/** * This function creates an Ad Form * * Creates an Form for an Ad using the supplied defaults (if specified). * * @param array $ad array of values describing an Ad * @return string HTML string of Ad form */ function CLASSIFIEDS_getAdForm($ad = array(), $copy = false) { global $_CONF, $_CLASSIFIEDS_CONF, $LANG_CLASSIFIEDS_2, $LANG_CLASSIFIEDS_ADMIN, $_TABLES, $LANG24, $LANG_ADMIN, $_USER; if ($_USER['uid'] < 2) { return CLASSIFIEDS_loginRequiredForm(); } if (!SEC_hasRights('classifieds.publish')) { //Give publish rights to logged-in users if there is no group with this feature $ft_id = DB_getItem($_TABLES['features'], 'ft_id', "ft_name = 'classifieds.publish'"); $grp_id = DB_getItem($_TABLES['access'], 'acc_grp_id', "acc_ft_id = {$ft_id}"); //COM_errorLog('Classifieds feature: ' . $ft_id . ' | Group: ' . $grp_id ); if ($grp_id == '') { // Give access } else { // Display message return $LANG_CLASSIFIEDS_2['access_reserved'] . ' <strong>"' . DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = {$grp_id}") . '"</strong>'; } } $active = true; if ($ad != '') { $created = COM_getUserDateTimeFormat($A['created']); $active_days = (time() - $created['1']) / (24 * 3600); if ($active_days > $_CLASSIFIEDS_CONF['active_days']) { $active = false; } if ((SEC_hasAccess2($ad) != 3 || $ad['deleted'] == 1 || $active == false) && !SEC_hasRights('classifieds.admin')) { echo COM_refresh($_CLASSIFIEDS_CONF['site_url'] . "/index.php?error=0"); exit; } } //Display form $ad['clid'] == '' ? $retval = COM_startBlock($LANG_CLASSIFIEDS_2['insert_new_ad']) : ($retval = COM_startBlock($LANG_CLASSIFIEDS_2['edit_label'] . ' ' . $ad['title'])); $template = new Template($_CONF['path'] . 'plugins/classifieds/templates'); $template->set_file(array('ad' => 'ad_form.thtml')); $template->set_var('site_url', $_CLASSIFIEDS_CONF['site_url']); $template->set_var('xhtml', XHTML); $template->set_var('gltoken_name', CSRF_TOKEN); $template->set_var('gltoken', SEC_createToken()); if (is_numeric($ad['clid'])) { $template->set_var('clid', '<input type="hidden" name="clid" value="' . $ad['clid'] . '" />'); } else { $template->set_var('clid', ''); } //Your Ad $template->set_var('your_ad', $LANG_CLASSIFIEDS_2['your_ad']); //category $categories = ''; $template->set_var('category_label', $LANG_CLASSIFIEDS_2['category']); $categories .= '<option value="0">' . $LANG_CLASSIFIEDS_2['choose_category'] . '</option>'; $categories .= CLASSIFIEDS_adOptionList($_TABLES['cl_cat'], 'cid,category,pid', $ad['catid'], 'catorder', "catdeleted=0"); $template->set_var('categories', $categories); //type $template->set_var('type_label', $LANG_CLASSIFIEDS_2['type']); if ($ad['type'] == '1') { $template->set_var('type_d', ' selected'); $template->set_var('type_o', ''); } elseif ($ad['type'] == '0') { $template->set_var('type_d', ''); $template->set_var('type_o', ' selected'); } else { $template->set_var('type_d', ''); $template->set_var('type_o', ''); } $choosetype = '<option value="-1">' . $LANG_CLASSIFIEDS_2['choose_type'] . '</option>'; $template->set_var('choose_type', $choosetype); $template->set_var('offer', $LANG_CLASSIFIEDS_2['offer']); $template->set_var('demand', $LANG_CLASSIFIEDS_2['demand']); //title $template->set_var('title_label', $LANG_CLASSIFIEDS_2['title']); $template->set_var('title', $ad['title']); $template->set_var('currency', $_CLASSIFIEDS_CONF['currency']); //text $template->set_var('text_label', $LANG_CLASSIFIEDS_2['text']); $template->set_var('text', $ad['text']); //Price $template->set_var('price_label', $LANG_CLASSIFIEDS_2['price']); $template->set_var('price', number_format(floatval($ad['price']), $_CONF['decimal_count'])); //images $template->set_var('images', $LANG_CLASSIFIEDS_2['images']); $fileinputs = ''; $saved_images = ''; if ($_CLASSIFIEDS_CONF['max_images_per_ad'] > 0) { if ($ad['clid'] != '') { $icount = DB_count($_TABLES['cl_pic'], 'pi_pid', $ad['clid']); if ($icount > 0) { $result_pics = DB_query("SELECT * FROM {$_TABLES['cl_pic']} WHERE pi_pid = '" . $ad['clid'] . "'"); for ($z = 1; $z <= $icount; $z++) { $I = DB_fetchArray($result_pics); $saved_images .