--- fenglin/bbs/search_user.php	2025/03/09 07:30:10	1.8
+++ fenglin/bbs/search_user.php	2025/04/18 04:25:28	1.23
@@ -1,91 +1,89 @@
 <?
+	require_once "../lib/db_open.inc.php";
 	require_once "./session_init.inc.php";
 	require_once "./user_level.inc.php";
 ?>
-<? 
-set_user_action("search_user");
-
-$page_max_record=20;
+<?
+$page = (isset($_GET["page"]) ? intval($_GET["page"]) : 1);
+$rpp = (isset($_GET["rpp"]) ? intval($_GET["rpp"]) : 20);
 
-if (isset($_GET["page"]))
-	$page=intval($_GET["page"]);
-else
-	$page=1;
-if ($page<1)
-	$page=1;
+$type = (isset($_GET["type"]) ? intval($_GET["type"]) : 0);
+$online = (isset($_GET["online"]) && $_GET["online"] == "1" ? 1 : 0);
+$friend = (isset($_GET["friend"]) && $_GET["friend"] == "1" ? 1 : 0);
+$search_text = (isset($_GET["search_text"]) ? $_GET["search_text"] : "");
+
+$sql = "SELECT IF(UID = 0, 1, 0) AS is_guest, COUNT(*) AS u_count FROM user_online
+		WHERE last_tm >= SUBDATE(NOW(), INTERVAL $BBS_user_off_line SECOND)
+		GROUP BY is_guest";
 
-if (isset($_GET["type"]))
-	$type=intval($_GET["type"]);
-else
-	$type=2;
+$rs = mysqli_query($db_conn, $sql);
+if ($rs == false)
+{
+	echo("Count online user error" . mysqli_error($db_conn));
+	exit();
+}
 
-if (isset($_GET["online"]))
-	$online=($_GET["online"]=="on");
-else
-	$online=0;
+$guest_online = 0;
+$user_online = 0;
 
-if (isset($_GET["friend"]))
-	$friend=($_GET["friend"]=="on");
-else
-	$friend=0;
+while ($row = mysqli_fetch_array($rs))
+{
+	if ($row["is_guest"])
+	{
+		$guest_online = $row["u_count"];
+	}
+	else
+	{
+		$user_online = $row["u_count"];
+	}
+}
+mysqli_free_result($rs);
 
-if (isset($_GET["search_text"]))
-	$search_text=trim($_GET["search_text"]);
-else
-	$search_text="";
-$search_author=addslashes(stripslashes($search_text));
+$sql = "SELECT COUNT(user_list.UID) AS rec_count FROM user_list" .
+		($online ? " INNER JOIN user_online ON user_list.UID = user_online.UID" : "") .
+		($friend ? " INNER JOIN friend_list ON user_list.UID = friend_list.fUID" : "") .
+		($type == 1 ? " INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID" : "") .
+		" WHERE user_list.enable AND ".
+		($type == 1 ? "nickname" : "username") .
+		" LIKE '%" . mysqli_real_escape_string($db_conn, $search_text) . "%'" .
+		($online ? " AND last_tm >= SUBDATE(NOW(), INTERVAL $BBS_user_off_line SECOND)" : "").
+		($friend ? " AND friend_list.UID = " . $_SESSION["BBS_uid"] : "");
 
-$db_conn=include "./db_open.inc.php";
+$rs = mysqli_query($db_conn, $sql);
+if ($rs == false)
+{
+	echo("Query user error" . mysqli_error($db_conn));
+	exit();
+}
 
