: 
187:                         oForm.bs_search_date_to_day.value = "' . $aValues[$sSaveDateToDay] . '";
188:                         oForm.bs_search_date_to_month.value = "' . $aValues[$sSaveDateToMonth] . '";
189:                         oForm.bs_search_date_to_year.value = "' . $aValues[$sSaveDateToYear] . '";
190: 
191:                         oForm.bs_search_author.value = "' . $aValues[$sSaveAuthor] . '";
192:                     }
193:                 }
194:                 refreshArticleSearchForm();
195:                 ';
196:     } else {
197:         return false;
198:     }
199: }
200: 
201: /**
202:  * Masks string for inserting into SQL statement
203:  * @param string $sString
204:  * @return string
205:  */
206: function mask($sString) {
207:     $sString = str_replace('\\', '\\\\', $sString);
208:     $sString = str_replace('\'', '\\\'', $sString);
209:     $sString = str_replace('"', '\\"', $sString);
210:     return $sString;
211: }
212: 
213: /**
214:  * Searches in properties
215:  * @param mixed  $itemidReq Property item id
216:  * @param string $itemtypeReq Property item type
217:  * @return array
218:  */
219: function getSearchResults($itemidReq, $itemtypeReq) {
220:     global $sSaveTitle;
221:     global $sSaveId;
222:     global $sSaveDateFrom;
223:     global $sSaveDateFromYear;
224:     global $sSaveDateFromMonth;
225:     global $sSaveDateFromDay;
226:     global $sSaveDateTo;
227:     global $sSaveDateToYear;
228:     global $sSaveDateToMonth;
229:     global $sSaveDateToDay;
230:     global $sSaveDateField;
231:     global $sSaveAuthor;
232:     global $sSaveName;
233:     global $sType;
234: 
235:     $retValue = array();
236:     // Request from DB
237:     $propertyCollection = new cApiPropertyCollection();
238:     $results = $propertyCollection->getValuesByType($itemtypeReq, $itemidReq, $sType);
239: 
240:     // Put results in returning Array
241:     $retValue[$sSaveTitle] = $results[$sSaveTitle];
242:     $retValue[$sSaveId] = $results[$sSaveId];
243:     $retValue[$sSaveDateField] = $results[$sSaveDateField];
244:     $retValue[$sSaveAuthor] = $results[$sSaveAuthor];
245: 
246:     // Date from
247:     $sSearchStrDateFromDayTmp = 0;
248:     $sSearchStrDateFromMonthTmp = 0;
249:     $sSearchStrDateFromYearTmp = 0;
250:     $saveDateFrom = $results[$sSaveDateFrom];
251:     if (isset($saveDateFrom) && sizeof($saveDateFrom) > 0) {
252:         $saveDateFrom = str_replace(' 00:00:00', '', $saveDateFrom);
253:         $saveDateFromParts = explode('-', $saveDateFrom);
254:         if (sizeof($saveDateFromParts) == 3) {
255:             $retValue[$sSaveDateFromYear] = $saveDateFromParts[0];
256:             $retValue[$sSaveDateFromMonth] = $saveDateFromParts[1];
257:             $retValue[$sSaveDateFromDay] = $saveDateFromParts[2];
258:         }
259:     }
260:     // Date to
261:     $sSearchStrDateToDayTmp = 0;
262:     $sSearchStrDateToMonthTmp = 0;
263:     $sSearchStrDateToYearTmp = 0;
264:     $saveDateTo = $results[$sSaveDateTo];
265:     if (isset($saveDateTo) && sizeof($saveDateTo) > 0) {
266:         $saveDateTo = str_replace(' 23:59:59', '', $saveDateTo);
267:         $saveDateToParts = explode('-', $saveDateTo);
268:         if (sizeof($saveDateToParts) == 3) {
269:             $retValue[$sSaveDateToYear] = $saveDateToParts[0];
270:             $retValue[$sSaveDateToMonth] = $saveDateToParts[1];
271:             $retValue[$sSaveDateToDay] = $saveDateToParts[2];
272:         }
273:     }
274:     return $retValue;
275: }
276: 
277: // Save current search
278: if (sizeof($_GET) == 0 && isset($_POST['save_search'])) {
279:     $itemtype = rand(0, 10000);
280:     $itemid = time();
281:     $propertyCollection = new cApiPropertyCollection();
282: 
283:     // Getting values from POST and storing them to DB
284:     // no checking for consistency done here because these values have already been checked when
285:     // building form sending this POST
286: 
287:     // Title / Content
288:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveTitle, $_POST[$sSaveTitle]);
289:     // ID
290:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveId, $_POST[$sSaveId]);
291:     // Date from
292:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveDateFrom, $_POST[$sSaveDateFrom]);
