MyBB Community Forums

hello
loging and log fetching in search process has not a good idea. if you read source you'll face this lines :search.php {35}
if($mybb->input['action'] == "results")
{
$sid = intval($mybb->input['sid']);
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."searchlog WHERE sid='".$sid."'");



as you see there are no limitations for viewing logs.you can enter ever SID that you want and view what was previous users searched.
I think that this process needs a "limit and update query" for save others privacy.

query of searching logs needs altering to: where sid=sid and uid=thisuid and dateline> 5minago.
also if this query returned at least a row (or not any error occurs) a query must update dateline field.
*a delete query can run on table sometimes.

Which would also break the functionality where if I wanted to link you to a particular set of search results - which I quite commonly do on other forums.

Chris Boulton Wrote:Which would also break the functionality where if I wanted to link you to a particular set of search results - which I quite commonly do on other forums.

you right
but i remember aworm in vb that search and search and make forum slower and slower.
also loging search has not change any thing but deleting it make forum faster. your idea is right{i know now} but you can implement it by maltering search form from post method to get method also this way you can manage on searching that is a very slow process and consume recources.
bests.

I was going to complain about this same issue... I definitely have some concerns about the lack of privacy in the search feature. =/

Chris Boulton Wrote:Which would also break the functionality where if I wanted to link you to a particular set of search results - which I quite commonly do on other forums.

Why not make the script accept a URL like this?

search.php?action=search&keywords=surfi&fid=14

It could just automatically create a new, private, search-id thingy... :p

It is exactly my will

Moving to suggestions.

I'm suggesting that a "key" is appended to the URL so that the user can still copy the URL to other people, even if they are on the 2nd or 3rd page of the search results, but other people can't easily guess in (maybe 5-8 random chars)

The key could be the UID or the dateline so that another column doesn't have to be created

search.php?action=results&sid=9144&sortby=1&order=&uid=81
or
search.php?action=results&sid=9144&sortby=1&order=&dateline=1234567890
or
search.php?action=results&sid=9144&sortby=1&order=&key=a4J4do38

I think that would be acceptable... it would prevent dodgy users from viewing private results by incrementing and decrementing the search id number...

However the example query string I posted above still looks nicer.

Hey. How about it's like search.php?query=whatever+you+like

Aka using Method: Get instead of Search IDS. Every time someone would go to the link, it would perform the search again.

Which of these suggestions was "accepted"?

Another note: upon successful login, MyBB creates a cookie named sid with the session id. How does $mybb->input get populated? If it uses $_REQUEST, there's a chance of it showing the session id instead of search id.