-$rs=mysql_query("select user_online.SID from user_online".
-	" where UID=0 and current_action not in".
-	" ('max_user_limit','max_ip_limit','max_session_limit','exit')".
-	" group by SID")
-	or die("Count guest error!");
-$guest_count=mysql_num_rows($rs);
-mysql_free_result($rs);
-
-$rs=mysql_query("select user_online.SID from user_online".
-	" where UID<>0 and current_action not in".
-	" ('max_user_limit','max_ip_limit','max_session_limit','exit')".
-	" group by SID")
-	or die("Count user error!");
-$user_count=mysql_num_rows($rs);
-mysql_free_result($rs);
-
-$rs=mysql_query("select count(user_list.UID) as rec_count from user_list".
-	($online?" inner join user_online on user_list.UID=user_online.UID":"").
-	($friend?" inner join friend_list on user_list.UID=friend_list.fUID":"").
-	" inner join user_pubinfo on user_list.UID=user_pubinfo.UID where".
-	" user_list.enable and ".($type==1?"user_pubinfo.nickname":"user_list.username").
-	" like '%$search_author%'".
-	($online ? " and current_action not in".
-	" ('max_user_limit','max_ip_limit','max_session_limit','exit')":"").
-	($friend ? " and friend_list.UID=".$_SESSION["BBS_uid"]:"")
-	)
-	or die("Query user error!");
+if ($row = mysqli_fetch_array($rs))
+{
+	$toa = $row["rec_count"];
+}
 
-$row=mysql_fetch_array($rs);
-$u_count=$row["rec_count"];
+mysqli_free_result($rs);
 
-mysql_free_result($rs);
+if (!in_array($rpp, $BBS_list_rpp_options))
+{
+	$rpp = $BBS_list_rpp_options[0];
+}
 
-$toa=$u_count;
-if ($toa==0)
-	$toa=1;
+$page_total = ceil($toa / $rpp);
+if ($page > $page_total)
+{
+	$page = $page_total;
+}
 
-$page_total=intval($toa/$page_max_record);
-if (($toa % $page_max_record)>0)
-	$page_total++;
-if ($page>$page_total)
-	$page=$page_total;
+if ($page <= 0)
+{
+	$page = 1;
+}
 ?>
 <html>
 	<head>
 		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 		<title>用户查找结果</title>
 		<link rel="stylesheet" href="css/default.css" type="text/css">
-
 <style type="text/css">
 TD.head,TD.level,TD.login_dt,TD.dark,TD.username
 {
@@ -96,32 +94,55 @@ TD.head,TD.level,TD.login_dt,TD.dark,TD.
 TD.head
 {
 	font-family: 楷体;
-	color:#909090;
+	color: #909090;
 }
 TD.login_dt,TD.level,TD.dark,TD.username
 {
-	text-align:center;
+	text-align: center;
 }
 TD.login_dt,TD.dark
 {
-	color:#909090;
-	background-color:#eaf0Fa;
+	color: #909090;
+	background-color: #eaf0Fa;
 }
 TD.head,TD.level
 {
-	background-color:#fafbfc;
+	background-color: #fafbfc;
 }
 TD.level
 {
-	color:orange;
+	color: orange;
+}
+TD.username
+{
+	background-color: #fafbfc;
+}
+TD.username:hover
+{
+	background-color: #eaf0Fa;
 }
 </style>
 