293:     // Date to
294:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveDateTo, $_POST[$sSaveDateTo]);
295:     // Date type
296:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveDateField, $_POST[$sSaveDateField]);
297:     // Author
298:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveAuthor, $_POST[$sSaveAuthor]);
299:     // Name of search (displayed to user)
300:     $propertyCollection->setValue($itemtype, $itemid, $sType, $sSaveName, $_POST[$sSaveName]);
301: 
302:     // Call search we justed saved to show results
303:     $aSearchResults = getSearchResults($itemid, $itemtype);
304:     $sSearchStrTmp = $aSearchResults[$sSaveTitle];
305:     $iSearchIdTmp = $aSearchResults[$sSaveId];
306:     $sSearchStrDateTypeTmp = $aSearchResults[$sSaveDateField];
307:     $sSearchStrDateFromDayTmp = $aSearchResults[$sSaveDateFromDay];
308:     $sSearchStrDateFromMonthTmp = $aSearchResults[$sSaveDateFromMonth];
309:     $sSearchStrDateFromYearTmp = $aSearchResults[$sSaveDateFromYear];
310:     $sSearchStrDateToDayTmp = $aSearchResults[$sSaveDateToDay];
311:     $sSearchStrDateToMonthTmp = $aSearchResults[$sSaveDateToMonth];
312:     $sSearchStrDateToYearTmp = $aSearchResults[$sSaveDateToYear];
313:     $sSearchStrAuthorTmp = $aSearchResults[$sSaveAuthor];
314: 
315:     $sScript = generateJs($aSearchResults);
316: 
317:     // Reload top left to show new search name
318:     $sRefreshScript .= 'Con.getFrame("left_top").location.href = Con.getFrame("left_top").location.href + "&save_search=true";';
319: 
320:     // Message for successful saving
321:     $sSaveSuccessfull = i18n("Thank you for saving this search from extinction!");
322: } elseif (sizeof($_GET) > 0) {
323:     // STORED SEARCH HAS BEEN CALLED
324: 
325:     $itemtypeReq = $_GET['itemtype'];
326:     $itemidReq = $_GET['itemid'];
327:     // Do we have the request parameters we need to fetch search values of stored search ?
328:     if ((isset($itemtypeReq) && strlen($itemtypeReq) > 0) && (isset($itemidReq) && strlen($itemidReq) > 0)) {
329:         $aSearchResults = getSearchResults($itemidReq, $itemtypeReq);
330:         $sSearchStrTmp = $aSearchResults[$sSaveTitle];
331:         $iSearchIdTmp = $aSearchResults[$sSaveId];
332:         $sSearchStrDateTypeTmp = $aSearchResults[$sSaveDateField];
333:         $sSearchStrDateFromDayTmp = $aSearchResults[$sSaveDateFromDay];
334:         $sSearchStrDateFromMonthTmp = $aSearchResults[$sSaveDateFromMonth];
335:         $sSearchStrDateFromYearTmp = $aSearchResults[$sSaveDateFromYear];
336:         $sSearchStrDateToDayTmp = $aSearchResults[$sSaveDateToDay];
337:         $sSearchStrDateToMonthTmp = $aSearchResults[$sSaveDateToMonth];
338:         $sSearchStrDateToYearTmp = $aSearchResults[$sSaveDateToYear];
339:         $sSearchStrAuthorTmp = $aSearchResults[$sSaveAuthor];
340:         $sSearchStrDateFromTmp = $aSearchResults[$sSaveDateFrom];
341:         $sSearchStrDateToTmp = $aSearchResults[$sSaveDateTo];
342: 
343:         // Script for refreshing search form with stored search options
344:         $sScript = generateJs($aSearchResults);
345:     } elseif (isset($_GET['recentedit'])) {
346:         // Compute current day minus one week
347:         $actDate = time();
348:         $weekInSeconds = 60 * 60 * 24 * 7;  // seconds, minutes, hours, days
349:         $oneWeekEarlier = $actDate - $weekInSeconds;
350: 
351:         $sSearchStrDateTypeTmp = 'lastmodified';
352:         $sSearchStrDateFromDayTmp = date('d', $oneWeekEarlier);
353:         $sSearchStrDateFromMonthTmp = date('m', $oneWeekEarlier);
354:         $sSearchStrDateFromYearTmp = date('Y', $oneWeekEarlier);
355:         $sSearchStrDateToDayTmp = date('d', $actDate);
356:         $sSearchStrDateToMonthTmp = date('m', $actDate);
357:         $sSearchStrDateToYearTmp = date('Y', $actDate);
358:     } elseif (isset($_GET['myarticles'])) {
359:         $sSearchStrAuthorTmp = $auth->auth['uname'];
360:     } elseif (isset($_GET['lostfound'])) {
361:         $bLostAndFound = true;
362:     }
363: } elseif (sizeof($_GET) == 0 && isset($_POST)) {
364:     // STANDARD SEARCH
365: 
366:     $sSearchStrTmp = trim(strip_tags($_POST['bs_search_text']));
367:     $iSearchIdTmp = (int) $_POST['bs_search_id'];
368:     $sSearchStrDateTypeTmp = trim(strip_tags($_POST['bs_search_date_type']));
