diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-06-02 16:49:22 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-06-02 16:49:22 +0000 |
| commit | 472867909d41581a2f4a1239f3ff4071b3e06f9f (patch) | |
| tree | 51dc2243baf4b43c02dfde93a7e350b3f365d2ba /phpBB/search.php | |
| parent | 4be30f3a82d7b10fe3f6189ec3c2a0d8a79ba5ae (diff) | |
| download | forums-472867909d41581a2f4a1239f3ff4071b3e06f9f.tar forums-472867909d41581a2f4a1239f3ff4071b3e06f9f.tar.gz forums-472867909d41581a2f4a1239f3ff4071b3e06f9f.tar.bz2 forums-472867909d41581a2f4a1239f3ff4071b3e06f9f.tar.xz forums-472867909d41581a2f4a1239f3ff4071b3e06f9f.zip | |
User can only search and see results for forums they have auth_view rights
git-svn-id: file:///svn/phpbb/trunk@410 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/search.php')
| -rw-r--r-- | phpBB/search.php | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/phpBB/search.php b/phpBB/search.php index 42c00a63e9..ae33e1ca86 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -309,6 +309,12 @@ if((isset($HTTP_POST_VARS['dosearch']) || isset($HTTP_GET_VARS['dosearch'])) && { // + // Limit to search to accessible + // forums + // + $is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); + + // // Start building appropriate SQL query // $sql = "SELECT pt.post_text, pt.post_subject, p.forum_id, p.post_id, p.topic_id, p.post_time, f.forum_name, t.topic_title, t.topic_replies, t.topic_views, u.username, u.user_id @@ -349,7 +355,15 @@ if((isset($HTTP_POST_VARS['dosearch']) || isset($HTTP_GET_VARS['dosearch'])) && if($searchforum != "all") { - $sql .= " AND (f.forum_id = '$searchforum')"; + $sql .= ($is_auth_ary[$searchforum]['auth_view']) ? " AND (f.forum_id = '$searchforum')" : ""; + } + + while(list($key, $value) = each($is_auth_ary)) + { + if(!$value['auth_view']) + { + $sql .= " AND (f.forum_id <> $key )"; + } } $sql .= " ORDER BY ".$sortby_sql[$sortby]." $sortby_dir"; @@ -479,10 +493,15 @@ if(!$result) error_die(QUERY_ERROR, "Couldn't obtain forum_name/forum_id", __LINE__, __FILE__); } +$is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); + $s_forums = "<option value=\"all\">".$lang['All']."</option>"; while($row = $db->sql_fetchrow($result)) { - $s_forums .= "<option value=\"".$row['forum_id']."\">".$row['forum_name']."</option>"; + if($is_auth_ary[$row['forum_id']]['auth_view']) + { + $s_forums .= "<option value=\"".$row['forum_id']."\">".$row['forum_name']."</option>"; + } } $s_characters = "<option value=\"all\">".$lang['All']."</option>"; |