From b5ee81dae6f097e97049a756763d1b3119f61573 Mon Sep 17 00:00:00 2001
From: Suhaib Khan <suhebjerk@gmail.com>
Date: Sun, 9 Feb 2014 21:57:44 +0530
Subject: [PATCH] [ticket/10737] Code fixes in AJAX search feature

PHPBB3-10737
---
 phpBB/memberlist.php                          | 25 +++++++++++--------
 .../prosilver/template/memberlist_search.html | 20 +++++++--------
 .../template/memberlist_search.html           | 20 +++++++--------
 3 files changed, 32 insertions(+), 33 deletions(-)

diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php
index c2a995da4c..d2ba27559c 100644
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -982,21 +982,24 @@ switch ($mode)
 	break;
 	
 	case 'livesearch':
-		$q=request_var('q', '', true);
-		$hint="";
-		$sql = "SELECT username, user_id
-				FROM " . USERS_TABLE . " u
-				WHERE username LIKE '".$q."%' AND u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")";	
-		$result = $db->sql_query($sql);
-		$i=1;
-		while ($i<=10 && $row = $db->sql_fetchrow($result))
+		$username_chars = $request->variable('q', '', true);
+		$hint = "";
+		
+		$sql = 'SELECT username, user_id
+			FROM ' . USERS_TABLE . '
+			WHERE ' . $db->sql_in_set('user_type', array(USER_NORMAL, USER_FOUNDER)) . '
+				AND username ' . $db->sql_like_expression($username_chars . $db->any_char);
+		$result = $db->sql_query_limit($sql, 10);
+		
+		$i = 1;
+		while ($row = $db->sql_fetchrow($result))
 		{	
-			$j=($i%2)+1;
-			$hint.="<tr class='bg".$j." row".$j."'><td><a href='" . 
+			$j = ($i%2)+1;
+			$hint.= "<tr class='bg".$j." row".$j."'><td><a href='" . 
 				$phpbb_root_path."memberlist.$phpEx". "?mode=viewprofile&u=" . $row['user_id'] . 
 				"' target='_blank'>" . 
 				$row['username'] . "</a></td></tr>";
-				$i++;
+			$i++;
 		}
 		echo $hint;
 		exit();
diff --git a/phpBB/styles/prosilver/template/memberlist_search.html b/phpBB/styles/prosilver/template/memberlist_search.html
index 4e28c26d3a..59b7b0a5a7 100644
--- a/phpBB/styles/prosilver/template/memberlist_search.html
+++ b/phpBB/styles/prosilver/template/memberlist_search.html
@@ -1,23 +1,21 @@
 <script>
-	function showHint(str)
-	{ 
-		if (str.length<3)
-		  { 
+	function showHint(str) { 
+		if (str.length<3) { 
 		  document.getElementById("livesearch").innerHTML="";
 		  return;
-		  }
+		}
 		
 		$.ajax({
 			url:'{S_LIVE_SEARCH_ACTION}'+"&q="+str,
-			success:function(result){
+			success:function(result) {
 					$("#livesearch").html(result);
 					}
 				});
 	}
-	
-	function clearSearch()
-	{	
-		document.getElementById("livesearch").innerHTML="";
+	function clearSearch() {	
+		setTimeout(function () {
+        	document.getElementById("livesearch").innerHTML="";
+		}, 500);	
 	}
 </script>
 
@@ -32,7 +30,7 @@
 	<fieldset class="fields1 column1">
 	<dl>
 		<dt><label for="username">{L_USERNAME}{L_COLON}</label></dt>
-		<dd><input type="text" name="username" id="username" value="{USERNAME}" class="inputbox" onkeyup="showHint(this.value)" onblur="clearSearch()" /> <table class="table1" id="livesearch"></table> </dd>
+		<dd><input type="text" name="username" id="username" value="{USERNAME}" class="inputbox" autocomplete="off" onkeyup="showHint(this.value)" onblur="clearSearch()" /> <table class="table1" id="livesearch"></table> </dd>
 	</dl>
 <!-- IF S_EMAIL_SEARCH_ALLOWED -->
 	<dl>
diff --git a/phpBB/styles/subsilver2/template/memberlist_search.html b/phpBB/styles/subsilver2/template/memberlist_search.html
index 868d515a9f..ba72e4ee8d 100644
--- a/phpBB/styles/subsilver2/template/memberlist_search.html
+++ b/phpBB/styles/subsilver2/template/memberlist_search.html
@@ -65,25 +65,23 @@
 <!-- ENDIF -->
 
 <script>
-	function showHint(str)
-	{ 
-		if (str.length<3)
-		  { 
+	function showHint(str) { 
+		if (str.length<3) { 
 		  document.getElementById("livesearch").innerHTML="";
 		  return;
-		  }
+		}
 		
 		$.ajax({
 			url:'{S_LIVE_SEARCH_ACTION}'+"&q="+str,
-			success:function(result){
+			success:function(result) {
 					$("#livesearch").html(result);
 					}
 				});
 	}
-	
-	function clearSearch()
-	{	
-		document.getElementById("livesearch").innerHTML="";
+	function clearSearch() {	
+		setTimeout(function () {
+        	document.getElementById("livesearch").innerHTML="";
+		}, 500);		
 	}
 </script>
 
@@ -98,7 +96,7 @@
 </tr>
 <tr>
 	<td class="row1"><b class="genmed">{L_USERNAME}{L_COLON}</b></td>
-	<td class="row2"><input class="post" type="text" name="username" value="{USERNAME}" onkeyup="showHint(this.value)" onblur="clearSearch()" /> <table class="tablebg" id="livesearch"></table> </td>
+	<td class="row2"><input class="post" type="text" name="username" value="{USERNAME}" autocomplete="off" onkeyup="showHint(this.value)" onblur="clearSearch()" /> <table class="tablebg" id="livesearch"></table> </td>
 	<!-- IF S_EMAIL_SEARCH_ALLOWED -->
 		<td class="row1"><b class="genmed">{L_EMAIL}{L_COLON}</b></td>
 		<td class="row2"><input class="post" type="email" name="email" value="{EMAIL}" /></td>