369:     $sSearchStrDateFromDayTmp = (int) trim(strip_tags($_POST['bs_search_date_from_day']));
370:     $sSearchStrDateFromMonthTmp = (int) trim(strip_tags($_POST['bs_search_date_from_month']));
371:     $sSearchStrDateFromYearTmp = (int) trim(strip_tags($_POST['bs_search_date_from_year']));
372:     $sSearchStrDateToDayTmp = (int) trim(strip_tags($_POST['bs_search_date_to_day']));
373:     $sSearchStrDateToMonthTmp = (int) trim(strip_tags($_POST['bs_search_date_to_month']));
374:     $sSearchStrDateToYearTmp = (int) trim(strip_tags($_POST['bs_search_date_to_year']));
375:     $sSearchStrAuthorTmp = trim(strip_tags($_POST['bs_search_author']));
376: }
377: // else ERROR
378: // No code here, empty results caught later in code
379: 
380: // Title / Content
381: if (!empty($sSearchStrTmp)) {
382:     $sSearchStr = $sSearchStrTmp;
383: }
384: // Article ID
385: if ($iSearchIdTmp > 0) {
386:     $iSearchId = $iSearchIdTmp;
387: }
388: // Date
389: if ($sSearchStrDateTypeTmp != 'n/a') {
390:     if (($sSearchStrDateFromDayTmp > 0) && ($sSearchStrDateFromMonthTmp > 0) && ($sSearchStrDateFromYearTmp > 0)) {
391:         $sSearchStrDateFrom = $sSearchStrDateFromYearTmp . '-' . $sSearchStrDateFromMonthTmp . '-' . $sSearchStrDateFromDayTmp . ' 00:00:00';
392:     } else {
393:         $sSearchStrDateFrom = '';
394:     }
395: 
396:     if (($sSearchStrDateToDayTmp > 0) && ($sSearchStrDateToMonthTmp > 0) && ($sSearchStrDateToYearTmp > 0)) {
397:         $sSearchStrDateTo = $sSearchStrDateToYearTmp . '-' . $sSearchStrDateToMonthTmp . '-' . $sSearchStrDateToDayTmp . ' 23:59:59';
398:     } else {
399:         $sSearchStrDateTo = '';
400:     }
401: 
402:     $sDateFieldName = $sSearchStrDateTypeTmp;
403: } else {
404:     $sDateFieldName = '';
405: }
406: // Author
407: if (!empty($sSearchStrAuthorTmp)) {
408:     $sSearchStrAuthor = $sSearchStrAuthorTmp;
409: }
410: 
411: // Build the query to search for the article
412: $sql = "SELECT
413:           DISTINCT a.idart, a.idartlang, a.title, a.online, a.locked, a.idartlang, a.created, a.published,
414:           a.artsort, a.lastmodified, b.idcat, b.idcatart, b.idcatart, c.startidartlang,
415:           c.idcatlang, e.name as 'tplname'
416:         FROM " . $cfg['tab']['art_lang'] . " as a
417:           LEFT JOIN " . $cfg['tab']['cat_art'] . " as b ON a.idart = b.idart
418:           LEFT JOIN " . $cfg['tab']['cat_lang'] . " as c ON a.idartlang = c.startidartlang
419:           LEFT JOIN " . $cfg['tab']['tpl_conf'] . " as d ON a.idtplcfg = d.idtplcfg
420:           LEFT JOIN " . $cfg['tab']['tpl'] . " as e ON d.idtpl = e.`idtpl`
421:           LEFT JOIN " . $cfg['tab']['content'] . " as f ON f.idartlang = a.idartlang
422:         WHERE
423:           (a.idlang = " . cSecurity::toInteger($iSpeachId) . ")
424:         ";
425: 
426: $sWhere = '';
427: 
428: $bNoCriteria = true;
429: 
430: // Article ID
431: if ($iSearchId > 0) {
432:     $sWhere .= " AND (a.idart = " . cSecurity::toInteger($iSearchId) . ")";
433:     $bNoCriteria = false;
434: }
435: 
436: // Text search
437: if (!empty($sSearchStr)) {
438:     $sWhere .= " AND ((a.title LIKE '%" . mask($db->escape($sSearchStr)) . "%')";
439:     $sWhere .= " OR (f.value LIKE '%" . mask($db->escape($sSearchStr)) . "%'))";
440:     $bNoCriteria = false;
441: }
442: 
443: if (!empty($sSearchStrDateFrom) && ($sDateFieldName != '')) {
444:     $sWhere .= " AND (a." . $db->escape($sDateFieldName) . " >= '" . mask($db->escape($sSearchStrDateFrom)) . "')";
445:     $bNoCriteria = false;
446: }
447: 
448: if (!empty($sSearchStrDateTo) && ($sDateFieldName != '')) {
449:     $sWhere .= " AND (a." . $sDateFieldName . " <= '" . mask($db->escape($sSearchStrDateTo)) . "')";
450:     $bNoCriteria = false;
451: }
452: 
453: if (!empty($sSearchStrAuthor) && ($sSearchStrAuthor != 'n/a')) {
454:     // Author seach
455:     $sWhere .= " AND ((a.author = '" . mask($db->escape($sSearchStrAuthor)) . "') OR (a.modifiedby = '" . mask($db->escape($sSearchStrAuthor)) . "'))";
456:     $bNoCriteria = false;
457: }
458: 
459: if (!empty($sWhere)) {
460:     $sql .= $sWhere;
461:     $sql .= ' ORDER BY a.' . $sSortBy . ' ' . strtoupper($sSortMode);
462:     $db->query($sql);
463: } elseif ($bLostAndFound) {
464:     $sql = "SELECT