-		<script language="JavaScript" src="/js/nw_open.js"></script>
+<script type="text/javascript" src="../js/nw_open.js"></script>
+<script type="text/javascript">
+function ch_page(page)
+{
+	document.change_page.page.value = page;
+	document.change_page.submit();
+	return false;
+}
+
+function ch_rpp()
+{
+	document.change_page.page.value = Math.floor((document.change_page.page.value - 1) * <? echo $rpp; ?> / document.change_page.rpp.value) + 1;
+	document.change_page.submit();
+	return false;
+}
+</script>
 	</head>
 	<body>
 		<center>
-			<table cols="2" border="0" cellpadding="0" cellspacing="0" width="770">
+			<table cols="2" border="0" cellpadding="0" cellspacing="0" width="1050">
 				<tr>
 					<td colspan="2" style="color:green;">
 						<a class="s2" href="main.php"><? echo $BBS_name; ?></a>&gt;&gt;查找<? echo ($online?"在线":""); ?><? echo ($friend?"好友":"用户"); ?>
@@ -132,24 +153,27 @@ TD.level
 				<tr>
 					<td class="dark" width="3%"></td>
 					<td class="head" width="97%">
-						<? if ($u_count==0)
+<?
+if ($toa==0)
 {
-?>
-						未找到指定用户<? }
-	else
+?>未找到指定用户<?
+}
+else
 {
-?>用户查找结果（共<? echo $u_count; ?>位）<? } ?>
-						（当前在线注册用户<? echo $user_count; ?>位，游客<? echo $guest_count; ?>位）
+?>用户查找结果（共<? echo $toa; ?>位）
+<?
+}
+?>（当前在线注册用户<? echo $user_online; ?>位，游客<? echo $guest_online; ?>位）
 					</td>
 				</tr>
 			</table>
-			<table border="0" cellpadding="1" cellspacing="0" width="770">
+			<table border="0" cellpadding="1" cellspacing="0" width="1050">
 				<tr height="10">
 					<td>
 					</td>
 				</tr>
 			</table>
-			<table bgcolor="#f0F3Fa" border="0" cellpadding="0" cellspacing="0" width="770">
+			<table bgcolor="#f0F3Fa" border="0" cellpadding="0" cellspacing="0" width="1050">
 				<tr bgcolor="#d0d3F0" height="20">
 					<td class="title" width="4%"></td>
 					<td class="title" width="15%">用户ID</td>
@@ -159,29 +183,27 @@ TD.level
 					<td class="title" width="27%"></td>
 					<td class="title" width="4%"></td>
 				</tr>
-				<? 
-$color[0]="#f0F3Fa";
-$color[1]="#FAFBFC";
-$color_index=-1;
-$color_count=2;
-
-$rs=mysql_query("select user_list.UID,username,nickname,exp,".
-	"gender,gender_pub,last_login_dt from user_list".
-	($online?" inner join user_online on user_list.UID=user_online.UID":"").
-	($friend?" inner join friend_list on user_list.UID=friend_list.fUID":"").
-	" inner join user_pubinfo on user_list.UID=user_pubinfo.UID where".
-	" user_list.enable and ".($type==1?"user_pubinfo.nickname":"user_list.username").
-	" like '%$search_author%'".
-	($online ? " and current_action not in".
-	" ('max_user_limit','max_ip_limit','max_session_limit','exit')":"").
-	($friend ? " and friend_list.UID=".$_SESSION["BBS_uid"]:"").
-	" order by ".($type==1?"nickname":"username").
-	" limit ".($page-1)*$page_max_record.",$page_max_record")
-	or die("Query user error!");
+<?
+$sql = "SELECT user_list.UID, username, nickname, exp, gender, gender_pub, last_login_dt FROM user_list" .
+		($online ? " INNER JOIN user_online ON user_list.UID = user_online.UID" : "") .
+		($friend ? " INNER JOIN friend_list ON user_list.UID = friend_list.fUID" : "") .
+		" INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID WHERE user_list.enable AND ".
+		($type == 1 ? "nickname" : "username") .
+		" LIKE '%" . mysqli_real_escape_string($db_conn, $search_text) . "%'" .
+		($online ? " AND last_tm >= SUBDATE(NOW(), INTERVAL $BBS_user_off_line SECOND)" : "").
+		($friend ? " AND friend_list.UID = " . $_SESSION["BBS_uid"] : "") .
+		" ORDER BY " . ($type == 1 ? "nickname" : "username") .
+		" LIMIT " . ($page-1) * $rpp . ", $rpp";
+
+$rs = mysqli_query($db_conn, $sql);
+if ($rs == false)
+{
+	echo("Query user error" . mysqli_error($db_conn));
+	exit();
+}
 
