diff --git a/client_documents.php b/client_documents.php index 7a3f797e..ef5f703c 100644 --- a/client_documents.php +++ b/client_documents.php @@ -1,12 +1,13 @@ $sb, 'o' => $o))); @@ -26,15 +35,15 @@ $sql_no_tag = "SELECT SQL_CALC_FOUND_ROWS * FROM documents WHERE document_client_id = $client_id AND documents.company_id = $session_company_id AND document_template = 0 - AND (document_name LIKE '%$q%' OR document_content LIKE '%$q%') + $query_snippet ORDER BY $sb $o LIMIT $record_from, $record_to"; $sql_with_tag = "SELECT SQL_CALC_FOUND_ROWS * FROM documents LEFT JOIN documents_tagged ON documents.document_id = documents_tagged.document_id WHERE document_client_id = $client_id - AND document_template = 0 AND documents.company_id = $session_company_id - AND (document_name LIKE '%$q%' OR document_content LIKE '%$q%') + AND document_template = 0 + $query_snippet AND documents_tagged.tag_id LIKE '%$tag%' ORDER BY $sb $o LIMIT $record_from, $record_to"; diff --git a/database_updates.php b/database_updates.php index 7321ac76..5137685c 100644 --- a/database_updates.php +++ b/database_updates.php @@ -19,24 +19,43 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){ if(CURRENT_DATABASE_VERSION == '0.0.1'){ // Insert queries here required to update to DB version 0.0.2 - // mysqli_query($mysqli, "ALTER TABLE ....."); + mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_module_enable_itdoc` TINYINT(1) DEFAULT 1 AFTER `config_backup_path`"); mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_module_enable_ticketing` TINYINT(1) DEFAULT 1 AFTER `config_module_enable_itdoc`"); mysqli_query($mysqli, "ALTER TABLE `settings` ADD `config_module_enable_accounting` TINYINT(1) DEFAULT 1 AFTER `config_module_enable_ticketing`"); - // Then, update the database to the next sequential version - //mysqli_query($mysqli, "UPDATE settings SET config_current_database_version = '0.0.2' WHERE company_id = '1'"); - + // Update the database to the next sequential version mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.2'"); } if(CURRENT_DATABASE_VERSION == '0.0.2'){ // Insert queries here required to update to DB version 0.0.3 + + // Add document content raw column & index + mysqli_query($mysqli, "ALTER TABLE `documents` ADD `document_content_raw` LONGTEXT NOT NULL AFTER `document_content`, ADD FULLTEXT `document_content_raw` (`document_content_raw`)"); + + // Populate content raw column with existing document data + $documents_sql = mysqli_query($mysqli, "SELECT * FROM `documents`"); + while($row = mysqli_fetch_array($documents_sql)){ + $id = $row['document_id']; + $name = $row['document_name']; + $content = $row['document_content']; + $content_raw = trim(mysqli_real_escape_string($mysqli, strip_tags($name . " " . str_replace("<", " <", $content)))); + + mysqli_query($mysqli, "UPDATE `documents` SET `document_content_raw` = '$content_raw' WHERE `document_id` = '$id'"); + } + + // Then, update the database to the next sequential version + mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.3'"); + } + + if(CURRENT_DATABASE_VERSION == '0.0.3'){ + // Insert queries here required to update to DB version 0.0.4 // mysqli_query($mysqli, "ALTER TABLE ....."); // Then, update the database to the next sequential version - //mysqli_query($mysqli, "UPDATE settings SET config_current_database_version = '0.0.3' WHERE company_id = '1'"); + //mysqli_query($mysqli, "UPDATE settings SET config_current_database_version = '0.0.3'"); } diff --git a/database_version.php b/database_version.php index f0f59d6c..e0581015 100644 --- a/database_version.php +++ b/database_version.php @@ -5,4 +5,4 @@ * It is used in conjunction with database_updates.php */ -DEFINE("LATEST_DATABASE_VERSION", "0.0.2"); \ No newline at end of file +DEFINE("LATEST_DATABASE_VERSION", "0.0.3"); \ No newline at end of file diff --git a/db.sql b/db.sql index 6c02b03b..1dcd54af 100644 --- a/db.sql +++ b/db.sql @@ -397,6 +397,7 @@ CREATE TABLE `documents` ( `document_id` int(11) NOT NULL AUTO_INCREMENT, `document_name` varchar(200) NOT NULL, `document_content` longtext NOT NULL, + `document_content_raw` longtext NOT NULL, `document_created_at` datetime NOT NULL, `document_updated_at` datetime DEFAULT NULL, `document_archived_at` datetime DEFAULT NULL, @@ -409,6 +410,11 @@ CREATE TABLE `documents` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Indexes for table `documents` +-- +ALTER TABLE `documents` ADD FULLTEXT KEY `document_content_raw` (`document_content_raw`); + -- -- Table structure for table `documents_tagged` -- diff --git a/global_search.php b/global_search.php index 259173cf..4d012d43 100644 --- a/global_search.php +++ b/global_search.php @@ -15,7 +15,7 @@ if(isset($_GET['query'])){ $sql_contacts = mysqli_query($mysqli,"SELECT * FROM contacts LEFT JOIN clients ON client_id = contact_client_id LEFT JOIN departments ON contact_department_id = department_id WHERE (contact_name LIKE '%$query%' OR contact_title LIKE '%$query%' OR contact_email LIKE '%$query%' OR contact_phone LIKE '%$phone_query%' OR contact_mobile LIKE '%$phone_query%') AND contacts.company_id = $session_company_id ORDER BY contact_id DESC LIMIT 5"); $sql_vendors = mysqli_query($mysqli,"SELECT * FROM vendors WHERE (vendor_name LIKE '%$query%' OR vendor_phone LIKE '%$phone_query%') AND company_id = $session_company_id ORDER BY vendor_id DESC LIMIT 5"); $sql_products = mysqli_query($mysqli,"SELECT * FROM products WHERE product_name LIKE '%$query%' AND company_id = $session_company_id ORDER BY product_id DESC LIMIT 5"); - $sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE document_name LIKE '%$query%' AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5"); + $sql_documents = mysqli_query($mysqli, "SELECT * FROM documents LEFT JOIN clients on document_client_id = clients.client_id WHERE MATCH(document_content_raw) AGAINST ('$query') AND documents.company_id = $session_company_id ORDER BY document_id DESC LIMIT 5"); $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN clients on tickets.ticket_client_id = clients.client_id WHERE (ticket_subject LIKE '%$query%' OR ticket_number = '$query') AND tickets.company_id = $session_company_id ORDER BY ticket_id DESC LIMIT 5"); $sql_logins = mysqli_query($mysqli,"SELECT * FROM logins WHERE (login_name LIKE '%$query%' OR login_username LIKE '%$query%') AND company_id = $session_company_id ORDER BY login_id DESC LIMIT 5"); diff --git a/pagination_head.php b/pagination_head.php index ac4a8bfd..742f1689 100644 --- a/pagination_head.php +++ b/pagination_head.php @@ -34,7 +34,7 @@ if(isset($_GET['o'])){ // Search if(isset($_GET['q'])){ - $q = mysqli_real_escape_string($mysqli,$_GET['q']); + $q = mysqli_real_escape_string($mysqli,trim($_GET['q'])); }else{ $q = ""; } \ No newline at end of file diff --git a/post.php b/post.php index 0432295e..9d9d6b58 100644 --- a/post.php +++ b/post.php @@ -6927,11 +6927,13 @@ if(isset($_POST['add_document'])){ $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']))); $tags_ids = $_POST['tags_ids']; $content = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['content'])))); + $content_raw = trim(mysqli_real_escape_string($mysqli, strip_tags($_POST['name'] . " " . str_replace("<", " <", $_POST['content'])))); + // Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching. $template = intval($_POST['template']); $folder = intval($_POST['folder']); // Document add query - $add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_content = '$content', document_created_at = NOW(), document_template = $template, document_folder_id = $folder, document_client_id = $client_id, company_id = $session_company_id"); + $add_document = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_content = '$content', document_content_raw = '$content_raw', document_created_at = NOW(), document_template = $template, document_folder_id = $folder, document_client_id = $client_id, company_id = $session_company_id"); $document_id = $mysqli->insert_id; // Logging @@ -6970,11 +6972,13 @@ if(isset($_POST['edit_document'])){ $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']))); $tags_ids = $_POST['tags_ids']; $content = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode($_POST['content'])))); + $content_raw = trim(mysqli_real_escape_string($mysqli, strip_tags($_POST['name'] . " " . str_replace("<", " <", $_POST['content'])))); + // Content Raw is used for FULL INDEX searching. Adding a space before HTML tags to allow spaces between newlines, bulletpoints, etc. for searching. $template = intval($_POST['template']); $folder = intval($_POST['folder']); // Document edit query - mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_content = '$content', document_updated_at = NOW(), document_template = $template, document_folder_id = $folder WHERE document_id = $document_id AND company_id = $session_company_id"); + mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_content = '$content', document_content_raw = '$content_raw', document_updated_at = NOW(), document_template = $template, document_folder_id = $folder WHERE document_id = $document_id AND company_id = $session_company_id"); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Note', log_action = 'Modify', log_description = '$name', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");