465:               DISTINCT a.idart, a.idartlang, a.title, a.online, a.locked, a.idartlang, a.created, a.published,
466:               a.artsort, a.lastmodified, b.idcat, b.idcatart, b.idcatart, c.startidartlang,
467:               c.idcatlang, e.name as 'tplname'
468:             FROM " . $cfg['tab']['art_lang'] . " as a
469:               LEFT JOIN " . $cfg['tab']['cat_art'] . " as b ON a.idart = b.idart
470:               LEFT JOIN " . $cfg['tab']['cat_lang'] . " as c ON a.idartlang = c.startidartlang
471:               LEFT JOIN " . $cfg['tab']['tpl_conf'] . " as d ON a.idtplcfg = d.idtplcfg
472:               LEFT JOIN " . $cfg['tab']['tpl'] . " as e ON d.idtpl = e.`idtpl`
473:             WHERE
474:                 (a.idart NOT IN (SELECT " . $cfg['tab']['cat_art'] . ".idart FROM " . $cfg['tab']['cat_art'] . "))
475:             OR
476:                 (b.idcat NOT IN (SELECT " . $cfg['tab']['cat'] . ".idcat FROM " . $cfg['tab']['cat'] . "));";
477:     $db->query($sql);
478: }
479: 
480: $aTableHeaders = array();
481: foreach ($sSortByValues as $value) {
482:     $sTableHeader = '<a href="#" class="gray">';
483:     switch ($value) {
484:         case 'title':
485:             $sTableHeader .= i18n('Title');
486:             break;
487:         case 'lastmodified':
488:             $sTableHeader .= i18n('Changed');
489:             break;
490:         case 'published':
491:             $sTableHeader .= i18n('Published');
492:             break;
493:         case 'artsort':
494:             $sTableHeader .= i18n('Sort order');
495:             break;
496:         default:
497:             break;
498:     }
499:     $sTableHeader .= '</a>';
500:     // Add the sorting arrow
501:     if ($value == $sSortBy) {
502:         $imageSrc = ($sSortMode == 'asc') ? 'images/sort_up.gif' : 'images/sort_down.gif';
503:         $sTableHeader .= '<img src="' . $imageSrc . '">';
504:     }
505:     $aTableHeaders[$value] = $sTableHeader;
506: }
507: 
508: $tpl = new cTemplate();
509: 
510: $tpl->setEncoding('iso-8859-1');
511: $tpl->set('s', 'SCRIPT', $sScript);
512: $tpl->set('s', 'TITLE', i18n('Search results'));
513: $tpl->set('s', 'TH_START', i18n("Article"));
514: $tpl->set('s', 'TH_TITLE', $aTableHeaders['title']);
515: $tpl->set('s', 'TH_CHANGED', $aTableHeaders['lastmodified']);
516: $tpl->set('s', 'TH_PUBLISHED', $aTableHeaders['published']);
517: $tpl->set('s', 'TH_SORTORDER', $aTableHeaders['artsort']);
518: $tpl->set('s', 'TH_TEMPLATE', i18n("Template"));
519: $tpl->set('s', 'TH_ACTIONS', i18n("Actions"));
520: $tpl->set('s', 'CURRENT_SORTBY', $sSortBy);
521: $tpl->set('s', 'CURRENT_SORTMODE', $sSortMode);
522: 
523: // Refresh top left frame
524: $tpl->set('s', 'REFRESH', $sRefreshScript);
525: 
526: // Successfully stored Message
527: $tpl->set('s', 'SEARCHSTOREDMESSAGE', $sSaveSuccessfull);
528: 
529: $iAffectedRows = $db->affectedRows();
530: 
531: if ($iAffectedRows <= 0 || (empty($sWhere) && !$bLostAndFound)) {
532:     $sNoArticle = i18n("Missing search value.");
533:     $sNothingFound = i18n("No article found.");
534: 
535:     if ($bNoCriteria && !$bLostAndFound) {
536:         $sErrOut = $sNoArticle;
537:     } else {
538:         $sErrOut = $sNothingFound;
539:     }
540: 
541:     $sRow = '<tr><td colspan="7" class="bordercell">' . $sErrOut . '</td></tr>';
542:     $tpl->set('d', 'ROWS', $sRow);
543:     $sLoadSubnavi = 'Con.getFrame(\'right_top\').location.href = \'main.php?area=con&frame=3&idcat=0&idtpl=' . $iIdTpl . '&contenido=' . $sSession . "';";
544:     $tpl->next();
545: } else {
546:     $bHit = false;
547: 
548:     for ($i = 0; $i < $iAffectedRows; $i++) {
549:         $sRow = '';
550: 
551:         $db->nextRecord();
552: 
553:         $idcat = $db->f("idcat");
554: 
555:         $bCheckRights = $perm->have_perm_area_action("con", "con_makestart");
556: 
557:         if (!$bCheckRights) {
558:             $bCheckRights = $perm->have_perm_area_action("con", "con_makeonline");
559:         }
560:         if (!$bCheckRights) {
561:             $bCheckRights = $perm->have_perm_area_action("con", "con_deleteart");
562:         }
563:         if (!$bCheckRights) {
564:             $bCheckRights = $perm->have_perm_area_action("con", "con_tplcfg_edit");
565:         }
566:         if (!$bCheckRights) {