-while($row=mysql_fetch_array($rs))
+while ($row = mysqli_fetch_array($rs))
 {
-	$color_index=($color_index+1)%$color_count;
 ?>
 				<tr height="25">
 					<td class="dark">
@@ -189,9 +211,13 @@ while($row=mysql_fetch_array($rs))
 	if ($row["gender_pub"])
 	{
 		if ($row["gender"] == 'M')
+		{
 			echo ("<font color=blue>♂</font>");
+		}
 		else
+		{
 			echo ("<font color=red>♀</font>");
+		}
 	}
 	else
 	{
@@ -199,8 +225,8 @@ while($row=mysql_fetch_array($rs))
 	}
 ?>
 					</td>
-					<td class="username" bgcolor="#fafbfc" onmouseover="this.bgColor='#eaf0Fa';" onmouseout="this.bgColor='#fafbfc';">
-						<a class="s2" href="javascript:show_profile(<? echo $row["UID"]; ?>)"><? echo $row["username"]; ?></a>
+					<td class="username">
+						<a class="s2" href="show_profile.php?uid=<? echo $row["UID"]; ?>" target=_blank><? echo $row["username"]; ?></a>
 					</td>
 					<td class="dark">
 						<? echo $row["nickname"]; ?>
@@ -209,24 +235,28 @@ while($row=mysql_fetch_array($rs))
 						<? echo user_level($row["exp"]); ?>
 					</td>
 					<td class="login_dt">
-						<? echo $row["last_login_dt"]; ?>
+						<? echo (new DateTimeImmutable($row["last_login_dt"]))->setTimezone($_SESSION["BBS_user_tz"])->format("Y-m-d H:i:s"); ?>
 					</td>
 					<td class="level">
-						<a class="s2" href="javascript:NW_open('send_msg.php?user_id=<? echo $row["UID"]; ?>','send_msg',500,300)">发送消息</a>
-						<a class="s2" href="javascript:NW_open('bbs_email.php?user_id=<? echo $row["UID"]; ?>','send_msg',500,300)">发送邮件</a>
+<?
+	if ($_SESSION["BBS_priv"]->checkpriv(0, S_MSG))
+	{
+?>
+						<a class="s2" href="read_msg.php?sent=1&uid=<? echo $row["UID"]; ?>" target=_blank>发送消息</a>
+<?
+	}
+?>
 					</td>
 					<td align="center">
 					</td>
 				</tr>
 <? 
 }
+
+mysqli_free_result($rs);
 ?>
 			</table>
-<? 
-mysql_free_result($rs);
-mysql_close($db_conn);
-?>
-			<table cols="3" border="0" cellpadding="5" cellspacing="0" width="770">
+			<table cols="3" border="0" cellpadding="5" cellspacing="0" width="1050">
 				<tr bgcolor="#d0d3F0" height="10">
 					<td colspan="3" >
 					</td>
@@ -236,48 +266,68 @@ mysql_close($db_conn);
 					</td>
 				</tr>
 				<tr>
-    <td width="25%" align="center" style="color:#909090">
-    <form action="search_user.php" method="get" id="change_page" name="change_page">
-      <input type="hidden" id="search_text" name="search_text" value="<? echo $search_text;?>">
-      <input type="hidden" id="online" name="online" value="<? echo ($online?"on":"off"); ?>">
-      <input type="hidden" id="friend" name="friend" value="<? echo ($friend?"on":"off"); ?>">
-      分页: <? echo $page; ?>/<? echo $page_total; ?>页
-<? if ($page>1)
-{
-?><a class="s8" title="首页" href="search_user.php?page=1&amp;type=<? echo $type; ?>&amp;online=<? echo ($online?"on":"off"); ?>&amp;friend=<? echo ($friend?"on":"off"); ?><? if ($search_text!="") echo "&amp;search_text=".$search_text;?>"><font face=webdings>9</font></a><a class="s8" title="上一页" href="search_user.php?page=<? echo $page-1; ?>&amp;type=<? echo $type; ?>&amp;online=<? echo ($online?"on":"off"); ?>&amp;friend=<? echo ($friend?"on":"off"); ?><? if ($search_text!="") echo "&amp;search_text=".$search_text;?>"><font face=webdings>7</font></a><? }
-  else
-{
-?><font face=webdings>97</font><? } ?>
-      <input id="page_id" name="page" value="<? echo ($page) ; ?>" size="2">
