You're the man. The code is below
Code:
<?
/*****************************************************************************\
+-----------------------------------------------------------------------------+
| X-Cart |
| Copyright (c) 2001-2002 Ruslan R. Fazliev. All rights reserved. |
+-----------------------------------------------------------------------------+
| The Ruslan R. Fazliev forbids, under any circumstances, the unauthorized |
| reproduction of software or use of illegally obtained software. Making |
| illegal copies of software is prohibited. Individuals who violate copyright |
| law and software licensing agreements may be subject to criminal or civil |
| action by the owner of the copyright. |
| |
| 1. It is illegal to copy a software, and install that single program for |
| simultaneous use on multiple machines. |
| |
| 2. Unauthorized copies of software may not be used in any way. This applies |
| even though you yourself may not have made the illegal copy. |
| |
| 3. Purchase of the appropriate number of copies of a software is necessary |
| for maintaining legal status. |
| |
| DISCLAIMER |
| |
| THIS SOFTWARE IS PROVIDED BY Ruslan R. Fazliev ``AS IS'' AND ANY |
| EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
| WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| DISCLAIMED. IN NO EVENT SHALL Ruslan R. Fazliev OR ITS |
| CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
| OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
| OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
| ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
| The Initial Developer of the Original Code is Ruslan R. Fazliev. |
| Portions created by Ruslan R. Fazliev are Copyright (C) 2001-2002 |
| Ruslan R. Fazliev. All Rights Reserved. |
+-----------------------------------------------------------------------------+
\*****************************************************************************/
#
# $Id: search.php,v 1.35.2.7 2003/02/21 07:46:50 svowl Exp $
#
require "../smarty.php";
require "../config.php";
@include "./https.php";
require "./auth.php";
require "../include/categories.php";
$tmp=strstr($QUERY_STRING, "XCARTSESSID=");
if (!empty($tmp))
$QUERY_STRING=ereg_replace("XCARTSESSID=([0-9a-zA-Z]*)", "", $QUERY_STRING);
if(!empty($QUERY_STRING)) {
#
# Permorfm SQL search query
#
$price_condition = $price_search_1?" AND $sql_tbl[pricing].price>='$price_search_1'":"";
$price_condition .= $price_search_2?" AND $sql_tbl[pricing].price<='$price_search_2'":"";
$price_substring = $price_search_1?"&price_search_1=".urlencode($price_search_1):"";
$price_substring .= $price_search_2?"&price_search_2=".urlencode($price_search_2):"";
if ($price_condition)
$sort_by_price = "price";
$search_category = addslashes(array_pop(func_query_first("select category from $sql_tbl[categories] where categoryid='$in_category'")));
$search_query = "($sql_tbl[products].product like '%$substring%' or $sql_tbl[products].descr like '%$substring%') and $sql_tbl[categories].category like '$search_category%' and $sql_tbl[products].forsale='Y' and $sql_tbl[categories].avail='Y' $price_condition ";
$membership_condition = " AND ($sql_tbl[categories].membership='". $user_account['membership']."' OR $sql_tbl[categories].membership='') ";
$search_query_count = "select count(distinct $sql_tbl[products].productid) from $sql_tbl[products], $sql_tbl[pricing], $sql_tbl[categories] where $sql_tbl[pricing].productid=$sql_tbl[products].productid and $sql_tbl[pricing].quantity=1 and $sql_tbl[products].categoryid=$sql_tbl[categories].categoryid $membership_condition and ($sql_tbl[pricing].membership='". $user_account['membership']."' or $sql_tbl[pricing].membership='') and ($sql_tbl[products].product like '%$substring%' or $sql_tbl[products].descr like '%$substring%') and $sql_tbl[categories].category like '$search_category%' and $sql_tbl[products].forsale='Y' and $sql_tbl[categories].avail='Y' $price_condition ";
$total_products_in_search = array_pop(func_query_first($search_query_count));
#
# Navigation code
#
$objects_per_page = $config["General"]["products_per_page"];
$total_nav_pages = ceil($total_products_in_search/$config["General"]["products_per_page"])+1;
require "../include/navigation.php";
$smarty->assign("products",func_search_products($search_query, $user_account['membership'],$first_page,$total_products_in_search, 0, $sort_by_price));
$smarty->assign("navigation_script","search.php?substring=".urlencode($substring)."&in_category=$in_category".$price_substring);
$HTTP_GET_VARS["substring"] = stripslashes($HTTP_GET_VARS["substring"]);
$smarty->assign("main","search");
}
else {
$smarty->assign("main","advanced_search");
}
$smarty->display("customer/home.tpl");
?>