567:             $bCheckRights = $perm->have_perm_area_action("con", "con_makecatonline");
568:         }
569:         if (!$bCheckRights) {
570:             $bCheckRights = $perm->have_perm_area_action("con", "con_changetemplate");
571:         }
572:         if (!$bCheckRights) {
573:             $bCheckRights = $perm->have_perm_area_action("con_editcontent", "con_editart");
574:         }
575:         if (!$bCheckRights) {
576:             $bCheckRights = $perm->have_perm_area_action("con_editart", "con_edit");
577:         }
578:         if (!$bCheckRights) {
579:             $bCheckRights = $perm->have_perm_area_action("con_editart", "con_newart");
580:         }
581:         if (!$bCheckRights) {
582:             $bCheckRights = $perm->have_perm_area_action("con_editart", "con_saveart");
583:         }
584: 
585:         // Check rights per cat
586:         if (!$bCheckRights) {
587:             // hotfix timo trautmann 2008-12-10 also check rights in associated groups
588:             $aGroupsForUser = $perm->getGroupsForUser($auth->auth['uid']);
589:             $aGroupsForUser[] = $auth->auth['uid'];
590:             $sTmpUserString = implode("','", $aGroupsForUser);
591: 
592:             // Check if any rights are applied to current user or his groups
593:             $sql = "SELECT *
594:                     FROM " . $cfg["tab"]["rights"] . "
595:                     WHERE user_id IN ('" . $sTmpUserString . "') AND idclient = " . cSecurity::toInteger($client) . "
596:                         AND idlang = " . cSecurity::toInteger($lang) . " AND idcat = " . cSecurity::toInteger($idcat);
597:             $db2->query($sql);
598: 
599:             if ($db2->numRows() != 0) {
600: 
601:                 if (!$bCheckRights) {
602:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_makestart", $idcat);
603:                 }
604:                 if (!$bCheckRights) {
605:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_makeonline", $idcat);
606:                 }
607:                 if (!$bCheckRights) {
608:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_deleteart", $idcat);
609:                 }
610:                 if (!$bCheckRights) {
611:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_tplcfg_edit", $idcat);
612:                 }
613:                 if (!$bCheckRights) {
614:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_makecatonline", $idcat);
615:                 }
616:                 if (!$bCheckRights) {
617:                     $bCheckRights = $perm->have_perm_area_action_item("con", "con_changetemplate", $idcat);
618:                 }
619:                 if (!$bCheckRights) {
620:                     $bCheckRights = $perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat);
621:                 }
622:                 if (!$bCheckRights) {
623:                     $bCheckRights = $perm->have_perm_area_action_item("con_editart", "con_edit", $idcat);
624:                 }
625:                 if (!$bCheckRights) {
626:                     $bCheckRights = $perm->have_perm_area_action_item("con_editart", "con_newart", $idcat);
627:                 }
628:                 if (!$bCheckRights) {
629:                     $bCheckRights = $perm->have_perm_area_action_item("con_editart", "con_saveart", $idcat);
630:                 }
631:             }
632:         }
633: 
634:         if ($bCheckRights) {
635:             $bHit = true;
636: 
637:             $idart = $db->f("idart");
638:             $idartlang = $db->f("idartlang");
639:             $idcatart = $db->f("idcatart");
640:             $idcatlang = $db->f("idcatlang");
641:             $title = $db->f("title");
642:             $idartlang = $db->f("idartlang");
643:             $created = date($sDateFormat, strtotime($db->f("created")));
644:             $lastmodified = date($sDateFormat, strtotime($db->f("lastmodified")));
645:             $published = date($sDateFormat, strtotime($db->f("published")));
646:             $online = $db->f("online");
647:             $locked = $db->f("locked");
648:             $startidartlang = $db->f("startidartlang");
649:             $templatename = $db->f("tplname");
650:             $idtplcfg = $db->f("idtplcfg");
651: 
652:             // Store values of category and template for first found article
653:             if ($i == 0) {
