lib.php 53.1 KB
Newer Older
Martyn Smith's avatar
Martyn Smith committed
1
2
3
4
5
<?php
/**
 *
 * @package    mahara
 * @subpackage search-internal
6
 * @author     Catalyst IT Ltd
7
8
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
Martyn Smith's avatar
Martyn Smith committed
9
10
11
12
 *
 */

defined('INTERNAL') || die();
13
require_once(get_config('docroot') . 'search/lib.php');
Martyn Smith's avatar
Martyn Smith committed
14
15

/**
16
 * The internal search plugin which searches against the
Martyn Smith's avatar
Martyn Smith committed
17
18
19
20
 * Mahara database.
 */
class PluginSearchInternal extends PluginSearch {

21
22
23
24
25
26
27
28
29
30
31
    /**
     * This function indicates whether the plugin should take the raw $query string
     * when its group_search_user function is called, or whether it should get the
     * parsed query string.
     *
     * @return boolean
     */
    public static function can_process_raw_group_search_user_queries() {
        return true;
    }

32
33
34
35
    public static function can_be_disabled() {
        return false;
    }

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
    public static function has_config() {
        return true;
    }

    public static function get_config_options() {
        return array(
            'elements'   => array(
                'exactusersearch' =>  array(
                    'title'        => get_string('exactusersearch', 'search.internal'),
                    'description'  => get_string('exactusersearchdescription', 'search.internal'),
                    'help'         => true,
                    'type'         => 'checkbox',
                    'defaultvalue' => get_config_plugin('search', 'internal', 'exactusersearch'),
                ),
            ),
        );
    }

Aaron Wells's avatar
Aaron Wells committed
54
    public static function save_config_options($values) {
55
56
57
58
59
60
61
62
63
        set_config_plugin('search', 'internal', 'exactusersearch', (int) $values['exactusersearch']);
    }

    public static function postinst($prevversion) {
        if ($prevversion == 0) {
            set_config_plugin('search', 'internal', 'exactusersearch', 1);
        }
    }

Martyn Smith's avatar
Martyn Smith committed
64
65
66
    /**
     * Implement user searching with SQL
     *
67
68
     * NOTE: user with ID zero should never be returned
     *
Martyn Smith's avatar
Martyn Smith committed
69
70
71
     * @param string  The query string
     * @param integer How many results to return
     * @param integer What result to start at (0 == first result)
72
73
     * @param data    Filters the users searched by
     *                can contain:
74
     *             'friends' => boolean     // only return $USER's friends
75
76
     *             'group' => integer, // only users in this group
     *             'owner' => boolean  // include the group ownwer (only if group is set)
77
     *             'exclude'=> int     // excludes a user
Martyn Smith's avatar
Martyn Smith committed
78
79
80
81
82
     * @return array  A data structure containing results looking like ...
     *         $results = array(
     *               count   => integer, // total number of results
     *               limit   => integer, // how many results are returned
     *               offset  => integer, // starting from which result
83
     *               data    => array(   // the result records
Martyn Smith's avatar
Martyn Smith committed
84
     *                   array(
85
86
87
88
89
90
91
     *                       id            => integer,
     *                       username      => string,
     *                       institution   => string,
     *                       firstname     => string,
     *                       lastname      => string,
     *                       preferredname => string,
     *                       email         => string,
Martyn Smith's avatar
Martyn Smith committed
92
93
     *                   ),
     *                   array(
94
95
96
97
98
99
100
     *                       id            => integer,
     *                       username      => string,
     *                       institution   => string,
     *                       firstname     => string,
     *                       lastname      => string,
     *                       preferredname => string,
     *                       email         => string,
Martyn Smith's avatar
Martyn Smith committed
101
102
103
104
105
     *                   ),
     *                   array(...),
     *               ),
     *           );
     */
106
    public static function search_user($query_string, $limit, $offset = 0, $data=array()) {
107
        global $USER;
Richard Mansfield's avatar
Richard Mansfield committed
108

109
        $data = self::prepare_search_user_options($data);
110
111
        $sql = '
            SELECT
Richard Mansfield's avatar
Richard Mansfield committed
112
113
                COUNT(u.id)
            FROM {usr} u';
114
        if (isset($data['group'])) {
115
116
117
            $groupadminsql = '';
            if (isset($data['includeadmins']) and !$data['includeadmins']) {
                $groupadminsql = " AND gm.role != 'admin'";
118
            }
119
120
121
122
            $groupjoin = '
                INNER JOIN {group_member} gm ON
                    (gm.member = u.id AND gm.group = ' . (int)$data['group'] . $groupadminsql . ")\n";
            $sql .= $groupjoin;
123
        }
124
125
126
127
128

        $where = '
            WHERE
                u.id != 0 AND u.active = 1 AND u.deleted = 0';

129
130
131
132
133
134
135
        if (!empty($data['friends'])) {
            // Only include friends in search
            $where .= ' AND u.id IN (
                SELECT usr1 FROM {usr_friend} f1 WHERE f1.usr2 = ' . $USER->get('id')
                . ' UNION SELECT usr2 FROM {usr_friend} f2 WHERE f2.usr1 = ' . $USER->get('id') . ')';
        }

136
137
138
139
140
141
142
143
        if (isset($data['institutions']) && !empty($data['institutions'])) {
            $where .= '
                AND u.id IN (
                    SELECT usr FROM {usr_institution} WHERE institution IN ('
                . join(',', array_map('db_quote', $data['institutions'])) . ')
                )';
        }

144
145
        $sql .= "
                LEFT OUTER JOIN {usr_account_preference} h ON (u.id = h.usr AND h.field = 'hiderealname')";
Richard Mansfield's avatar
Richard Mansfield committed
146

147
        list($namesql, $values) = self::name_search_sql($query_string);
Richard Mansfield's avatar
Richard Mansfield committed
148

149
        $where .= $namesql;
Richard Mansfield's avatar
Richard Mansfield committed
150
151
152
153
154
155

        if (isset($data['exclude'])) {
            $where .= '
                AND u.id != ?';
            $values[] = $data['exclude'];
        }
156

157
158
        $sql .= $where;
        $count = count_records_sql($sql, $values);
159