-<? if ($page<$page_total)
-{
-?><a class="s8" title="下一页" href="search_user.php?page=<? echo $page+1; ?>&amp;type=<? echo $type; ?>&amp;online=<? echo ($online?"on":"off"); ?>&amp;friend=<? echo ($friend?"on":"off"); ?><? if ($search_text!="") echo "&amp;search_text=".$search_text;?>"><font face=webdings>8</font></a><a class="s8" title="尾页" href="search_user.php?page=<? echo $page_total; ?>&amp;type=<? echo $type; ?>&amp;online=<? echo ($online?"on":"off"); ?>&amp;friend=<? echo ($friend?"on":"off"); ?><? if ($search_text!="") echo "&amp;search_text=".$search_text;?>"><font face=webdings>:</font></a><? }
-  else
-{
-?><font face=webdings>8:</font><? } ?>
-    </form>
-    </td>
-					<td width="50" align="center">
-						<form action="search_user.php" method="get" id="search">
-							<font color=#909090>查找用户</font>
-							<select name="type">
-								<option value="2" <? if ($type==2) echo "selected"; ?> >按用户名</option>
-								<option value="1" <? if ($type==1) echo "selected"; ?> >按昵称</option>
-							</select>
-							<input type="text" id="search_text" name="search_text" size="15">
-							<input type="checkbox" id="online" name="online" <? echo ($online?"checked":"");?> ><font color=#909090>在线</font>
-							<input type="checkbox" id="friend" name="friend" <? echo ($friend?"checked":"");?> ><font color=#909090>好友</font>
-							<input type=image src="images/search.gif" alt="查找用户" border="0" name="image"></a>
-						</form>
+				<form action="search_user.php" method="get" id="change_page" name="change_page">
+					<td width="30%" style="color: #909090">
+					每页<select size="1" id="rpp" name="rpp" onchange="ch_rpp();">
+<?
+	foreach ($BBS_list_rpp_options as $v)
+	{
+		echo ("<option value=\"$v\"" . ($v == $rpp ? " selected" : "") . ">$v</option>");
+	}
+?>
+			</select>人
+			<?
+if ($page > 1)
+{
+?>
+			<a class="s8" title="首页" href="" onclick="return ch_page(1);">|◀</a>
+			<a class="s8" title="上一页" href="" onclick="return ch_page(<? echo ($page - 1); ?>);">◀</a>
+<?
+}
+else
+{
+?>
+|◀ ◀
+<?
+}
+?>
+    		第<input id="page" name="page" value="<? echo ($page) ; ?>" style="width: 30px;">/<? echo $page_total; ?>页
+<?
+if ($page < $page_total)
+{
+?>
+			<a class="s8" title="下一页" href="" onclick="return ch_page(<? echo ($page + 1); ?>);">▶</a>
+			<a class="s8" title="尾页" href="" onclick="return ch_page(<? echo ($page_total); ?>);">▶|</a>
+<?
+}
+else
+{
+?>
+▶ ▶|
+<?
+}
+?>
+					</td>
+					<td width="50%">
+						<select name="type">
+							<option value="0" <? if ($type==0) echo "selected"; ?> >按用户名</option>
+							<option value="1" <? if ($type==1) echo "selected"; ?> >按昵称</option>
+						</select>
+						<input type="text" id="search_text" name="search_text" size="15" value="<? echo $search_text;?>">
+						<input type="checkbox" id="online" name="online" value="1" <? echo ($online ? "checked" : "");?>><font color=#909090>在线</font>
+						<input type="checkbox" id="friend" name="friend" value="1" <? echo ($friend ? "checked" : "");?>><font color=#909090>好友</font>
+						<input type=image src="images/search.gif" alt="查找用户" border="0" name="image"></a>
 					</td>
-					<td width="25">
+					<td width="10%">
 					</td>
+					</form>
 				</tr>
 			</table>
 		</center>
 <?
-	include "./foot.inc.php";
+mysqli_close($db_conn);
+
+include "./foot.inc.php";
 ?>
 	</body>
 </html>
-