654:                 $iDisplayMenu = 1;
655:                 $iIdCat = $idcat;
656:                 $iIdTpl = $idtpl;
657:             }
658: 
659:             // Convert to start article/regular article
660:             if ($perm->have_perm_area_action_item("con", "con_makestart", $idcat) && 0 == 1) {
661:                 if ($startidartlang == $idartlang) {
662:                     $sFlagTitle = i18n('Flag as normal article');
663:                     $makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><a href=\"main.php?area=con&idcat=$idcat&action=con_makestart&idcatart=$idcatart&frame=4&is_start=0&contenido=$sSession\" title=\"{$sFlagTitle}\"><img src=\"images/isstart1.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></a></td>";
664:                 } else {
665:                     $sFlagTitle = i18n('Flag as start article');
666:                     $makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><a href=\"main.php?area=con&idcat=$idcat&action=con_makestart&idcatart=$idcatart&frame=4&is_start=1&contenido=$sSession\" title=\"{$sFlagTitle}\"><img src=\"images/isstart0.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></a></td>";
667:                 }
668:             } else {
669:                 if ($startidartlang == $idartlang) {
670:                     $makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><img src=\"images/isstart1.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></td>";
671:                 } else {
672:                     $makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><img src=\"images/isstart0.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></td>";
673:                 }
674:             }
675: 
676:             // Set online/offline
677:             if ($online == 1) {
678:                 $sOnlineStatus = i18n('Make offline');
679:                 $bgColorRow = "background-color: #E2E2E2;";
680:                 $setOnOff = "<a href=\"main.php?area=con&idcat=$idcat&action=con_makeonline&frame=4&idart=$idart&contenido=$sSession\" title=\"{$sOnlineStatus}\"><img src=\"images/online.gif\" title=\"{$sOnlineStatus}\" alt=\"{$sOnlineStatus}\" border=\"0\"></a>";
681:             } else {
682:                 $sOnlineStatus = i18n('Make online');
683:                 $bgColorRow = "background-color: #E2D9D9;";
684:                 $setOnOff = "<a href=\"main.php?area=con&idcat=$idcat&action=con_makeonline&frame=4&idart=$idart&contenido=$sSession\" title=\"{$sOnlineStatus}\"><img src=\"images/offline.gif\" title=\"{$sOnlineStatus}\" alt=\"{$sOnlineStatus}\" border=\"0\"></a>";
685:             }
686:             // Lock/unlock article
687:             if ($locked == 1) {
688:                 $sLockStatus = i18n('Unfreeze article');
689:                 $lockArticle = "<a href=\"main.php?area=con&idcat=$idcat&action=con_lock&frame=4&idart=$idart&contenido=$sSession\" title=\"{$sLockStatus}\"><img src=\"images/lock_closed.gif\" title=\"{$sLockStatus}\" alt=\"{$sLockStatus}\" border=\"0\"></a>";
690:             } else {
691:                 $sLockStatus = i18n('Freeze article');
692:                 $lockArticle = "<a href=\"main.php?area=con&idcat=$idcat&action=con_lock&frame=4&idart=$idart&contenido=$sSession\" title=\"{$sLockStatus}\"><img src=\"images/lock_open.gif\" title=\"{$sLockStatus}\" alt=\"{$sLockStatus}\" border=\"0\"></a>";
693:             }
694: 
695:             // Templatename
696:             if (!empty($templatename)) {
697:                 $sTemplateName = conHtmlentities($templatename);
698:             } else {
699:                 $db2 = cRegistry::getDb();
700:                 $sql2 = "SELECT
701:                             c.idtpl AS idtpl,
702:                             c.name AS name,
703:                             c.description,
704:                             b.idtplcfg AS idtplcfg
705:                         FROM
706:                             " . $cfg['tab']['tpl_conf'] . " AS a,
707:                             " . $cfg['tab']['cat_lang'] . " AS b,
708:                             " . $cfg['tab']['tpl'] . " AS c
709:                         WHERE
710:                             b.idcat     = " . cSecurity::toInteger($idcat) . " AND
711:                             b.idlang    = " . cSecurity::toInteger($lang) . " AND