160
        $result = array(
Nigel McNie's avatar
Nigel McNie committed
161
162
163
            'count'   => $count,
            'limit'   => $limit,
            'offset'  => $offset,
164
            'data'    => false,
Nigel McNie's avatar
Nigel McNie committed
165
        );
166

167
168
        if ($count < 1) {
            return $result;
169
170
        }

Richard Mansfield's avatar
Richard Mansfield committed
171
172
        $sql = '
            SELECT
173
                u.id, u.username, u.firstname, u.lastname, u.preferredname, u.email, u.studentid, u.staff,
174
                u.admin, u.profileicon, u.urlid
Richard Mansfield's avatar
Richard Mansfield committed
175
            FROM {usr} u';
176

177
178
179
        if (isset($data['group'])) {
            $sql .= $groupjoin;
        }
180
181
        $sql .= "
                LEFT OUTER JOIN {usr_account_preference} h ON (u.id = h.usr AND h.field = 'hiderealname')";
182
183
184
185
186
187
188
189
190
191
192
193
194

        $sql .= $where . '
            ORDER BY ' . $data['orderby'];

        $result['data'] = get_records_sql_array($sql, $values, $offset, $limit);

        if ($result['data']) {
            foreach ($result['data'] as &$item) {
                $item = (array)$item;
            }
        }

        return $result;
195
    }
196

197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223


    /**
     * Returns a snippet of an sql WHERE clause to filter users whose (visible)
     * names match the terms in a given query string.
     */
    function name_search_sql($query_string, $usralias='u', $usrprefalias='h') {

        safe_require('artefact', 'internal');

        // Get the list of searchable profile fields from the internal artefact
        $required   = array_keys(ArtefactTypeProfile::get_always_searchable_fields());
        $optional   = array_diff(array_keys(ArtefactTypeProfile::get_searchable_fields()), $required);
        $required[] = 'username'; // Not a profile field, but used in the search query.

        // Get a list of match expressions to use in the WHERE clause
        $matches = new StdClass;
        foreach (array_merge($required, $optional) as $f) {
            $matches->{$f} = self::match_user_field_expression($f, $usralias);
        }

        $querydata = self::split_query_string(strtolower(trim($query_string)));
        $hidenameallowed = get_config('userscanhiderealnames') ? 'TRUE' : 'FALSE';
        $searchusernamesallowed = get_config('searchusernames') ? 'TRUE' : 'FALSE';

        $termsql = "$matches->preferredname
                    OR (
224
                        ($usralias.preferredname IS NULL OR $usralias.preferredname = '' OR NOT $hidenameallowed OR $usrprefalias.value != '1' OR $usrprefalias.value IS NULL)
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
                        AND ($matches->firstname OR $matches->lastname)
                    )
                    OR ($searchusernamesallowed AND $matches->username)";

        if ($optional) {
            foreach ($optional as $f) {
                $termsql .= "
                    OR {$matches->$f}";
            }
        }

        $where = '';
        $values = array();
        foreach ($querydata as $term) {
            $where .= '
                AND (
                    ' . $termsql . '
                )';
            $values = array_pad($values, count($values) + 4 + count($optional), $term);
        }

        return array($where, $values);
    }



Richard Mansfield's avatar
Richard Mansfield committed
251
252
253
254
255
256
257
    private static function match_user_field_expression($field, $alias) {
        if (get_config_plugin('search', 'internal', 'exactusersearch')) {
            return 'LOWER(' . $alias . '.' . $field . ') = ?';
        }
        return $alias . '.' . $field . ' ' . db_ilike() . " '%' || ? || '%'";
    }

258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296

    /**
     * Split a query string into search terms.
     *
     * Contents of double-quoted strings are counted as a single term,
     * '"' can be entered as '\"', '\' as '\\'.
     */
    private static function split_query_string($query) {
        $terms = array();

        // Split string on unescaped double quotes
        $quotesplit = preg_split('/(?<!\\\)(\")/', $query, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);

        $inphrase = false;

        foreach ($quotesplit as $q) {
            if ($q == '"') {
                $inphrase = !$inphrase;
                continue;
            }

            // Remove escaping
            $q = preg_replace(array('/\x5C(?!\x5C)/u', '/\x5C\x5C/u'), array('','\\'), $q);
            if ($inphrase) {
                if ($trimmed = trim($q)) {
                    $terms[] = $trimmed;
                }
            }
            else {
                // Split unquoted sequences on spaces
                foreach (preg_split('/\s+/', $q, -1, PREG_SPLIT_NO_EMPTY) as $word) {
                    $terms[] = $word;
                }
            }
        }
        return $terms;
    }


297
    private static function prepare_search_user_options($options) {
298
        global $USER;
299
        if (isset($options['group'])) {
300
301
302
303
304
305
306
307
308
309
            // This option should only be used by group admins, so just ensure that the caller is
            // using it correctly.
            $roles = $USER->get('grouproles');
            if ($USER->get('admin') || $USER->get('staff')
                || (isset($roles[$options['group']]) && $roles[$options['group']] == 'admin')) {
                $options['group'] = intval($options['group']);
            }
            else {
                unset($options['group']);
            }
310
311
312
313
314
315
316
317
318
319
        }
        if (isset($options['includeadmins'])) {
            $options['includeadmins'] = (bool)$options['includeadmins'];
        }
        if (isset($options['orderby']) && $options['orderby'] == 'lastname') {
            $options['orderby'] = 'u.lastname, u.firstname, u.id';
        }
        else {
            $options['orderby'] = 'u.firstname, u.lastname, u.id';
        }
320
321
322
        if (isset($options['exclude'])) {
            $options['exclude'] = intval($options['exclude']);
        }
323
324
325
326
327
        if (isset($options['myinstitutions'])) {
            if ($institutions = array_keys($USER->get('institutions'))) {
                $options['institutions'] = $institutions;
            }
        }
328
329
        return $options;
    }
330

