From dad60045b60d7a622bb23d34d808fc1d03a91b90 Mon Sep 17 00:00:00 2001 From: Suhaib Khan Date: Thu, 6 Feb 2014 18:32:59 +0530 Subject: [ticket/10737] Adding username suggestions in "Find a member" using AJAX PHPBB3-10737 --- phpBB/memberlist.php | 44 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 8fceb4ac5b..1c786c0a1a 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -40,7 +40,7 @@ if ($mode == 'leaders') } // Check our mode... -if (!in_array($mode, array('', 'group', 'viewprofile', 'email', 'contact', 'searchuser', 'team'))) +if (!in_array($mode, array('', 'group', 'viewprofile', 'email', 'contact', 'searchuser', 'team', 'livesearch'))) { trigger_error('NO_MODE'); } @@ -980,7 +980,44 @@ switch ($mode) ); break; - + + case 'livesearch': + $q=request_var('q',''); + $hint=""; + // Get us some users :D + $sql = "SELECT u.user_id + FROM " . USERS_TABLE . " u + WHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")"; + + $result = $db->sql_query($sql); + $user_list = array(); + while ($row = $db->sql_fetchrow($result)) + { + $user_list[] = (int) $row['user_id']; + } + $db->sql_freeresult($result); + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', $user_list); + $result = $db->sql_query($sql); + $i=1; + while ($row = $db->sql_fetchrow($result)) + { $j=($i%2)+1; + if(stripos($row['username'],$q)===0) + { + $hint.="" . + $row['username'] . ""; + $i++; + } + else + $hint.=""; + } + echo $hint; + exit(); + break; + case 'group': default: // The basic memberlist @@ -1456,7 +1493,8 @@ switch ($mode) 'S_JOINED_TIME_OPTIONS' => $s_find_join_time, 'S_ACTIVE_TIME_OPTIONS' => $s_find_active_time, 'S_GROUP_SELECT' => $s_group_select, - 'S_USER_SEARCH_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=$form&field=$field")) + 'S_USER_SEARCH_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=$form&field=$field"), + 'S_LIVE_SEARCH_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=livesearch", $is_amp = false)) ); } -- cgit v1.2.1 From bc67377400ad11470fb1975af1e07b136f07a24d Mon Sep 17 00:00:00 2001 From: Suhaib Khan Date: Thu, 6 Feb 2014 22:18:48 +0530 Subject: [ticket/10737] Improvements over last commit PHPBB3-10737 --- phpBB/memberlist.php | 40 ++++++++++++---------------------------- 1 file changed, 12 insertions(+), 28 deletions(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 1c786c0a1a..c2a995da4c 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -982,37 +982,21 @@ switch ($mode) break; case 'livesearch': - $q=request_var('q',''); + $q=request_var('q', '', true); $hint=""; - // Get us some users :D - $sql = "SELECT u.user_id - FROM " . USERS_TABLE . " u - WHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")"; - - $result = $db->sql_query($sql); - $user_list = array(); - while ($row = $db->sql_fetchrow($result)) - { - $user_list[] = (int) $row['user_id']; - } - $db->sql_freeresult($result); - $sql = 'SELECT * - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('user_id', $user_list); + $sql = "SELECT username, user_id + FROM " . USERS_TABLE . " u + WHERE username LIKE '".$q."%' AND u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")"; $result = $db->sql_query($sql); $i=1; - while ($row = $db->sql_fetchrow($result)) - { $j=($i%2)+1; - if(stripos($row['username'],$q)===0) - { - $hint.="" . - $row['username'] . ""; - $i++; - } - else - $hint.=""; + while ($i<=10 && $row = $db->sql_fetchrow($result)) + { + $j=($i%2)+1; + $hint.="" . + $row['username'] . ""; + $i++; } echo $hint; exit(); -- cgit v1.2.1 From b5ee81dae6f097e97049a756763d1b3119f61573 Mon Sep 17 00:00:00 2001 From: Suhaib Khan Date: Sun, 9 Feb 2014 21:57:44 +0530 Subject: [ticket/10737] Code fixes in AJAX search feature PHPBB3-10737 --- phpBB/memberlist.php | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index c2a995da4c..d2ba27559c 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -982,21 +982,24 @@ switch ($mode) break; case 'livesearch': - $q=request_var('q', '', true); - $hint=""; - $sql = "SELECT username, user_id - FROM " . USERS_TABLE . " u - WHERE username LIKE '".$q."%' AND u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")"; - $result = $db->sql_query($sql); - $i=1; - while ($i<=10 && $row = $db->sql_fetchrow($result)) + $username_chars = $request->variable('q', '', true); + $hint = ""; + + $sql = 'SELECT username, user_id + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_type', array(USER_NORMAL, USER_FOUNDER)) . ' + AND username ' . $db->sql_like_expression($username_chars . $db->any_char); + $result = $db->sql_query_limit($sql, 10); + + $i = 1; + while ($row = $db->sql_fetchrow($result)) { - $j=($i%2)+1; - $hint.="" . $row['username'] . ""; - $i++; + $i++; } echo $hint; exit(); -- cgit v1.2.1 From dd07efcac7f4e9eed20b3c65047019aff694a9d7 Mon Sep 17 00:00:00 2001 From: Suhaib Khan Date: Fri, 21 Feb 2014 13:01:22 +0530 Subject: [ticket/10737] Using JQuery events and JSON response. PHPBB3-10737 --- phpBB/memberlist.php | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index d2ba27559c..748b2548c9 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -983,7 +983,6 @@ switch ($mode) case 'livesearch': $username_chars = $request->variable('q', '', true); - $hint = ""; $sql = 'SELECT username, user_id FROM ' . USERS_TABLE . ' @@ -991,17 +990,17 @@ switch ($mode) AND username ' . $db->sql_like_expression($username_chars . $db->any_char); $result = $db->sql_query_limit($sql, 10); + $user_list = array(); $i = 1; while ($row = $db->sql_fetchrow($result)) { $j = ($i%2)+1; - $hint.= "" . - $row['username'] . ""; + $user_list[] = array("id" => $row['user_id'], "name" => $row['username']); $i++; } - echo $hint; + + $json_response = new \phpbb\json_response(); + echo $json_response->send($user_list); exit(); break; -- cgit v1.2.1 From e644c67dcf4a505759533c42e0c511fab93028ae Mon Sep 17 00:00:00 2001 From: Suhaib Khan Date: Fri, 21 Feb 2014 14:04:48 +0530 Subject: [ticket/10737] Removing unnecessary/obsolete code. PHPBB3-10737 --- phpBB/memberlist.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 748b2548c9..67e168e7bb 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1479,8 +1479,7 @@ switch ($mode) 'S_JOINED_TIME_OPTIONS' => $s_find_join_time, 'S_ACTIVE_TIME_OPTIONS' => $s_find_active_time, 'S_GROUP_SELECT' => $s_group_select, - 'S_USER_SEARCH_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=$form&field=$field"), - 'S_LIVE_SEARCH_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=livesearch", $is_amp = false)) + 'S_USER_SEARCH_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=$form&field=$field")) ); } -- cgit v1.2.1 From aa23cf64cae6710f556c8d43528d28cff6d6a775 Mon Sep 17 00:00:00 2001 From: Suhaib Khan Date: Sun, 23 Feb 2014 00:22:52 +0530 Subject: [ticket/10737] Avoid hard-coding table row and use case-insensitive search. PHPBB3-10737 --- phpBB/memberlist.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 67e168e7bb..7cea4a59d7 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -983,11 +983,12 @@ switch ($mode) case 'livesearch': $username_chars = $request->variable('q', '', true); + $username_chars = strtolower($username_chars); $sql = 'SELECT username, user_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_type', array(USER_NORMAL, USER_FOUNDER)) . ' - AND username ' . $db->sql_like_expression($username_chars . $db->any_char); + AND LOWER(username) ' . $db->sql_like_expression($username_chars . $db->any_char); $result = $db->sql_query_limit($sql, 10); $user_list = array(); -- cgit v1.2.1 From a74216527c42b9bcef876ab1df93185dc7f18889 Mon Sep 17 00:00:00 2001 From: Suhaib Khan Date: Mon, 24 Feb 2014 00:37:41 +0530 Subject: [ticket/10737] Removing obsolete code. PHPBB3-10737 --- phpBB/memberlist.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 7cea4a59d7..e6f1640691 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -992,17 +992,13 @@ switch ($mode) $result = $db->sql_query_limit($sql, 10); $user_list = array(); - $i = 1; while ($row = $db->sql_fetchrow($result)) { - $j = ($i%2)+1; $user_list[] = array("id" => $row['user_id'], "name" => $row['username']); - $i++; } - + $db->sql_freeresult($result); $json_response = new \phpbb\json_response(); - echo $json_response->send($user_list); - exit(); + $json_response->send($user_list); break; case 'group': -- cgit v1.2.1 From 6ef4e4e7907b1ab4c50b53e62b50c014813594f7 Mon Sep 17 00:00:00 2001 From: Suhaib Khan Date: Wed, 26 Feb 2014 14:43:38 +0530 Subject: [ticket/10737] Using UTF-8 aware alternatives in PHP code. PHPBB3-10737 --- phpBB/memberlist.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index e6f1640691..0b10c123a1 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -983,18 +983,18 @@ switch ($mode) case 'livesearch': $username_chars = $request->variable('q', '', true); - $username_chars = strtolower($username_chars); + $username_chars = utf8_strtolower($username_chars); $sql = 'SELECT username, user_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_type', array(USER_NORMAL, USER_FOUNDER)) . ' - AND LOWER(username) ' . $db->sql_like_expression($username_chars . $db->any_char); + AND username_clean ' . $db->sql_like_expression(utf8_clean_string($username_chars) . $db->any_char); $result = $db->sql_query_limit($sql, 10); $user_list = array(); while ($row = $db->sql_fetchrow($result)) { - $user_list[] = array("id" => $row['user_id'], "name" => $row['username']); + $user_list[] = array('id' => $row['user_id'], 'name' => $row['username']); } $db->sql_freeresult($result); $json_response = new \phpbb\json_response(); -- cgit v1.2.1 From 1a51ceeabe73423b919266027cc8e86ad47a52e1 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Tue, 8 Apr 2014 03:54:10 -0700 Subject: [ticket/10737] Clean up memberlist.php. PHPBB3-10737 --- phpBB/memberlist.php | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 0b10c123a1..3cc92b5fe0 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -980,27 +980,35 @@ switch ($mode) ); break; - + case 'livesearch': - $username_chars = $request->variable('q', '', true); - $username_chars = utf8_strtolower($username_chars); - - $sql = 'SELECT username, user_id + + $username_chars = $request->variable('username', '', true); + + $sql = 'SELECT username, user_id, user_colour FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_type', array(USER_NORMAL, USER_FOUNDER)) . ' AND username_clean ' . $db->sql_like_expression(utf8_clean_string($username_chars) . $db->any_char); $result = $db->sql_query_limit($sql, 10); - - $user_list = array(); + $user_list = array(); + while ($row = $db->sql_fetchrow($result)) - { - $user_list[] = array('id' => $row['user_id'], 'name' => $row['username']); + { + $user_list[] = array( + 'user_id' => (int) $row['user_id'], + 'username' => $row['username'], + 'result' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), + ); } $db->sql_freeresult($result); $json_response = new \phpbb\json_response(); - $json_response->send($user_list); + $json_response->send(array( + 'keyword' => $username_chars, + 'results' => $user_list, + )); + break; - + case 'group': default: // The basic memberlist @@ -1638,6 +1646,7 @@ switch ($mode) 'U_FIND_MEMBER' => ($config['load_search'] || $auth->acl_get('a_')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser' . (($start) ? "&start=$start" : '') . (!empty($params) ? '&' . implode('&', $params) : '')) : '', 'U_HIDE_FIND_MEMBER' => ($mode == 'searchuser' || ($mode == '' && $submit)) ? $u_hide_find_member : '', + 'U_LIVE_SEARCH' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=livesearch'), 'U_SORT_USERNAME' => $sort_url . '&sk=a&sd=' . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), 'U_SORT_JOINED' => $sort_url . '&sk=c&sd=' . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'), 'U_SORT_POSTS' => $sort_url . '&sk=d&sd=' . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'), -- cgit v1.2.1 From 3fec8dff2cc22bc56a6d909be6df8742ab145c6f Mon Sep 17 00:00:00 2001 From: Cesar G Date: Tue, 8 Apr 2014 05:33:24 -0700 Subject: [ticket/10737] Set the username as the input value instead of redirecting. PHPBB3-10737 --- phpBB/memberlist.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 3cc92b5fe0..4103855f43 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -996,8 +996,9 @@ switch ($mode) { $user_list[] = array( 'user_id' => (int) $row['user_id'], - 'username' => $row['username'], - 'result' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), + 'result' => $row['username'], + 'username_full' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), + 'display' => get_username_string('no_profile', $row['user_id'], $row['username'], $row['user_colour']), ); } $db->sql_freeresult($result); -- cgit v1.2.1 From 607698c8844b1f08aef1aca63cd8d981783ef92a Mon Sep 17 00:00:00 2001 From: Cesar G Date: Fri, 11 Apr 2014 19:23:31 -0700 Subject: [ticket/10737] Add config setting to disable live searches. PHPBB3-10737 --- phpBB/memberlist.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 4103855f43..acda40c8fb 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1647,7 +1647,7 @@ switch ($mode) 'U_FIND_MEMBER' => ($config['load_search'] || $auth->acl_get('a_')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser' . (($start) ? "&start=$start" : '') . (!empty($params) ? '&' . implode('&', $params) : '')) : '', 'U_HIDE_FIND_MEMBER' => ($mode == 'searchuser' || ($mode == '' && $submit)) ? $u_hide_find_member : '', - 'U_LIVE_SEARCH' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=livesearch'), + 'U_LIVE_SEARCH' => ($config['allow_live_searches']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=livesearch') : false, 'U_SORT_USERNAME' => $sort_url . '&sk=a&sd=' . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), 'U_SORT_JOINED' => $sort_url . '&sk=c&sd=' . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'), 'U_SORT_POSTS' => $sort_url . '&sk=d&sd=' . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'), -- cgit v1.2.1 From f2e74354a34561940c3203f24816af2496b95b0b Mon Sep 17 00:00:00 2001 From: Cesar G Date: Sat, 12 Apr 2014 04:26:51 -0700 Subject: [ticket/10737] Enforce allow_live_searches setting in memberlist.php. PHPBB3-10737 --- phpBB/memberlist.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'phpBB/memberlist.php') diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index acda40c8fb..3d9f4aa028 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -50,6 +50,13 @@ switch ($mode) case 'email': break; + case 'livesearch': + if (!$config['allow_live_searches']) + { + trigger_error('LIVE_SEARCHES_NOT_ALLOWED'); + } + // No break + default: // Can this user view profiles/memberlist? if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) -- cgit v1.2.1