712:                             b.idtplcfg  = a.idtplcfg AND
713:                             c.idtpl     = a.idtpl AND
714:                             c.idclient  = " . cSecurity::toInteger($client);
715:                 $db2->query($sql2);
716:                 $db2->nextRecord();
717:                 $sTemplateName = $db2->f("name") ? '<i>' . $db2->f("name") . '</i>' : "--- " . i18n("None") . " ---";
718:             }
719: 
720:             $sTodoListSubject = i18n("Reminder");
721:             $sReminder = i18n("Set reminder / add to todo list");
722:             $sDuplicateArticle = i18n("Duplicate article");
723:             $sArticleProperty = i18n("Article properties");
724:             $sConfigureTpl = i18n("Configure template");
725:             $sDeleteArticle = i18n("Delete article");
726:             $sDeleteArticleQuestion = i18n("Do you really want to delete the following article");
727:             $sRowId = "$idart-$idartlang-$idcat-0-$idcatart-$iLangId";
728: 
729:             if ($i == 0) {
730:                 $tpl->set('s', 'FIRST_ROWID', $sRowId);
731:             }
732: 
733:             $categoryHelper = cCategoryHelper::getInstance();
734:             $catArt = new cApiCategoryArticle($idcatart);
735:             $catArray = $categoryHelper->getCategoryPath($catArt->get("idcat"));
736:             $catstring = "";
737:             foreach ($catArray as $cat) {
738:                 $catstring .= $cat->get("name") . "-> ";
739:             }
740:             if (strlen($catstring) > 0) {
741:                 $catstring = substr($catstring, 0, strlen($catstring) - 3);
742:             }
743: 
744:             $strTitle = cSecurity::unFilter($db->f("title"));
745: 
746:             if ($idcat == '') {
747:                 $idcat = 0;
748:             }
749: 
750:             if ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat)) {
751:                 $editart = "<a href=\"main.php?area=con_editcontent&action=con_editart&changeview=edit&idartlang=$idartlang&idart=$idart&idcat=$idcat&frame=4&contenido=$sSession\" title=\"idart: $idart idcatart: $idcatart\" alt=\"idart: $idart idcatart: $idcatart\"><i><span style='font-size: 80%'>" . $catstring . "</span></i><br>" . $strTitle . "</a>";
752:             } else {
753:                 $editart = "<i><span style='font-size: 80%'>" . $catstring . "</span></i><br>" . $strTitle;
754:             }
755: 
756:             if ($perm->have_perm_area_action_item("con", "con_duplicate", $idcat)) {
757:                 $duplicate = "<a href=\"main.php?area=con&idcat=$idcat&action=con_duplicate&duplicate=$idart&frame=4&contenido=$sSession\" title=\"$sDuplicateArticle\"><img src=\"images/but_copy.gif\" border=\"0\" title=\"$sDuplicateArticle\" alt=\"$sDuplicateArticle\"></a>";
758:             } else {
759:                 $duplicate = "";
760:             }
761: 
762:             if ($perm->have_perm_area_action_item("con", "con_deleteart", $idcat)) {
763:                 $tmp_title = conHtmlSpecialChars($db->f("title"));
764:                 if (strlen($tmp_title) > 30) {
765:                     $tmp_title = substr($tmp_title, 0, 27) . "...";
766:                 }
767: 
768:                 $delete = '
769:                 <a
770:                     href="javascript:void(0)"
771:                     onclick="Con.showConfirmation(&quot;' . $sDeleteArticleQuestion . ':<br><br><b>' . conHtmlSpecialChars($tmp_title) . '</b>&quot;, function() {deleteArticle(' . $idart . ', ' . $idcat . ');});"
772:                     title="' . $sDeleteArticle . '"
773:                 >
774:                     <img src="images/delete.gif" title="' . $sDeleteArticle . '" alt="' . $sDeleteArticle . '">
775:                 </a>';
776:             } else {
777:                 $delete = "";
778:             }
779: 
780:             $sRow = '<tr id="' . $sRowId . '" class="text_medium" onmouseover="artRow.over(this)" onmouseout="artRow.out(this)" onclick="artRow.click(this)">' . "\n";
781:             $sRow .= $makeStartarticle . "\n";
782:             $sRow .= "<td nowrap=\"nowrap\" class=\"bordercell\">$editart</td>
783:                       <td nowrap=\"nowrap\" class=\"bordercell\">$lastmodified</td>
784:                       <td nowrap=\"nowrap\" class=\"bordercell\">$published</td>