331

332
333
    private static function match_expression($op, $string, &$values, $ilike) {
        switch ($op) {
334
335
        case 'starts':
            $values[] = $string;
336
            return ' ' . $ilike . ' ? || \'%\'';
337
        case 'equals':
338
339
340
            if ($string === null) {
                return ' IS NULL ';
            }
341
342
            $values[] = $string;
            return ' = ? ';
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
        case 'notequals':
            if (is_null($string)) {
                return ' IS NOT NULL ';
            }
            $values[] = $string;
            return ' <> ? ';
        case 'greaterthan':
            $values[] = $string;
            return ' > ? ';
        case 'greaterthanequal':
            $values[] = $string;
            return ' >= ? ';
        case 'lessthan':
            $values[] = $string;
            return ' < ? ';
        case 'lessthanequal':
            $values[] = $string;
            return ' <= ? ';
361
362
        case 'contains':
            $values[] = $string;
363
            return ' ' . $ilike . ' \'%\' || ? || \'%\'';
364
365
366
367
368
369
        case 'in':
            return ' IN (' . join(',', array_map('db_quote',$string)) . ')';
        }
    }


370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
    /**
     * Returns a list of search results for the admin user search interface.
     *
     * The constraints parameter takes an array of arrays, like so:
     * $params = array(
     *     array(
     *         'field' => 'institution'
     *         'string' => 'mahara'
     *         'type' => 'equals'
     *     ),
     *     ...
     * )
     *
     * Each constraint should has these three keys:
     * field: Should be a column in the usr table, or the special field "duplicateemails" (which indicates only users with a non-unique email).
     *   also, for the field "institution", a string value of "mahara" indicates users with no institution
     * string: The value to compare the contents of that field against
     * type: The operation by which to compare "field" to "string". This can be any of the operations in PluginSearchInternal::match_expression
     *   (starts, equals, notequals, greaterthan, greaterthanequal, lessthan, lessthanequal, contains, or in)
     *
     * @param string $query_string The string to search for
     * @param array $constraints A list of constraints on the search results (see above for format)
     * @param int $offset
     * @param int $limit
     * @param string $sortfield Which of the output columns to sort by
     * @param string $sortdir DESC or ASC
     */
397
    public static function admin_search_user($query_string, $constraints, $offset, $limit,
398
                                             $sortfield, $sortdir) {
399
400
401
402
403
404
405
406
407
408
        $sort = 'TRUE';
        if (preg_match('/^[a-zA-Z_0-9"]+$/', $sortfield)) {
            $sort = $sortfield;
            if (strtoupper($sortdir) != 'DESC') {
                $sort .= ' ASC';
            }
            else {
                $sort .= ' DESC';
            }
        }
409
        $where = 'WHERE u.id <> 0 AND u.deleted = 0';
410
411
        $values = array();

412
413
414
        // Get the correct keyword for case insensitive LIKE
        $ilike = db_ilike();

415
416
        // Generate the part that matches the search term
        $querydata = self::split_query_string(strtolower(trim($query_string)));
417

418
        $matches = array();
419
        foreach (array('firstname', 'lastname', 'preferredname', 'username', 'email') as $f) {
420
421
422
423
424
425
426
427
428
429
430
            $matches[] = self::match_user_field_expression($f, 'u');
        }

        $termsql = join(" OR ", $matches);

        $values = array();
        foreach ($querydata as $term) {
            $where .= '
                AND (
                    ' . $termsql . '
                )';
431
            $values = array_pad($values, count($values) + 5, $term);
432
        }
433

Richard Mansfield's avatar
Richard Mansfield committed
434
435
        if (!empty($constraints)) {
            foreach ($constraints as $f) {
436
437
438
                if ($f['field'] == 'institution') {
                    if ($f['string'] == 'mahara') {
                        $where .= ' AND u.id NOT IN (SELECT usr FROM {usr_institution})';
439
                    }
440
441
442
443
444
445
                    else {
                        $where .= '
                            AND u.id IN (
                                SELECT usr FROM {usr_institution} WHERE institution '
                            . PluginSearchInternal::match_expression($f['type'], $f['string'], $values, $ilike) . '
                            )';
446
                    }
447
448
449
450
451
452
453
454
455
456
457
458
                }
                else if ($f['field'] == 'duplicateemail') {
                    if (!empty($f['string'])) {
                        $where .= '
                            AND u.id IN (
                                SELECT owner
                                FROM {artefact}
                                WHERE id IN (' . join(',', array_map('db_quote', $f['string'])) . ')
                            )';
                    }
                    else {
                        // No duplicate email is found, return empty list
459
                        $where .= ' AND FALSE';
460
461
462
                    }
                }
                else {
463
                    $where .= ' AND u.' . $f['field']
464
                        . PluginSearchInternal::match_expression($f['type'], $f['string'], $values, $ilike);
465
                }
466
            }
467
468
        }

469
        $count = get_field_sql('SELECT COUNT(*) FROM {usr} u ' . $where, $values);
470
471

        if ($count > 0) {
472
            $data = get_records_sql_assoc('
473
                SELECT
474
                    u.id, u.firstname, u.lastname, u.preferredname, u.username, u.email, u.staff, u.profileicon,
475
476
                    u.lastlogin, u.active, NOT u.suspendedcusr IS NULL as suspended, au.instancename AS authname
                FROM {usr} u INNER JOIN {auth_instance} au ON u.authinstance = au.id ' . $where . '
477
                ORDER BY ' . $sort . ', u.id',
478
                $values,
Richard Mansfield's avatar
Richard Mansfield committed
479
480
                $offset,
                $limit);
481
482

            if ($data) {
483
                $inst = get_records_select_array('usr_institution',
484
485
486
487
488
489
490
                                                 'usr IN (' . join(',', array_keys($data)) . ')',
                                                 null, '', 'usr,institution');
                if ($inst) {
                    foreach ($inst as $i) {
                        $data[$i->usr]->institutions[] = $i->institution;
                    }
                }
491
                foreach ($data as &$item) {
492
                    $item->username = display_username($item);
493
494
                    $item = (array)$item;
                }
495
                $data = array_values($data);
496
497
498
499
500
501
502
503
            }
        }
        else {
            $data = false;
        }

        return array(
            'count'   => $count,
Richard Mansfield's avatar
Richard Mansfield committed
504
505
            'limit'   => $limit,
            'offset'  => $offset,
506
507
508
509
            'data'    => $data,
        );
    }

510

511
    public static function group_search_user($group, $query_string, $constraints, $offset, $limit, $membershiptype, $order, $friendof, $orderbyoptionidx=null) {
512
513

        list($searchsql, $values) = self::name_search_sql($query_string);
514

515
        $orderbyoptions = array(
516
517
            'adminfirst' => 'gm.role = \'admin\' DESC, gm.role = \'tutor\' DESC,
                           CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.firstname END ASC,
518
519
520
521
522
523
524
525
526
527
528
529
530
531
                           CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.lastname END ASC, gm.ctime, u.id',
            'nameatoz' => 'CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.firstname END ASC,
                           CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.lastname END ASC, gm.ctime, u.id',
            'nameztoa' => 'CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.firstname END DESC,
                           CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.lastname END DESC, gm.ctime, u.id',
            'firstjoined' => 'gm.ctime ASC, CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.firstname END ASC,
                           CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.lastname END ASC, u.id',
            'lastjoined' => 'gm.ctime DESC, CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.firstname END ASC,
                           CASE WHEN NOT u.preferredname IS NULL AND u.preferredname <> \'\' THEN u.preferredname ELSE u.lastname END ASC, u.id'
        );
        if (! key_exists($orderbyoptionidx, $orderbyoptions)) {
            $orderbyoptionidx = 'adminfirst';
        }

532
533
        if ($membershiptype == 'nonmember') {
            $select = '
534
                    u.id, u.firstname, u.lastname, u.username, u.email, u.profileicon, u.staff, u.urlid';
535
536
            $from = '
                FROM {usr} u
537
                    LEFT OUTER JOIN {usr_account_preference} h ON (u.id = h.usr AND h.field = \'hiderealname\')
538
539
540
541
                WHERE u.id > 0 AND u.deleted = 0 ' . $searchsql . '
                    AND NOT u.id IN (SELECT member FROM {group_member} gm WHERE gm.group = ?)';
            $values[] = $group;
            $orderby = 'u.firstname, u.lastname, u.id';
542
        }
543
544
        else if ($membershiptype == 'notinvited') {
            $select = '
545
                    u.id, u.firstname, u.lastname, u.username, u.email, u.profileicon, u.staff, u.urlid';
546
547
            $from = '
                FROM {usr} u
548
                    LEFT OUTER JOIN {usr_account_preference} h ON (u.id = h.usr AND h.field = \'hiderealname\')
549
550
551
552
553
554
555
556
557
558
                WHERE u.id > 0 AND u.deleted = 0 ' . $searchsql . '
                    AND NOT u.id IN (SELECT member FROM {group_member} gm WHERE gm.group = ?)
                    AND NOT u.id IN (SELECT member FROM {group_member_invite} gmi WHERE gmi.group = ?)';
            $values[] = $group;
            $values[] = $group;
            $orderby = 'u.firstname, u.lastname, u.id';
        }
        else if ($membershiptype == 'request') {
            $select = '
                    u.id, u.firstname, u.lastname, u.username, u.email, u.profileicon,
559
                    u.staff, u.urlid, ' . db_format_tsfield('gm.ctime', 'jointime');
560
561
            $from = '
                FROM {usr} u
562
                    INNER JOIN {group_member_request} gm ON (gm.member = u.id)
563
                    LEFT OUTER JOIN {usr_account_preference} h ON (u.id = h.usr AND h.field = \'hiderealname\')
564
                WHERE u.id > 0 AND u.deleted = 0 ' . $searchsql . '
565
                    AND gm.group = ?';
566
            $values[] = $group;
567
568
569
570
            if ($orderbyoptionidx == 'adminfirst') {
                $orderbyoptionidx = 'nameatoz';
            }
            $orderby = $orderbyoptions[$orderbyoptionidx];
571
572
573
574
        }
        else if ($membershiptype == 'invite') {
            $select = '
                    u.id, u.firstname, u.lastname, u.username, u.email, u.profileicon,
575
                    u.staff, u.urlid, ' . db_format_tsfield('gm.ctime', 'jointime');
576
577
            $from = '
                FROM {usr} u
578
                    INNER JOIN {group_member_invite} gm ON (gm.member = u.id)
579
                    LEFT OUTER JOIN {usr_account_preference} h ON (u.id = h.usr AND h.field = \'hiderealname\')
580
                WHERE u.id > 0 AND u.deleted = 0 ' . $searchsql . '
581
                    AND gm.group = ?';
582
            $values[] = $group;
583
            $orderby = $orderbyoptions[$orderbyoptionidx];
584
585
586
        }
        else { // All group members
            $select = '
587
                    u.id, u.firstname, u.lastname, u.username, u.preferredname, u.email, u.profileicon,
588
                    u.staff, u.urlid, ' . db_format_tsfield('gm.ctime', 'jointime') . ', gm.role';
589
590
591
            $from = '
                FROM {usr} u
                    INNER JOIN {group_member} gm ON (gm.member = u.id)
592
                    LEFT OUTER JOIN {usr_account_preference} h ON (u.id = h.usr AND h.field = \'hiderealname\')
593
594
595
                WHERE u.id > 0 AND u.deleted = 0 ' . $searchsql . '
                    AND gm.group = ?';
            $values[] = $group;
596
            $orderby = $orderbyoptions[$orderbyoptionidx];
597
598
599
            if ($order == 'latest') {
                $orderby = 'gm.ctime DESC, u.firstname, u.lastname, u.id';
            }
600
601
        }

602
        if ($order == 'random') {
603
604
605
            $orderby = db_random();
        }

606
607
608
609
610
611
612
613
        if ($friendof) {
            $from .= '
                    AND u.id IN (
                        SELECT usr1 FROM {usr_friend} WHERE usr2 = ? UNION SELECT usr2 FROM {usr_friend} WHERE usr1 = ?
                    )';
            array_push($values, $friendof, $friendof);
        }

614
        $count = get_field_sql('SELECT COUNT(*)' . $from, $values);
615
616
617

        if ($count > 0) {
            $data = get_records_sql_assoc('
618
                SELECT ' . $select . $from . ' ORDER BY ' . $orderby,
619
620
621
622
623
624
625
626
627
628
629
630
                $values,
                $offset,
                $limit);

            if ($data) {
                foreach ($data as &$item) {
                    $item = (array)$item;
                }
                $data = array_values($data);
            }
        }
        else {
631
            $data = array();
632
633
634
635
636
637
638
639
640
641
        }

        return array(
            'count'   => $count,
            'limit'   => $limit,
            'offset'  => $offset,
            'data'    => $data,
        );
    }

642
643
644

    public static function institutional_admin_search_user($query, $institution, $limit) {
        $sql = '
645
            FROM {usr} u LEFT OUTER JOIN {usr_tag} t ON (t.usr = u.id) ';
646
647
648
649
650

        $where = '
            WHERE u.id <> 0 AND u.deleted = 0 ';

        $values = array();
651
        if ($query != '') {
652
653
            $where .= 'AND (t.tag = LOWER(?) OR ';
            $values[] = $query;
654
655
656
657
658
659
660
            $query = preg_replace('/\s\s+/', ' ', $query);
            $words = explode(' ', $query);
            foreach ($words as &$word) {
                $values[] = $word;
                $values[] = $word;
                $word = 'u.firstname ' . db_ilike() . ' \'%\' || ? || \'%\' OR u.lastname ' . db_ilike() . ' \'%\' || ? || \'%\'';
            }
661
            $where .= join(' OR ', $words) . ') ';
662
663
        }

664
        $studentid = '';
665
666
667
668
669
670
        if (!is_null($institution->member)) {
            $sql .= '
                LEFT OUTER JOIN {usr_institution} member ON (member.usr = u.id
                    AND member.institution = ' . db_quote($institution->name) . ')';
            $where .= '
                AND ' . ($institution->member ? ' NOT ' : '') . ' member.usr IS NULL';
671
            $studentid = ', member.studentid';
672
        }
673
        if (!is_null($institution->requested) || !is_null($institution->invitedby)) {
674
675
676
677
678
679
680
681
682
            $sql .= '
                LEFT OUTER JOIN {usr_institution_request} req ON (req.usr = u.id
                    AND req.institution = ' . db_quote($institution->name) . ')';
            if (!is_null($institution->requested)) {
                if ($institution->requested == 1) {
                    $where .= ' AND req.confirmedusr = 1';
                } else {
                    $where .= ' AND (req.confirmedusr = 0 OR req.confirmedusr IS NULL)';
                }
683
                $studentid = ', req.studentid';
684
            }
685
            if (!is_null($institution->invitedby)) {
686
                if ($institution->invitedby == 1) {
687
688
689
690
691
692
                    $where .= ' AND req.confirmedinstitution = 1';
                } else {
                    $where .= ' AND (req.confirmedinstitution = 0 OR req.confirmedinstitution IS NULL)';
                }
            }
        }
693
694
695
696
        if (!is_null($institution->lastinstitution)) {
            $where .= " AND t.tag = ?";
            $values[] = 'lastinstitution:' . $institution->lastinstitution;
        }
697
698
699
700
701

        $count = get_field_sql('SELECT COUNT(*) ' . $sql . $where, $values);

        if ($count > 0) {
            $data = get_records_sql_array('
702
703
                SELECT
                    u.id, u.firstname, u.lastname, u.username, u.preferredname,
704
                    u.admin, u.staff' . $studentid . $sql . $where . '
705
                GROUP BY u.id, u.firstname, u.lastname, u.username, u.preferredname, u.admin, u.staff' . $studentid . '
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
                ORDER BY u.firstname ASC',
                $values,
                0,
                $limit);
            foreach ($data as &$item) {
                $item = (array)$item;
            }
        }
        else {
            $data = false;
        }

        return array(
            'count'   => $count,
            'limit'   => $limit,
            'offset'  => 0,
            'data'    => $data,
        );
    }





730
731
732
733
734
735
    /**
     * Implement group searching with SQL
     *
     * @param string  The query string
     * @param integer How many results to return
     * @param integer What result to start at (0 == first result)
736
     * @param string  Which groups to search (all, member, notmember)
737
738
739
740
741
742
743
     * @return array  A data structure containing results looking like ...
     *         $results = array(
     *               count   => integer, // total number of results
     *               limit   => integer, // how many results are returned
     *               offset  => integer, // starting from which result
     *               data    => array(   // the result records
     *                   array(
Nigel McNie's avatar
Nigel McNie committed
744
     *                       id            => integer,
745
746
747
748
749
750
     *                       name          => string,
     *                       description   => string,
     *                       jointype      => string,
     *                       owner         => string,
     *                       ctime         => string,
     *                       mtime         => string,
Nigel McNie's avatar
Nigel McNie committed
751
752
753
     *                   ),
     *                   array(
     *                       id            => integer,
754
755
756
757
758
759
     *                       name          => string,
     *                       description   => string,
     *                       jointype      => string,
     *                       owner         => string,
     *                       ctime         => string,
     *                       mtime         => string,
Nigel McNie's avatar
Nigel McNie committed
760
761
762
763
764
     *                   ),
     *                   array(...),
     *               ),
     *           );
     */
765
    public static function search_group($query_string, $limit, $offset=0, $type='member', $category='') {
766
        global $USER;
767
768
        $data = array();

769
770
        $sql = "
            FROM
771
                {group}
772
            WHERE (
773
774
                name " . db_ilike() . " '%' || ? || '%'
                OR description " . db_ilike() . " '%' || ? || '%'
775
776
777
            ) AND deleted = 0 ";
        $values = array($query_string, $query_string);

778
779
780
781
        if (!$grouproles = join(',', array_keys($USER->get('grouproles')))) {
            $grouproles = '-1';
        }

782
783
        $canseehidden = $USER->get('admin') || $USER->get('staff');

784
        if ($type == 'member') {
785
            $sql .=  'AND id IN (' . $grouproles . ')';
786
        }
787
        else if ($type == 'notmember') {
788
            $sql .= 'AND id NOT IN (' . $grouproles . ')';
789
        }
790
        else if ($type == 'canjoin') {
791
792
            $sql .= 'AND (jointype != ? AND NOT (jointype = ? AND request = 0)) AND id NOT IN (' . $grouproles . ')';
            $values = array_merge($values, array('controlled', 'approve'));
793
794
795
        }

        if (!$canseehidden) {
796
797
798
            $sql .= ' AND (hidden = 0 OR id IN (' . $grouproles . '))';
        }

799
        if (!empty($category)) {
Dan Marsden's avatar
Dan Marsden committed
800
            if ($category == -1) { //find unassigned groups
801
                $sql .= " AND category IS NULL";
Dan Marsden's avatar
Dan Marsden committed
802
            } else {
803
804
                $sql .= ' AND category = ?';
                $values[] = $category;
Dan Marsden's avatar
Dan Marsden committed
805
            }
806
        }
807

808
809
810
        $count = get_field_sql('SELECT COUNT(*) '.$sql, $values);

        if ($count > 0) {
811
            $sql = 'SELECT id, name, description, grouptype, jointype, request, public, ctime, mtime, category, urlid ' . $sql . ' ORDER BY name';
812
            $data = get_records_sql_array($sql, $values, $offset, $limit);
813
        }
Martyn Smith's avatar
Martyn Smith committed
814
815
816
817
818

        return array(
            'count'   => $count,
            'limit'   => $limit,
            'offset'  => $offset,
819
            'data'    => $data,
Martyn Smith's avatar
Martyn Smith committed
820
821
        );
    }
Martyn Smith's avatar
Martyn Smith committed
822
823
824
825
826
827
828
829
830
831
832

    /**
     * Given a query string and limits, return an array of matching objects
     * owned by the current user.  Possible return types are ...
     *   - artefact
     *   - view
     *
     * Implementations of this search should search across tags for artefacts
     * and views at a minimum. Ideally the search would also index
     * title/description and other metadata for these objects.
     *
833
834
835
     * NOTE: This implementation of internal search only does artefacts, and
     * badly at that. See the bug tracker for more information.
     *
Martyn Smith's avatar
Martyn Smith committed
836
837
838
839
     * @param string  The query string
     * @param integer How many results to return
     * @param integer What result to start at (0 == first result)
     * @param string  Type to search for (either 'all' or one of the types above).
840
     *
Martyn Smith's avatar
Martyn Smith committed
841
     */
842
843
    public static function self_search($querystring, $limit, $offset, $type = 'all') {
        global $USER;
844
845
846
847
        if (trim($querystring) == '') {
            return false;
        }

848
849
850
851
852
        // Tokenise the search
        $querydata = self::search_parse_query($querystring);

        $sql = "
            SELECT
853
                a.id, a.artefacttype, a.title, a.description
854
            FROM
855
                {artefact} a
856
            LEFT JOIN {artefact_tag} at ON (at.artefact = a.id)
857
            WHERE
858
859
860
861
862
863
                a.owner = ?
            AND (
                ($querydata[0])
                OR
                (LOWER(at.tag) = ?)
            )";
864
865
866
867
        $count_sql = "
            SELECT
                COUNT(*)
            FROM
868
                {artefact} a
869
            LEFT JOIN {artefact_tag} at ON (at.artefact = a.id)
870
            WHERE
871
872
873
874
875
876
                a.owner = ?
            AND (
                ($querydata[0])
                OR
                (LOWER(at.tag) = ?)
            )";
877
        array_unshift($querydata[1], $USER->get('id'));
878
        array_push($querydata[1], strtolower($querystring));
879

880
881
882
883
884
885
886
        $results = array(
            'data'   => get_records_sql_array($sql, $querydata[1], $offset, $limit),
            'offset' => $offset,
            'limit'  => $limit,
            'count'  => get_field_sql($count_sql, $querydata[1])
        );

887
        if ($results['data']) {
888
            require_once(get_config('docroot') . 'artefact/lib.php');
889
890
891
892
893
894
            foreach ($results['data'] as &$result) {
                $newresult = array();
                foreach ($result as $key => &$value) {
                    if ($key == 'id' || $key == 'artefacttype' || $key == 'title' || $key == 'description') {
                        $newresult[$key] = $value;
                    }
895
                }
896
                $newresult['type'] = 'artefact';
897
898
899
900
901

                $artefact = artefact_instance_from_id($newresult['id']);
                $artefactplugin = $artefact->get_plugin_name();
                if ($artefactplugin == 'internal' && in_array($artefact->get('artefacttype'), PluginArtefactInternal::get_profile_artefact_types())) {
                    // Profile artefact
902
                    $newresult['summary'] = $newresult['title'];
903
                    $newresult['title'] = get_string($artefact->get('artefacttype'), 'artefact.' . $artefactplugin);
904
905
906
907
                }
                else {
                    $newresult['summary'] = $newresult['description'];
                }
908
                $newresult['summary'] = clean_html($newresult['summary']);
909
                $result = $newresult;
910
            }
911
912

            self::self_search_make_links($results);
913
914
915
916
917
918
        }

        return $results;
    }


919
920
921
922
923
924
925
926
    /**
     * Returns portfolio items (artefacts, views) owned by $owner and tagged
     * with $tag.
     *
     * @param string   $tag Tag
     * @param object   $owner: owner type (user,group,institution), and id
     * @param integer  $limit
     * @param integer  $offset
927
     * @param string   $sort
928
     * @param array    $types view/artefacttype filters
929
     * @param boolean  $returntags Return all the tags that have been attached to each result
930
     */
931
    public static function portfolio_search_by_tag($tag, $owner, $limit, $offset, $sort, $types, $returntags) {
932
        $viewfilter = is_null($types) || $types['view'] == true ? 'AND TRUE' : 'AND FALSE';
933
        $collectionfilter = is_null($types) || $types['collection'] == true ? 'AND TRUE' : 'AND FALSE';
934

935
936
937
938
939
940
941
942
943
944
        if (is_null($types)) {
            $artefacttypefilter = '';
        }
        else if (!empty($types['artefact'])) {
            $artefacttypefilter = ' AND a.artefacttype IN (' . join(',', array_map('db_quote', $types['artefact'])) . ')';
        }
        else {
            $artefacttypefilter = ' AND FALSE';
        }

945
946
947
        if (!is_null($tag)) {
            $artefacttypefilter .= ' AND at.tag = ?';
            $viewfilter .= ' AND vt.tag = ?';
948
949
            $collectionfilter .= ' AND ct.tag = ?';
            $values = array($owner->id, $tag, $owner->id, $tag, $owner->id, $tag);
950
951
        }
        else {
952
            $values = array($owner->id, $owner->id, $owner->id);
953
954
        }

