--- fenglin/bbs/search_user.php	2025/03/27 12:29:03	1.11
+++ fenglin/bbs/search_user.php	2025/04/18 05:12:24	1.24
@@ -1,274 +1,157 @@
 <?
+	require_once "../lib/db_open.inc.php";
 	require_once "./session_init.inc.php";
 	require_once "./user_level.inc.php";
-?>
-<?
-$page_max_record=20;
+	require_once "./theme.inc.php";
 
-if (isset($_GET["page"]))
-	$page=intval($_GET["page"]);
-else
-	$page=1;
-if ($page<1)
-	$page=1;
-
-if (isset($_GET["type"]))
-	$type=intval($_GET["type"]);
-else
-	$type=2;
-
-if (isset($_GET["online"]))
-	$online=($_GET["online"]=="on");
-else
-	$online=0;
-
-if (isset($_GET["friend"]))
-	$friend=($_GET["friend"]=="on");
-else
-	$friend=0;
-
-if (isset($_GET["search_text"]))
-	$search_text=trim($_GET["search_text"]);
-else
-	$search_text="";
-$search_author=addslashes(stripslashes($search_text));
-
-$db_conn=include "./db_open.inc.php";
-
-$rs=mysql_query("select user_online.SID from user_online WHERE UID = 0".
-	($online ? " AND TIMESTAMPDIFF(SECOND, last_tm, NOW()) <= $BBS_user_off_line" : ""))
-	or die("Count guest error!");
-$guest_count=mysql_num_rows($rs);
-mysql_free_result($rs);
-
-$rs=mysql_query("select user_online.SID from user_online WHERE UID <> 0".
-	($online ? " AND TIMESTAMPDIFF(SECOND, last_tm, NOW()) <= $BBS_user_off_line" : ""))
-	or die("Count user error!");
-$user_count=mysql_num_rows($rs);
-mysql_free_result($rs);
-
-$rs=mysql_query("select count(user_list.UID) as rec_count from user_list".
-	($online?" inner join user_online on user_list.UID=user_online.UID":"").
-	($friend?" inner join friend_list on user_list.UID=friend_list.fUID":"").
-	" inner join user_pubinfo on user_list.UID=user_pubinfo.UID where".
-	" user_list.enable and ".($type==1?"user_pubinfo.nickname":"user_list.username").
-	" like '%$search_author%'".
-	($online ? " AND TIMESTAMPDIFF(SECOND, last_tm, NOW()) <= $BBS_user_off_line" : "").
-	($friend ? " and friend_list.UID=".$_SESSION["BBS_uid"]:"")
-	)
-	or die("Query user error!");
-
-$row=mysql_fetch_array($rs);
-$u_count=$row["rec_count"];
-
-mysql_free_result($rs);
-
-$toa=$u_count;
-if ($toa==0)
-	$toa=1;
-
-$page_total=intval($toa/$page_max_record);
-if (($toa % $page_max_record)>0)
-	$page_total++;
-if ($page>$page_total)
-	$page=$page_total;
-?>
-<html>
-	<head>
-		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-		<title>用户查找结果</title>
-		<link rel="stylesheet" href="css/default.css" type="text/css">
-
-<style type="text/css">
-TD.head,TD.level,TD.login_dt,TD.dark,TD.username
-{
-	border-right: #d0d3F0 1px solid;
-	border-left: #d0d3F0 1px solid;
-	border-bottom: #d0d3F0 1px solid;
-}
-TD.head
-{
-	font-family: 楷体;
-	color:#909090;
-}
-TD.login_dt,TD.level,TD.dark,TD.username
-{
-	text-align:center;
-}
-TD.login_dt,TD.dark
-{
-	color:#909090;
-	background-color:#eaf0Fa;
-}
-TD.head,TD.level
-{
-	background-color:#fafbfc;
-}
-TD.level
-{
-	color:orange;
-}
-</style>
-
-		<script language="JavaScript" src="/js/nw_open.js"></script>
-	</head>
-	<body>
-		<center>
-			<table cols="2" border="0" cellpadding="0" cellspacing="0" width="770">
-				<tr>
-					<td colspan="2" style="color:green;">
-						<a class="s2" href="main.php"><? echo $BBS_name; ?></a>&gt;&gt;查找<? echo ($online?"在线":""); ?><? echo ($friend?"好友":"用户"); ?>
-					</td>
-				</tr>
-				<tr bgcolor="#d0d3F0" height="2">
-					<td colspan="2"></td></tr>
-				<tr>
-					<td class="dark" width="3%"></td>
-					<td class="head" width="97%">
-						<? if ($u_count==0)
-{
-?>
-						未找到指定用户<? }
-	else
-{
-?>用户查找结果（共<? echo $u_count; ?>位）<? } ?>
-						（当前在线注册用户<? echo $user_count; ?>位，游客<? echo $guest_count; ?>位）
-					</td>
-				</tr>
-			</table>
-			<table border="0" cellpadding="1" cellspacing="0" width="770">
-				<tr height="10">
-					<td>
-					</td>
-				</tr>
-			</table>
-			<table bgcolor="#f0F3Fa" border="0" cellpadding="0" cellspacing="0" width="770">
-				<tr bgcolor="#d0d3F0" height="20">
-					<td class="title" width="4%"></td>
-					<td class="title" width="15%">用户ID</td>
-					<td class="title" width="20%">昵称</td>
-					<td class="title" width="12%">等级</td>
-					<td class="title" width="18%">最后登陆时间</td>
-					<td class="title" width="27%"></td>
-					<td class="title" width="4%"></td>
-				</tr>
-				<? 