785:                       <td nowrap=\"nowrap\" class=\"bordercell\">" . $db->f("artsort") . "</td>
786:                       <td nowrap=\"nowrap\" class=\"bordercell\">$sTemplateName</td>
787:                       <td nowrap=\"nowrap\" class=\"bordercell\">
788:                           <a id=\"m1\" onclick=\"javascript:window.open('main.php?subject=$sTodoListSubject&amp;area=todo&amp;frame=1&amp;itemtype=idart&amp;itemid=$idart&amp;contenido=$sSession', 'todo', 'scrollbars=yes, height=300, width=625');\" alt=\"$sReminder\" title=\"$sReminder\" href=\"#\"><img id=\"m2\" alt=\"$sReminder\" src=\"images/but_setreminder.gif\" border=\"0\"></a>
789:                           $properties
790:                           $tplconfig
791:                           $duplicate
792:                           $delete
793:                       </td>
794:                   </tr>";
795: 
796:             $tpl->set('d', 'ROWS', $sRow);
797:             $tpl->next();
798:         }
799:     }
800: 
801:     if (!$bHit) {
802:         $sNothingFound = i18n("No article found.");
803:         $sRow = '<tr><td colspan="7" class="bordercell">' . $sNothingFound . '</td></tr>';
804:         $tpl->set('d', 'ROWS', $sRow);
805:         $tpl->next();
806:     }
807: 
808:     if ($bLostAndFound) {
809:         $iDisplayMenu = 1;
810:     }
811:     $sLoadSubnavi = 'Con.getFrame(\'right_top\').location.href = \'main.php?area=con&frame=3&idcat=' . $iIdCat . '&idtpl=' . $iIdTpl . '&display_menu=' . $iDisplayMenu . '&contenido=' . $sSession . "';";
812: }
813: 
814: 
815: ###########################
816: # Save Search Parameters
817: ###########################
818: 
819: if (sizeof($_GET) == 0 && isset($_POST) && !$bNoCriteria) {
820:     // Build form with hidden fields that contain all search parameters to be stored using generic db
821:     $searchForm = '<form id="save_search" target="right_bottom" method="post" action="backend_search.php">';
822:     // Meta for CONTENIDO
823:     $searchForm .= '<input type="hidden" name="area" value="' . $area . '">';
824:     $searchForm .= '<input type="hidden" name="frame" value="' . $frame . '">';
825:     $searchForm .= '<input type="hidden" name="contenido" value="' . $sess->id . '">';
826:     $searchForm .= '<input type="hidden" name="speach" value="' . $lang . '">';
827:     // Form data for saving current search
828:     $searchForm .= '<input type="hidden" name="save_search" id="save_search" value="true">';
829:     $searchForm .= '<input type="hidden" name="' . $sSaveTitle . '" id="' . $sSaveTitle . '" value="' . $sSearchStr . '">';
830:     $searchForm .= '<input type="hidden" name="' . $sSaveId . '" id="' . $sSaveId . '" value="' . $iSearchId . '">';
831:     $searchForm .= '<input type="hidden" name="' . $sSaveDateFrom . '" id="' . $sSaveDateFrom . '" value="' . $sSearchStrDateFrom . '">';
832:     $searchForm .= '<input type="hidden" name="' . $sSaveDateTo . '" id="' . $sSaveDateTo . '" value="' . $sSearchStrDateTo . '">';
833:     $searchForm .= '<input type="hidden" name="' . $sSaveDateField . '" id="' . $sSaveDateField . '" value="' . $sDateFieldName . '">';
834:     $searchForm .= '<input type="hidden" name="' . $sSaveAuthor . '" id="' . $sSaveAuthor . '" value="' . $sSearchStrAuthor . '">';
835:     $searchForm .= '<label for="' . $sSaveName . '">' . i18n("Search name") . ': </label>';
836:     $searchForm .= '<input type="text" class="text_medium" name="' . $sSaveName . '" id="' . $sSaveName . '" placeholder="' . i18n("The search") . '" class="vAlignMiddle">';
837:     $searchForm .= '<input type="image" class="vAlignMiddle tableElement" src="./images/but_ok.gif" alt="' . i18n('Store') . '" title="' . i18n('Store') . '" value="' . i18n('Store') . '" name="submit">';
838:     $searchForm .= '</form>';
839:     $tpl->set('s', 'STORESEARCHFORM', $searchForm);
840: 
841:     // Title / Header for 'store the search' form
842:     $tpl->set('s', 'STORESEARCHINFO', i18n("Save this search"));
843: } else {
844:     $tpl->set('s', 'STORESEARCHINFO', '');
845:     $tpl->set('s', 'STORESEARCHFORM', '');
846: }
847: 
848: $tpl->set('s', 'SUBNAVI', $sLoadSubnavi);
849: sendEncodingHeader($db, $cfg, $lang);
850: $tpl->generate($cfg['path']['templates'] . 'template.backend_search_results.html');
851: