Search (list) page shows results for inactive/expired accounts but when clicked on for details page get message "No record found for that search. Please click BACK in your browser."

8 posts by 3 authors in: Forums > CMS Builder
Last Post: June 18, 2014   (RSS)

By Codee - April 25, 2014

On a client's site that displays for-sale ads and has a lot of accounts they want to ensure that when an account is disengaged, put on hold, inactive/expired that the corresponding records do not appear on the public php page (makes sense!).  In general they do not appear EXCEPT on a search page  there are records appearing in the search results from such accounts.  Of course, when a visitor click on such results linked to the inactive accounts they get the message "No record found for that search. Please click BACK in your browser." because the details page is not going to show.  How can we ensure the results from inactive accounts does not appear in the search results? Chris built the guts of this search page years ago, here's most of the code:

head area code:

<?php header('Content-type: text/html; charset=utf-8'); ?>
<?php
  /* STEP 1: LOAD RECORDS - Copy this PHP code block near the TOP of your page */

 // load viewer library
  $libraryPath = 'emaAdmin/lib/viewer_functions.php';
  $dirsToCheck = array('XXXXWebsite path hidden for securityXXXX/html/','','../','../../','../../../');
  foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
  if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }

/// START OF SEARCH CODE
 
  // build up where clauses for our searches
  $searchWords = preg_split('/\s+/', @$_REQUEST['search']);
  $inventorySearchFields = array('listing_type','4_x_4', 'year', 'make_alternate', 'title','keyword_1', 'keyword_2', 'keyword_3', 'keyword_4','engine_make', 'additional_comments', 'alternative_content');

  $equipmentTypeWhere = '';
  $where = '';
  foreach ($searchWords as $searchTerm) {
    $searchTermWhere = '';
    $escapedSearchTerm = mysql_escape($searchTerm);
    foreach ($inventorySearchFields as $field) {
      if ($searchTermWhere) { $searchTermWhere .= ' OR '; }
      $searchTermWhere .= "inventory.$field LIKE '%$escapedSearchTerm%'";
    }
    
    $searchTermWhere .= " OR model.title LIKE '%$escapedSearchTerm%'";
    $searchTermWhere .= " OR manufacturer.title LIKE '%$escapedSearchTerm%'";
    
    if ($where) { $where .= ' OR '; } # was AND
    $where .= "($searchTermWhere)";

    if ($equipmentTypeWhere) { $equipmentTypeWhere .= ' OR '; } # was AND
    $equipmentTypeWhere .= "title LIKE '%$escapedSearchTerm%'";
  }

  // find matching equipment_type records, add their nums to our inventory record search
  list($equipmentTypeRecords,) = getRecords(array(
    'tableName'   => 'equipment_type',
    'where'       => $equipmentTypeWhere,
    'allowSearch' => false,
  ));
  foreach ($equipmentTypeRecords as $equipmentTypeRecord) {
    if ($where) { $where .= ' OR '; }
    $where .= "inventory.equipment_type LIKE '%\t{$equipmentTypeRecord['num']}\t%'";
  }
  
  // search inventory records (and joined tables)
  list($inventoryRecords, $inventoryMetaData) = getRecords(array(
    'tableName'   => 'inventory',
    
    'leftJoin'    => array(
      'model'        => 'model',
      'manufacturer' => 'manufacturer',
      'dealer_info'  => 'ON inventory.createdByUserNum = dealer_info.createdByUserNum',
    ),
    'where'       => ($where ? $where : '1'),
    'allowSearch' => true,
    
    'perPage'     => '15',
      'orderBy'     => "updatedDate DESC",
  ));
  
  // load referenced records for our fields 
  if (!empty($inventoryRecords)) {
    beta_lookupRelatedFields(array( 
      'table'      => 'inventory', 
      'recordList' => &$inventoryRecords, 
      'fieldList'  => array( 
        'manufacturer', 'model' => 'model', 'equipment_type' 
      ), 
    ));
  }