955
956
        $from = "
        FROM (
957
958
           (SELECT a.id, a.title, a.description, 'artefact' AS type, a.artefacttype, " . db_format_tsfield('a.ctime', 'ctime') . ",
                a.owner, a.group, a.institution, NULL AS urlid
959
            FROM {artefact} a JOIN {artefact_tag} at ON (a.id = at.artefact)
960
            WHERE a.owner = ?" . $artefacttypefilter . ")
961
           UNION
962
963
           (SELECT v.id, v.title, v.description, 'view' AS type, NULL AS artefacttype, " . db_format_tsfield('v.ctime', 'ctime') . ",
                v.owner, v.group, v.institution, v.urlid
964
965
            FROM {view} v JOIN {view_tag} vt ON (v.id = vt.view)
            WHERE v.owner = ? " . $viewfilter . ")
966
967
968
969
970
           UNION
           (SELECT c.id, c.name, c.description, 'collection' AS type, NULL AS artefacttype, " . db_format_tsfield('c.ctime', 'ctime') . ",
                c.owner, c.group, c.institution, NULL AS urlid
            FROM {collection} c JOIN {collection_tag} ct ON (c.id = ct.collection)
            WHERE c.owner = ? " . $collectionfilter . ")
971
972
973
974
975
976
977
        ) p";

        $result = (object) array(
            'tag'    => $tag,
            'owner'  => $owner,
            'offset' => $offset,
            'limit'  => $limit,
978
            'sort'   => $sort,
979
980
981
982
983
984
            'count'  => 0,
            'data'   => array(),
        );

        if ($count = count_records_sql('SELECT COUNT(*) ' . $from, $values, $offset, $limit)) {
            $result->count = $count;
985
            $sort = $sort == 'date' ? 'ctime DESC' : 'title ASC';
986
            if ($data = get_records_sql_assoc("SELECT type || ':' || id AS tid, p.* " . $from . ' ORDER BY ' . $sort, $values, $offset, $limit)) {
987
                if ($returntags) {
988
                    $ids = array('view' => array(), 'collection' => array(), 'artefact' => array());
989
990
991
992
993
994
995
996
997
998
                    foreach ($data as &$d) {
                        $ids[$d->type][$d->id] = 1;
                    }
                    if (!empty($ids['view'])) {
                        if ($viewtags = get_records_select_array('view_tag', 'view IN (' . join(',', array_keys($ids['view'])) . ')')) {
                            foreach ($viewtags as &$vt) {
                                $data['view:' . $vt->view]->tags[] = $vt->tag;
                            }
                        }
                    }
999
1000
1001
1002
1003
1004
1005
                    if (!empty($ids['collection'])) {
                        if ($collectiontags = get_records_select_array('collection_tag', 'collection IN (' . join(',', array_keys($ids['collection'])) . ')')) {
                            foreach ($collectiontags as &$ct) {
                                $data['collection:' . $ct->collection]->tags[] = $ct->tag;
                            }
                        }
                    }
1006
                    if (!empty($ids['artefact'])) {
1007
                        if ($artefacttags = get_records_select_array('artefact_tag', 'artefact IN (' . join(',', array_keys($ids['artefact'])) . ')', NULL, 'tag')) {
1008
1009
1010
1011
1012
1013
                            foreach ($artefacttags as &$at) {
                                $data['artefact:' . $at->artefact]->tags[] = $at->tag;
                            }
                        }
                    }
                }
1014
1015
1016
1017
1018
1019
1020
                $result->data = $data;
            }
        }
        return $result;
    }


1021
    /**
1022
     * Parses a query string into SQL fragments for searching. Supports
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
     * phrases, AND/OR etc.
     *
     * Lifted from drupal 5.1, (C) 2007 Drupal
     *
     * This function comes from Drupal's search module, with some small changes.
     */
    private static function search_parse_query($text) {
        $keys = array('positive' => array(), 'negative' => array());

        // Tokenize query string
        preg_match_all('/ (-?)("[^"]+"|[^" ]+)/i', ' '. $text, $matches, PREG_SET_ORDER);

        if (count($matches) < 1) {
          return NULL;
        }

        // Classify tokens
        $or = FALSE;
        foreach ($matches as $match) {
          $phrase = FALSE;
          // Strip off phrase quotes
          if ($match[2]{0} == '"') {
            $match[2] = substr($match[2], 1, -1);
            $phrase = TRUE;
          }
          // Simplify keyword according to indexing rules and external preprocessors
          $words = self::search_simplify($match[2]);
          // Re-explode in case simplification added more words, except when matching a phrase
          $words = $phrase ? array($words) : preg_split('/ /', $words, -1, PREG_SPLIT_NO_EMPTY);
          // Negative matches
          if ($match[1] == '-') {
            $keys['negative'] = array_merge($keys['negative'], $words);
          }
          // OR operator: instead of a single keyword, we store an array of all
          // OR'd keywords.
          elseif ($match[2] == 'OR' && count($keys['positive'])) {
            $last = array_pop($keys['positive']);
            // Starting a new OR?
            if (!is_array($last)) {
              $last = array($last);
            }
            $keys['positive'][] = $last;
            $or = TRUE;
            continue;
          }
          // Plain keyword
          else {
            if ($or) {
              // Add to last element (which is an array)
              $keys['positive'][count($keys['positive']) - 1] = array_merge($keys['positive'][count($keys['positive']) - 1], $words);
            }
            else {
              $keys['positive'] = array_merge($keys['positive'], $words);
            }
          }
          $or = FALSE;
        }

        // Convert keywords into SQL statements.
        $query = array();
        //$query2 = array();
        $arguments = array();
        $arguments2 = array();
1086
        //$matches = 0;
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
        // Positive matches
        foreach ($keys['positive'] as $key) {
          // Group of ORed terms
          if (is_array($key) && count($key)) {
            $queryor = array();
            $any = FALSE;
            foreach ($key as $or) {
              list($q, $count) = self::_search_parse_query($or, $arguments2);
              $any |= $count;
              if ($q) {
                $queryor[] = $q;
                $arguments[] = $or;
                $arguments[] = $or;
              }
            }

            if (count($queryor)) {
              $query[] = '('. implode(' OR ', $queryor) .')';
              // A group of OR keywords only needs to match once
              //$matches += ($any > 0);
            }
          }
          // Single ANDed term
          else {
            list($q, $count) = self::_search_parse_query($key, $arguments2);
            if ($q) {
              $query[] = $q;
              $arguments[] = $key;
              $arguments[] = $key;
              // Each AND keyword needs to match at least once
              //$matches += $count;
            }
          }
        }
        // Negative matches
        foreach ($keys['negative'] as $key) {
          list($q) = self::_search_parse_query($key, $arguments2, TRUE);
          if ($q) {
            $query[] = $q;
            $arguments[] = $key;
            $arguments[] = $key;
          }
        }
        $query = implode(' AND ', $query);

