search.php

本代码是为客户联系管理而做的系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: search.php,v $
// | $Date: 2004/02/10 01:34:32 $
// | $Revision: 1.41 $
// +-------------------------------------------------------------+
// | File Details:
// | - User search page.
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

include "./../global.php";

tech_nav('users');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "simple";
}

if ($_REQUEST[variables]) {
	$_REQUEST = array_merge(unserialize($_REQUEST[variables]), $_REQUEST);
}

$perpage = 40;

############################################# BASIC SEARCH ############################################# 

if ($_REQUEST['do'] == "simple" OR $_REQUEST['do'] == "dosimple") {	
	$table[] = table_midheader('Option 1 : Simple Username / Email Search');

	$table[] = array(table_thelp('<b>Username / Email</b>', 'Users', 'Search: Username / Email'),
		form_input('text', $_REQUEST[text], 20) . '&nbsp;&nbsp;' .
		form_select('field', array('email' => 'email', 'username' => 'username'), NULL, $_REQUEST['field']));

	$table[] = table_midheader('Option 2 : Starting Letter Search');

	$db->query("SELECT name, display_name, formtype FROM user_def WHERE
		tech_viewable ORDER BY displayorder");
	
	while ($result = $db->row_array()) {
	
		if ($result[formtype] == 'input' OR $result[formtype] == 'textarea') {
			$display_name = unserialize($result[display_name]);
			$display_name = $display_name[$settings[default_language]];
			$array_fields[$result[name]] = $display_name;
		}
	}

	$array_fields = array_merge(array('id' => 'id', 'email' => 'email', 'username' => 'username'), $array_fields);

	// build form
	$table[] = array(table_thelp('<b>Field to Match</b>', 'Users', 'Search: Field to Match'), form_select('field2', $array_fields, '', $_REQUEST['field2']));
	
	// alpha bar
	$array = array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
		'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
		'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'special');
	
	// build the bar
	$tmp .= "<table><tr>";
	$i=0;
	foreach ($array AS $val) {
		if ($i > 17) {
			$tmp .= "</tr><tr>";
			$i = 0;
		}
		if (@in_array($val, $_REQUEST[alpha])) {
			$selected = ' checked=checked';
		} else {
			unset($selected);
		}
		$tmp .= "<td align=\"center\"><b>$val</b><br /><input type=\"checkbox\" name=\"alpha[$val]\" value=\"$val\"$selected></td>";
		$i++;
	}
	$tmp .= "</tr></table>";

	$table[] = array(table_thelp('<b>Match Starting Letter</b>', 'Users', 'Search: Match Starting Letter'), $tmp);
	unset($tmp);

	// some standard fields for 1st time user
	if (!is_array($_REQUEST[submit_fields])) {
		$_REQUEST[submit_fields] = array('username', 'email');
	}
	
	// build the html for which fields to choose
	$tmp = "<table><tr>";
	$i = 0;
	while (list ($key, $var) = each ($array_fields)) {
		if ($i > 3) {
			$tmp .= "</tr><tr>";
			$i=0;
		}
		$tmp .= "<td><b>$var</b>:</td><td><input type=\"checkbox\" 
			name=\"submit_fields[]\" value=\"$key\"" . iff(@in_array($key,
			$_REQUEST[submit_fields]), 'checked=\"checked\"', '') . "></td>";
		$i++;
	}

	$tmp .= "</tr></table>";

	$table[] = array(table_thelp('<b>Fields to Display</b>', 'Users', 'Search: Fields to Display'), $tmp);

	$searchtable = $table;

	if ($_REQUEST['do'] != 'dosimple') {
		table_header('User Search', 'search.php', array('do' => 'dosimple'));
		table_content('', $searchtable);
		table_footer('Search');
		$shown = 1;
	}

	unset($table);
}

############################################# SEARCH RESULTS ############################################# 

if ($_REQUEST['do'] == "dosimple") {

	$db->query("SELECT name, display_name FROM user_def WHERE tech_viewable ORDER BY displayorder");
	while ($result = $db->row_array()) {
		$allowed_fields[] = $result[name];
		$data[$result[name]] = $result;
	}

	$allowed_fields[] = 'id';
	$allowed_fields[] = 'username';
	$allowed_fields[] = 'email';

	// start building query
	$query = "SELECT id";
	
	if (!is_array($_REQUEST[submit_fields])) {
		$_REQUEST[submit_fields] = array('id');
	}
	
	// get the data back (only bit they are allowed to view) and build query.
	foreach ($_REQUEST[submit_fields] AS $key => $val) {
		if (in_array($val, $allowed_fields)) {
			$query .= ", $val";
			if ($val == 'username') {
				$cols[] = 'Username';
			} elseif ($val == 'email') {
				$cols[] = 'Email';
			} elseif ($val == 'id') {
				$cols[] = 'User ID';
			} else {
				$cols_tmp = unserialize($data[$val]['display_name']);
				$cols[] = $cols_tmp[$settings[default_language]];
			}
			$col_vals[] = $val;
		}
	}