  /// END OF SEARCH CODE
  

    // load all manufacturer records 
  list($manufacturerRecords, $manufacturerMetaData) = getRecords(array( 
    'tableName'   => 'manufacturer', 
    'allowSearch' => false, 
  )); 
   
  // load model records related to manufacturers 
  beta_lookupReferringRecords(array( 
    'sourceTable'    => 'manufacturer', 
    'recordList'     => &$manufacturerRecords, 
    'foreignTable'   => 'model', 
    'foreignFields'  => array('manufacturer'), 
    'injectionField' => 'models' 
  )); 

  // load all equipment_type records 
  list($equipment_typeRecords, $equipment_typeMetaData) = getRecords(array( 
    'tableName'   => 'equipment_type', 
  )); 

  // load records
  list($leftmenuRecords, $leftmenuMetaData) = getRecords(array(
    'tableName'   => 'leftmenu',
    'loadUploads' => true,
    'allowSearch' => false,
  ));
  
   // load records from 'topmenu'
  list($topmenuRecords, $topmenuMetaData) = getRecords(array(
    'tableName'   => 'topmenu',
    'loadUploads' => true,
    'allowSearch' => false,
  ));
  
  // Load Advertiser
 list($advertisingRecords, $advertisingMetaData) = getRecords(array(
    'tableName'   => 'advertising',
    'limit'       => '1',
  ));

?>

and in the <body>:

<span class="justtext">The simplest way to search our heavy equipment inventory is to use our <b>Quick Search as it primarily searches by manufacturer, model and equipment type.</b>
                                    <br/><br/>
                                    Just type your search term into the box and click the "Search Inventory" button.  Your search results will appear on the right.</span>
                                    <br/><br/><br/>
                                    <center>
                                    <table border="0" cellpadding="0" cellspacing="10" width=95%>
                                        <tr>
                                            <td width=50% style="vertical-align:top; text-align:left">
                                            <center>
                                            <form method="POST" action="?">
                                            <input type="text" size="40" name="search" value="">
                                            <br clear="all"><br>
                                            <center>
                                            <input type="submit" name="submit" value="Quick Search Inventory">
                                            </center>
                                            </form> 
                                            </center>
                                            <br/><br/><br/><br/>
                                            <span class="justtext">* If you want to search by a specific dealer then</span> <a href="/dealerList.php" class="prevnext">click here.</a>
                                            <br/><br/>
                                            <span class="justtext">* If you want to search by a list of specific equipment types then</span> <a href="/searchbyheavyequipmenttype.php" class="prevnext">click here.</a>
                                            </td>
                                            <td width=50% style="vertical-align:top; text-align:left">
                                                 <table border="1" width=100% cellpadding="10" cellspacing="0" bordercolor="#000090">
                                                     <tr>
                                                         <td style="vertical-align:top">
                                                         <center>
                                                         <h2>Search Results</h2>
                                                         </center>
                                                         <ul> 
                                                         <?php if ($inventoryRecords): ?>
                                                         <span class="listtext">Your search results are listed individually below.  Just click on a result to view that ad.
                                                         </span>
                                                         <br clear="all"><br/>
                                                          <?php endif ?>
                                                          <?php foreach ($inventoryRecords as $inventory): ?> 
                                                              <?php /* <li><a href="<?php echo $inventory['_link'] ?>" class="prevnext"><?php echo $inventory['year'] ?>&nbsp;click here to view</a></li> */ ?>
                                                              <li><a href="<?php echo $inventory['_link'] ?>" class="prevnext">
                                                                  <?php
                                                                      if ($inventory['year']           ) { echo htmlspecialchars($inventory['year']                  ) . "&nbsp;"; }
                                                                      if ($inventory['manufacturer']   ) { echo htmlspecialchars($inventory['manufacturer']['title'] ) . "&nbsp;"; }
                                                                      if ($inventory['model']          ) { echo htmlspecialchars($inventory['model']['title']        ) . "&nbsp;"; }
                                                                      if ($inventory['make_alternate'] ) { echo htmlspecialchars($inventory['make_alternate']        ) . "&nbsp;"; }
                                                                      if ($inventory['title']          ) { echo htmlspecialchars($inventory['title']                 ) . "&nbsp;"; }
                                                                  ?>
                                                              </a></li>
                                                          <?php endforeach; ?> 
                                                          <?php if (!$inventoryRecords): ?>
                                                              <center>
                                                              <i><span class="helptext">[There are no results available for that search request.  Try another search.]</span></i>
                                                             </center>
                                                          <?php endif ?>
                                                          </ul>
                                                          </td>
                                                     </tr>
                                                 </table>
                                                <br/>
                                                 <div style="text-align: center;" clear="both">
                                                      <?php if ($inventoryMetaData['prevPage']): ?> 
                                                           <a href="<?php echo $inventoryMetaData['prevPageLink'] ?>" class="prevnext">&lt;&lt; prev&nbsp;&nbsp;&nbsp;</a> 
                                                         <?php else: ?> 
                                                           <!--nothing to show-->
                                                      <?php endif ?> 
  