-$color[0]="#f0F3Fa";
-$color[1]="#FAFBFC";
-$color_index=-1;
-$color_count=2;
-
-$rs=mysql_query("select user_list.UID,username,nickname,exp,".
-	"gender,gender_pub,last_login_dt from user_list".
-	($online?" inner join user_online on user_list.UID=user_online.UID":"").
-	($friend?" inner join friend_list on user_list.UID=friend_list.fUID":"").
-	" inner join user_pubinfo on user_list.UID=user_pubinfo.UID where".
-	" user_list.enable and ".($type==1?"user_pubinfo.nickname":"user_list.username").
-	" like '%$search_author%'".
-	($online ? " AND TIMESTAMPDIFF(SECOND, last_tm, NOW()) <= $BBS_user_off_line":"").
-	($friend ? " and friend_list.UID=".$_SESSION["BBS_uid"]:"").
-	" order by ".($type==1?"nickname":"username").
-	" limit ".($page-1)*$page_max_record.",$page_max_record")
-	or die("Query user error!");
-
-while($row=mysql_fetch_array($rs))
-{
-	$color_index=($color_index+1)%$color_count;
-?>
-				<tr height="25">
-					<td class="dark">
-<?
-	if ($row["gender_pub"])
+	$result_set = array(
+		"return" => array(
+			"code" => 0,
+			"message" => "",
+			"errorFields" => array(),
+		)
+	);
+
+	$page = (isset($_GET["page"]) ? intval($_GET["page"]) : 1);
+	$rpp = (isset($_GET["rpp"]) ? intval($_GET["rpp"]) : 20);
+
+	$type = (isset($_GET["type"]) ? intval($_GET["type"]) : 0);
+	$online = (isset($_GET["online"]) && $_GET["online"] == "1" ? 1 : 0);
+	$friend = (isset($_GET["friend"]) && $_GET["friend"] == "1" ? 1 : 0);
+	$search_text = (isset($_GET["search_text"]) ? $_GET["search_text"] : "");
+
+	$sql = "SELECT IF(UID = 0, 1, 0) AS is_guest, COUNT(*) AS u_count FROM user_online
+			WHERE last_tm >= SUBDATE(NOW(), INTERVAL $BBS_user_off_line SECOND)
+			GROUP BY is_guest";
+
+	$rs = mysqli_query($db_conn, $sql);
+	if ($rs == false)
+	{
+		echo("Count online user error" . mysqli_error($db_conn));
+		exit();
+	}
+
+	$guest_online = 0;
+	$user_online = 0;
+
+	while ($row = mysqli_fetch_array($rs))
 	{
-		if ($row["gender"] == 'M')
-			echo ("<font color=blue>♂</font>");
+		if ($row["is_guest"])
+		{
+			$guest_online = $row["u_count"];
+		}
 		else
-			echo ("<font color=red>♀</font>");
+		{
+			$user_online = $row["u_count"];
+		}
 	}
-	else
+	mysqli_free_result($rs);
+
+	$sql = "SELECT COUNT(user_list.UID) AS rec_count FROM user_list" .
+			($online ? " INNER JOIN user_online ON user_list.UID = user_online.UID" : "") .
+			($friend ? " INNER JOIN friend_list ON user_list.UID = friend_list.fUID" : "") .
+			($type == 1 ? " INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID" : "") .
+			" WHERE user_list.enable AND ".
+			($type == 1 ? "nickname" : "username") .
+			" LIKE '%" . mysqli_real_escape_string($db_conn, $search_text) . "%'" .
+			($online ? " AND last_tm >= SUBDATE(NOW(), INTERVAL $BBS_user_off_line SECOND)" : "").
+			($friend ? " AND friend_list.UID = " . $_SESSION["BBS_uid"] : "");
+
+	$rs = mysqli_query($db_conn, $sql);
+	if ($rs == false)
 	{
-		echo ("<font color=green>?</font>");
+		echo("Query user error" . mysqli_error($db_conn));
+		exit();
+	}
+
+	if ($row = mysqli_fetch_array($rs))
+	{
+		$toa = $row["rec_count"];
 	}
-?>
-					</td>
-					<td class="username" bgcolor="#fafbfc" onmouseover="this.bgColor='#eaf0Fa';" onmouseout="this.bgColor='#fafbfc';">
-						<a class="s2" href="javascript:show_profile(<? echo $row["UID"]; ?>)"><? echo $row["username"]; ?></a>
-					</td>
-					<td class="dark">
-						<? echo $row["nickname"]; ?>
-					</td>
-					<td class="level">
-						<? echo user_level($row["exp"]); ?>
-					</td>
-					<td class="login_dt">
-						<? echo $row["last_login_dt"]; ?>
-					</td>
-					<td class="level">
-						<a class="s2" href="javascript:NW_open('send_msg.php?user_id=<? echo $row["UID"]; ?>','send_msg',500,300)">发送消息</a>
-					</td>
-					<td align="center">
-					</td>
-				</tr>
-<? 
-}
-?>
-			</table>
-<? 
-mysql_free_result($rs);
-mysql_close($db_conn);
-?>
-			<table cols="3" border="0" cellpadding="5" cellspacing="0" width="770">
-				<tr bgcolor="#d0d3F0" height="10">
-					<td colspan="3" >
-					</td>
-				</tr>
-				<tr height="10">
-					<td colspan="3" >
-					</td>
-				</tr>
-				<tr>
-    <td width="25%" align="center" style="color:#909090">
-    <form action="search_user.php" method="get" id="change_page" name="change_page">
-      <input type="hidden" id="search_text" name="search_text" value="<? echo $search_text;?>">
-      <input type="hidden" id="online" name="online" value="<? echo ($online?"on":"off"); ?>">
-      <input type="hidden" id="friend" name="friend" value="<? echo ($friend?"on":"off"); ?>">
-      分页: <? echo $page; ?>/<? echo $page_total; ?>页
-<? if ($page>1)
-{
-?><a class="s8" title="首页" href="search_user.php?page=1&amp;type=<? echo $type; ?>&amp;online=<? echo ($online?"on":"off"); ?>&amp;friend=<? echo ($friend?"on":"off"); ?><? if ($search_text!="") echo "&amp;search_text=".$search_text;?>"><font face=webdings>9</font></a><a class="s8" title="上一页" href="search_user.php?page=<? echo $page-1; ?>&amp;type=<? echo $type; ?>&amp;online=<? echo ($online?"on":"off"); ?>&amp;friend=<? echo ($friend?"on":"off"); ?><? if ($search_text!="") echo "&amp;search_text=".$search_text;?>"><font face=webdings>7</font></a><? }
-  else
-{
-?><font face=webdings>97</font><? } ?>
-      <input id="page_id" name="page" value="<? echo ($page) ; ?>" size="2">
-<? if ($page<$page_total)
-{
-?><a class="s8" title="下一页" href="search_user.php?page=<? echo $page+1; ?>&amp;type=<? echo $type; ?>&amp;online=<? echo ($online?"on":"off"); ?>&amp;friend=<? echo ($friend?"on":"off"); ?><? if ($search_text!="") echo "&amp;search_text=".$search_text;?>"><font face=webdings>8</font></a><a class="s8" title="尾页" href="search_user.php?page=<? echo $page_total; ?>&amp;type=<? echo $type; ?>&amp;online=<? echo ($online?"on":"off"); ?>&amp;friend=<? echo ($friend?"on":"off"); ?><? if ($search_text!="") echo "&amp;search_text=".$search_text;?>"><font face=webdings>:</font></a><? }
-  else
-{
-?><font face=webdings>8:</font><? } ?>
-    </form>
-    </td>
-					<td width="50" align="center">
-						<form action="search_user.php" method="get" id="search">
-							<font color=#909090>查找用户</font>
-							<select name="type">
-								<option value="2" <? if ($type==2) echo "selected"; ?> >按用户名</option>
-								<option value="1" <? if ($type==1) echo "selected"; ?> >按昵称</option>
-							</select>
-							<input type="text" id="search_text" name="search_text" size="15">
-							<input type="checkbox" id="online" name="online" <? echo ($online?"checked":"");?> ><font color=#909090>在线</font>
-							<input type="checkbox" id="friend" name="friend" <? echo ($friend?"checked":"");?> ><font color=#909090>好友</font>
-							<input type=image src="images/search.gif" alt="查找用户" border="0" name="image"></a>
-						</form>
-					</td>
-					<td width="25">
-					</td>
-				</tr>
-			</table>
-		</center>
-<?
-	include "./foot.inc.php";
-?>
-	</body>
-</html>
 
+	mysqli_free_result($rs);
+
+	if (!in_array($rpp, $BBS_list_rpp_options))
+	{
+		$rpp = $BBS_list_rpp_options[0];
+	}
+
+	$page_total = ceil($toa / $rpp);
+	if ($page > $page_total)
+	{
+		$page = $page_total;
+	}
+
+	if ($page <= 0)
+	{
+		$page = 1;
+	}
+
+	// Fill up result data
+	$result_set["data"] = array(
+		"type" => $type,
+		"online" => $online,
+		"friend" => $friend,
+		"search_text" => $search_text,
+		"page" => $page,
+		"rpp" => $rpp,
+		"page_total" => $page_total,
+		"toa" => $toa,
+		"user_online" => $user_online,
+		"guest_online" => $guest_online,
+
+		"users" => array(),
+	);
+
+	$sql = "SELECT user_list.UID, username, nickname, exp, gender, gender_pub, last_login_dt FROM user_list" .
+			($online ? " INNER JOIN user_online ON user_list.UID = user_online.UID" : "") .
+			($friend ? " INNER JOIN friend_list ON user_list.UID = friend_list.fUID" : "") .
+			" INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID WHERE user_list.enable AND ".
+			($type == 1 ? "nickname" : "username") .
+			" LIKE '%" . mysqli_real_escape_string($db_conn, $search_text) . "%'" .
+			($online ? " AND last_tm >= SUBDATE(NOW(), INTERVAL $BBS_user_off_line SECOND)" : "").
+			($friend ? " AND friend_list.UID = " . $_SESSION["BBS_uid"] : "") .
+			" ORDER BY " . ($type == 1 ? "nickname" : "username") .
+			" LIMIT " . ($page - 1) * $rpp . ", $rpp";
+
+	$rs = mysqli_query($db_conn, $sql);
+	if ($rs == false)
+	{
+		echo("Query user error" . mysqli_error($db_conn));
+		exit();
+	}
+
+	while ($row = mysqli_fetch_array($rs))
+	{
+		array_push($result_set["data"]["users"], array(
+			"uid" => $row["UID"],
+			"username" => $row["username"],
+			"nickname" => $row["nickname"],
+			"exp" => $row["exp"],
+			"gender" => $row["gender"],
+			"gender_pub" => $row["gender_pub"],
+			"last_login_dt" => (new DateTimeImmutable($row["last_login_dt"]))->setTimezone($_SESSION["BBS_user_tz"]),
+		));
+	}
+	mysqli_free_result($rs);
+
+	// Cleanup
+	unset($type);
+	unset($online);
+	unset($friend);
+	unset($search_text);
+	unset($page);
+	unset($rpp);
+	unset($page_total);
+	unset($toa);
+	unset($user_online);
+	unset($guest_online);
+
+	// Output with theme view
+	$theme_view_file = get_theme_file("view/search_user", $_SESSION["BBS_theme_name"]);
+	if ($theme_view_file == null)
+	{
+		exit(json_encode($result_set)); // Output data in Json
+	}
+	include $theme_view_file;
+?>