	$col_vals[] = 'tickets';
	$col_vals[] = 'edit';
	$col_vals[] = 'delete';
	
	// add from statement
	$query .= " FROM user ";

	//////////////////// SIMPLE SEARCH ////////////////////

	if (trim($_REQUEST[text]) != '') {
		if ((int)$_REQUEST['text']) {
			$query .= " WHERE id = '$_REQUEST[text]'";
		} elseif ($_REQUEST[field] == 'username') {
			$query .= " WHERE username LIKE '%" . mysql_escape_string(addslashes_like($_REQUEST[text])) . "%'";
		} elseif ($_REQUEST[field] == 'email') {
			$query .= " WHERE email LIKE '%" . mysql_escape_string(addslashes_like($_REQUEST[text])) . "%'";
		} else {
			$query .= " WHERE username LIKE '%" . mysql_escape_string(addslashes_like($_REQUEST[text])) . "%' OR email LIKE '%" . mysql_escape_string(addslashes_like($_REQUEST[text])) . "%'";
		}
		$y = 1;
		 
	}

	//////////////////// ALPHANUMERIC SEARCH ////////////////////

	if (is_array($_REQUEST[alpha]) AND in_array($_REQUEST[field2], $allowed_fields)) {

		foreach ($_REQUEST[alpha] AS $key => $var) {
			if ($var == 'special') {
				$term = "$_REQUEST[field2] NOT REGEXP '^[a-z0-9]'";
			} else {
				$term = "$_REQUEST[field2] LIKE '" .mysql_escape_string(addslashes_like($var)) . "%'";
			}
			if ($z) {
				$query .= " OR $term ";
			} elseif ($y) {
				$query .= " AND ($term ";
				$z = 1;
			} else {
				$query .= " WHERE ($term ";
				$z = 1;
			}
		}

		$query .= ')';
		
	}	

	//////////////////// LIMIT  ////////////////////

	if ($_REQUEST['page']) {
		$page = $_REQUEST['page'];
	} else {
		$page = 1;
	}

	$start = $perpage * $page;
	$start = $start - $perpage;

	$limit = " LIMIT $start, $perpage";

	//////////////////// RUN QUERY & LOOP ////////////////////

	$db->query($query);
	$total = $db->num_rows();
	while ($result = $db->row_array()) {
		if (((!$_REQUEST['field'] OR ($_REQUEST['field'] == 'username')) AND (strtolower(trim($result['username'])) == strtolower(trim($_REQUEST['text']))) AND ($_REQUEST['text'])) OR
			((!$_REQUEST['field'] OR ($_REQUEST['field'] == 'email')) AND (strtolower(trim($result['email'])) == strtolower(trim($_REQUEST['text']))) AND ($_REQUEST['text'])) OR 
			($_REQUEST['text'] == $result['id'])) {

			jump("view.php?id=$result[id]", 'Exact match found, viewing...');
			exit;
		}
	}

	table_header('User Search', 'search.php', array('do' => 'dosimple'));
	table_content('', $searchtable);
	table_footer('Search');

	$db->query($query . $limit);

	while ($result = $db->row_array()) {
		foreach ($col_vals AS $key => $val) {

			// field types
			if ($val == 'edit') {
				$table[$i][] = "<center><a href=\"view.php?id=$result[id]\">Edit</a></center>";
			} elseif ($val == 'delete') {
				if ($user['p_delete_users']) {
					$table[$i][] = jprompt('Do you want to delete this user? This will permanently delete ALL tickets and billing information for this user!', "actions.php?do=delete&id=$result[id]", '<center>Delete</center>');
				}
			} elseif ($val == 'tickets') {
				$table[$i][] = "<center><a href=\"view.php?id=$result[id]\">Tickets</a></center>";
			} else {
				$table[$i][] = $result[$val];
			}
		}
		$i++;
	}

	$cols[] = "Tickets";
	$cols[] = "Edit";
	if ($user['p_delete_users']) {
		$cols[] = "Delete";
	}

	if (!$shown) {
		table_header('The following users matched your criteria' . iff(($total == 1), " ($total user)", " ($total users)"));
		table_content($cols, $table);
		table_footer();
	}

	//////////////////// PAGENAV ////////////////////

	if ($total) {
		$variables = serialize($_REQUEST);
		echo "<form action=\"search.php\" method=\"post\" name=\"frm\">";
		echo form_hidden('variables', $variables) . form_hidden('do', 'dosimple');
		echo pagenav($total, $perpage, $page, '', 'frm', 'select', 'page');
		echo "<span id=\"hiddenbit\"></span></form>";
	}
}