makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

User can only search and see results for forums they have auth_view rights

Browse source 
git-svn-id: file:///svn/phpbb/trunk@410 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-06-02 16:49:22 +00:00
parent 4be30f3a82
commit 472867909d
1 changed files with 21 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
phpBB/search.php
View file

@ -308,6 +308,12 @@ $sortby_sql = array("p.post_time", "pt.post_subject", "t.topic_title", "u.userna
if((isset($HTTP_POST_VARS['dosearch']) || isset($HTTP_GET_VARS['dosearch'])) && (!empty($querystring) || !empty($authorstring))) if((isset($HTTP_POST_VARS['dosearch']) || isset($HTTP_GET_VARS['dosearch'])) && (!empty($querystring) || !empty($authorstring)))
{ {
//
// Limit to search to accessible
// forums
//
$is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
// //
// Start building appropriate SQL query // Start building appropriate SQL query
// //
@ -349,7 +355,15 @@ if((isset($HTTP_POST_VARS['dosearch']) || isset($HTTP_GET_VARS['dosearch'])) &&
if($searchforum != "all") if($searchforum != "all")
{ {
$sql .= " AND (f.forum_id = '$searchforum')"; $sql .= ($is_auth_ary[$searchforum]['auth_view']) ? " AND (f.forum_id = '$searchforum')" : "";
}
while(list($key, $value) = each($is_auth_ary))
{
if(!$value['auth_view'])
{
$sql .= " AND (f.forum_id <> $key )";
}
} }
$sql .= " ORDER BY ".$sortby_sql[$sortby]." $sortby_dir"; $sql .= " ORDER BY ".$sortby_sql[$sortby]." $sortby_dir";
@ -479,11 +493,16 @@ if(!$result)
error_die(QUERY_ERROR, "Couldn't obtain forum_name/forum_id", __LINE__, __FILE__); error_die(QUERY_ERROR, "Couldn't obtain forum_name/forum_id", __LINE__, __FILE__);
} }
$is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
$s_forums = "<option value=\"all\">".$lang['All']."</option>"; $s_forums = "<option value=\"all\">".$lang['All']."</option>";
while($row = $db->sql_fetchrow($result)) while($row = $db->sql_fetchrow($result))
{
if($is_auth_ary[$row['forum_id']]['auth_view'])
{ {
$s_forums .= "<option value=\"".$row['forum_id']."\">".$row['forum_name']."</option>"; $s_forums .= "<option value=\"".$row['forum_id']."\">".$row['forum_name']."</option>";
} }
}
$s_characters = "<option value=\"all\">".$lang['All']."</option>"; $s_characters = "<option value=\"all\">".$lang['All']."</option>";
$s_characters .= "<option value=\"0\">0</option>"; $s_characters .= "<option value=\"0\">0</option>";