        // Build word-index conditions for the first pass
        //$query2 = substr(str_repeat("i.word = '%s' OR ", count($arguments2)), 0, -4);

        return array($query, $arguments, /*$query2, $arguments2, $matches*/);
Martyn Smith's avatar
Martyn Smith committed
1136
    }
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157

    /**
     * Helper function for search_parse_query();
     */
    private static function _search_parse_query(&$word, &$scores, $not = FALSE) {
      $count = 0;
      // Determine the scorewords of this word/phrase
      if (!$not) {
        $split = explode(' ', $word);
        foreach ($split as $s) {
          $num = is_numeric($s);
          if ($num || strlen($s) >= /*variable_get('minimum_word_size', 3)*/3) {
            $s = $num ? ((int)ltrim($s, '-0')) : $s;
            if (!isset($scores[$s])) {
              $scores[$s] = $s;
              $count++;
            }
          }
        }
      }
      // Return matching snippet and number of added words
1158
      return array("a.title ". ($not ? 'NOT ' : '') . db_ilike() . " '%' || ? || '%'" . ($not ? ' AND ' : ' OR ') . 'a.description ' . ($not ? 'NOT ' : '') . db_ilike() . " '%' || ? || '%'", $count);
1159
1160
1161
1162
1163
1164
1165
1166
    }

    /**
     * Simplifies a string according to indexing rules.
     */
    private static function search_simplify($text) {
      // Decode entities to UTF-8
      $text = self::decode_entities($text);
1167

1168
1169
      // Lowercase
      $text = strtolower($text);
1170

1171
1172
      // Call an external processor for word handling.
      //search_preprocess($text);
1173

1174
1175
1176
1177
      // Simple CJK handling
      //if (variable_get('overlap_cjk', TRUE)) {
      //  $text = preg_replace_callback('/['. PREG_CLASS_CJK .']+/u', 'search_expand_cjk', $text);
      //}
1178

1179
1180
1181
1182
1183
1184
1185
      // To improve searching for numerical data such as dates, IP addresses
      // or version numbers, we consider a group of numerical characters
      // separated only by punctuation characters to be one piece.
      // This also means that searching for e.g. '20/03/1984' also returns
      // results with '20-03-1984' in them.
      // Readable regexp: ([number]+)[punctuation]+(?=[number])
      $text = preg_replace('/(['. PREG_CLASS_NUMBERS .']+)['. PREG_CLASS_PUNCTUATION .']+(?=['. PREG_CLASS_NUMBERS .'])/u', '\1', $text);
1186

1187
1188
1189
      // The dot, underscore and dash are simply removed. This allows meaningful
      // search behaviour with acronyms and URLs.
      $text = preg_replace('/[._-]+/', '', $text);
1190

1191
1192
1193
      // With the exception of the rules above, we consider all punctuation,
      // marks, spacers, etc, to be a word boundary.
      $text = preg_replace('/['. PREG_CLASS_SEARCH_EXCLUDE . ']+/u', ' ', $text);
1194

1195
1196
1197
1198
1199
1200
1201
1202
1203
      return $text;
    }

    /**
     * Decode all HTML entities (including numerical ones) to regular UTF-8 bytes.
     * Double-escaped entities will only be decoded once ("&amp;lt;" becomes "&lt;", not "<").
     *
     * @param $text
     *   The text to decode entities in.
1204
     * @param $exclude
1205
1206
1207
1208
1209
1210
     *   An array of characters which should not be decoded. For example,
     *   array('<', '&', '"'). This affects both named and numerical entities.
     */
    function decode_entities($text, $exclude = array()) {
      static $table;
      // We store named entities in a table for quick processing.
1211
1212
      if (!isset($table)) {
        // Get all named HTML entities.
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
        $table = array_flip(get_html_translation_table(HTML_ENTITIES));
        // PHP gives us ISO-8859-1 data, we need UTF-8.
        $table = array_map('utf8_encode', $table);
        // Add apostrophe (XML)
        $table['&apos;'] = "'";
      }
      $newtable = array_diff($table, $exclude);

      // Use a regexp to select all entities in one pass, to avoid decoding double-escaped entities twice.
      return preg_replace('/&(#x?)?([A-Za-z0-9]+);/e', '_decode_entities("$1", "$2", "$0", $newtable, $exclude)', $text);
    }

    /**
     * Helper function for decode_entities
     */
    function _decode_entities($prefix, $codepoint, $original, &$table, &$exclude) {
      // Named entity
      if (!$prefix) {
        if (isset($table[$original])) {
          return $table[$original];
        }
        else {
          return $original;
1236
1237
        }
      }
1238
1239
1240
      // Hexadecimal numerical entity
      if ($prefix == '#x') {
        $codepoint = base_convert($codepoint, 16, 10);
1241
      }
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
      // Decimal numerical entity (strip leading zeros to avoid PHP octal notation)
      else {
        $codepoint = preg_replace('/^0+/', '', $codepoint);
      }
      // Encode codepoint as UTF-8 bytes
      if ($codepoint < 0x80) {
        $str = chr($codepoint);
      }
      else if ($codepoint < 0x800) {
        $str = chr(0xC0 | ($codepoint >> 6))
             . chr(0x80 | ($codepoint & 0x3F));
      }
      else if ($codepoint < 0x10000) {
        $str = chr(0xE0 | ( $codepoint >> 12))
             . chr(0x80 | (($codepoint >> 6) & 0x3F))
             . chr(0x80 | ( $codepoint       & 0x3F));
      }
      else if ($codepoint < 0x200000) {
        $str = chr(0xF0 | ( $codepoint >> 18))
             . chr(0x80 | (($codepoint >> 12) & 0x3F))
             . chr(0x80 | (($codepoint >> 6)  & 0x3F))
             . chr(0x80 | ( $codepoint        & 0x3F));
      }
      // Check for excluded characters
      if (in_array($str, $exclude)) {
        return $original;
      }
1269
      else {
1270
1271
1272
1273
        return $str;
      }
    }

Martyn Smith's avatar
Martyn Smith committed
1274
1275
}

1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290