                                                         <?php  
                                                        if (@!$_GET['page']): $current_page = "0"; 
                                                        else: $current_page = $_GET['page'];    
                                                       endif;  ?> 
  
                                                        <?php foreach (range(1,$inventoryMetaData['totalPages']) as $page): ?>  
                                                             <?php if ($page == $current_page): ?> 
                                                                 <strong>&nbsp;<span class="bordertext">&nbsp;page&nbsp;<?php echo $page; ?>&nbsp;</span>&nbsp;</strong> 
                                                               <?php else: ?> 
                                                                 <a href="?<?php echo http_build_query(array_merge($_REQUEST, array( 'page' => $page ))) ?>"  class="prevnext"><?php echo $page; ?></a>

                                                           <?php endif ?> 
                                                        <?php endforeach; ?> 
 
                                                        <?php if ($inventoryMetaData['nextPage']): ?> 
                                                               <a href="<?php echo $inventoryMetaData['nextPageLink'] ?>" class="prevnext">&nbsp;&nbsp;&nbsp;next &gt;&gt;</a> 
                                                             <?php else: ?> 
                                                                 <!--nothing to show-->
                                                         <?php endif ?> 
                                                         <br/><br/>
                                                 </div>
                                            </td>
                                        </tr>
                                    </table>
                                    </center>

By Chris - April 29, 2014

Hi equinox,

How are disengaged, put on hold, and inactive/expired accounts represented in the database? Is it manufacturer.disabled or something like that?

Can you show us the detail page which is returning the "No record found" message so we can see what the logic is there?

All the best,
Chris

By Codee - April 30, 2014

Hi Chris,

Absolutely, but can I email you off-line with the info? Thanks.

By Codee - April 30, 2014

Also, in the User Accounts section, this user is checkmarked positive for "Disable Access" and in the Inventory section of the database, under Advanced, the box for "Disabled Accounts: Viewers: Hide records that are "Created By" a user who is: deleted, disabled, or expired" is also positive for being checked. So I'm guessing either there is a missfire for the viewer page or the customized search code is enabling a bypass?

By Codee - June 17, 2014

Damon,

I haven't heard back and no change on the customers' site so I'm resending support the credentials and details.

Thanks

By Damon - June 18, 2014

Hi Terry,

I added an if statement around the search results to not show listings in the search that are from a user account that is checked disabled:

<?php if($inventory['createdBy.disabled'] != 1): ?>

.... search results listings and links


<?php endif; ?>

This requires that the user account has the Disable Access checkbox checked.

Let me know if you have any questions about this.

Thanks!

Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By Codee - June 18, 2014

Outstanding. Thank you VERY much!