[TYPO3] Advanced query not advanced enough - part 2

JoH info at cybercraft.de
Fri May 12 20:56:11 CEST 2006 

Pieter wrote:
> JoH wrote:
>> You are right, since there is no possibility to set "starts with" or
>> "ends with" for groups.
>> The correct query would be
>>
>> fe_users.usergroup = '1'
>> OR fe_users.usergroup LIKE '1,%'
>> OR fe_users.usergroup LIKE '%,1'
>> OR fe_users.usergroup LIKE '%,1,%'
>>
>> If I find the time during the next weeks, I will try to add these
>> features. Don't know if it will be available for 4.01 though ...
>>
>> Joey
>>
> Hello Joey,
> thanks for the fast response!
> There is a separate extension joh_advbesearch, maybe it's possible to
> add this new feature to that extension first.  Might be easier then
> getting it into the core at once?
>
> When I dreaming, what I would really like is the possibility to enter
> any SQL statement.  Some kind of advanced user mode.  I need a query
> like this:
>
> SELECT username, first_name,last_name, tx_vivuser_lastpayment, uid,
> pid, status, deleted, usergroup
>
> FROM fe_users
> WHERE
> deleted = 0 and
> ( (fe_users.tx_vivuser_lastpayment = 0) or
> (UNIX_TIMESTAMP() -  fe_users.tx_vivuser_lastpayment > 31536000)) and
> FIND_IN_SET(3,usergroup) > 0

By enabling such a feature you would open up a big security hole, since it
would be possible for non admin users to do UPDATE, INSERT or DROP instead
of SELECT.
So this won't make it into my extension and surely not into the core.

But of course we can improve the overall functionality of the query
generator.
Fell free to add as many additional searchtypes for the different fieldtypes
to your wishlist as you like.
So I will be able to implement them in one go if I find the time after the
release of the TYPO3 cookbook.

> But it's all free software of course and I better do it myself if I
> want it.  But joh_advbesearch is not very easy to get in to...

The major problem is that it is based on Kaspers and Julles (sometimes
weird) coding style and that it has to work in conjunction with user tasks
and actions.
My part was the improvement of features and usability together with some
bugfixing .
Took me quite some time too to dig into the original code.

Have a nice weekend

Joey

-- 
Wenn man keine Ahnung hat: Einfach mal Fresse halten!
(If you have no clues: simply shut your knob sometimes!)
Dieter Nuhr, German comedian
openBC: http://www.cybercraft.de

More information about the TYPO3-english mailing list