= '<div><p>' . $z . ') ' . '<a class="lightbox" href="' . $_CLASSIFIEDS_CONF['site_url'] . '/timthumb.php?src=' . $_CLASSIFIEDS_CONF['url_images'] . $I['pi_filename'] . '&w=640"><img src="' . $_CLASSIFIEDS_CONF['site_url'] . '/timthumb.php?src=' . $_CLASSIFIEDS_CONF['url_images'] . $I['pi_filename'] . '&w=' . $size . '&h=' . $size . '" align="top" alt="' . $A['title'] . '" /></a>' . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['pi_img_num'] . ']"' . XHTML . '><br' . XHTML . '></p></div>'; } } } $newallowed = $_CLASSIFIEDS_CONF['max_images_per_ad'] - $icount; for ($z = $icount + 1; $z <= $_CLASSIFIEDS_CONF['max_images_per_ad']; $z++) { $fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '> '; if ($z < $_CLASSIFIEDS_CONF['max_images_per_ad']) { $fileinputs .= '<br' . XHTML . '>'; } } } $template->set_var('saved_images', $saved_images); $template->set_var('image_form_elements', $fileinputs); //your details if (!is_numeric($ad['clid'])) { $data = DB_query("SELECT *\n FROM {$_TABLES['cl_users']} \n\t\t\tWHERE user_id = {$_USER['uid']}\n\t\t"); $user_data = DB_fetchArray($data, true); $ad['status'] = $user_data['status']; $ad['tel'] = $user_data['tel']; $ad['postcode'] = $user_data['postcode']; $ad['city'] = $user_data['city']; $ad['siren'] = $user_data['siren']; } $template->set_var('your_details', $LANG_CLASSIFIEDS_2['your_details']); $template->set_var('status_label', $LANG_CLASSIFIEDS_2['status']); $template->set_var('private', $LANG_CLASSIFIEDS_2['private']); $template->set_var('professional', $LANG_CLASSIFIEDS_2['professional']); if ($ad['status'] == '1') { $template->set_var('pro_yes', ' selected'); $template->set_var('pro_no', ''); } elseif ($ad['status'] == '0') { $template->set_var('pro_yes', ''); $template->set_var('pro_no', ' selected'); } else { $template->set_var('pro_no', ''); $template->set_var('pro_yes', ''); } $choose_status = '<option value="-1">' . $LANG_CLASSIFIEDS_2['choose_status'] . '</option>'; $template->set_var('choose_status', $choose_status); $template->set_var('siren_label', $LANG_CLASSIFIEDS_2['siren']); $template->set_var('siren', $ad['siren']); $template->set_var('tel_label', $LANG_CLASSIFIEDS_2['tel']); $template->set_var('tel', $ad['tel']); $template->set_var('hide_tel_label', $LANG_CLASSIFIEDS_2['hide_tel']); $template->set_var('hide_tel', $ad['hide_tel']); if ($ad['hide_tel'] == '1') { $template->set_var('tel_ckecked', ' checked="checked"'); } else { $template->set_var('tel_ckecked', ''); } $template->set_var('postcode_label', $LANG_CLASSIFIEDS_2['postcode']); $template->set_var('postcode', $ad['postcode']); $template->set_var('city_label', $LANG_CLASSIFIEDS_2['city']); $template->set_var('city', $ad['city']); //submit $template->set_var('save_button', $LANG_CLASSIFIEDS_2['save_button']); $template->set_var('delete_button', $LANG_CLASSIFIEDS_2['delete_button']); $template->set_var('validate_button', $LANG_CLASSIFIEDS_2['validate_button']); $template->set_var('required_field', $LANG_CLASSIFIEDS_2['required_field']); //Admin options if (SEC_hasRights('classifieds.admin')) { $admin_select = LB . '<select name="op">' . LB; if (!$copy) { $admin_select .= '<option value="save" selected="selected">' . $LANG_CLASSIFIEDS_2['save_button'] . '</option>' . LB; if ($ad['clid'] != '') { $admin_select .= '<option value="delete">' . $LANG_CLASSIFIEDS_2['delete_button'] . '</option>' . LB; } } if (function_exists('CLASSIFIEDS_getBonusAdminButton') && $ad['clid'] != '') { $admin_select .= CLASSIFIEDS_getBonusAdminButton(); } $admin_select .= LB . '</select>' . LB; $template->set_var('admin_options', $admin_select); $datecreated = COM_getUserDateTimeFormat($ad['created']); $datemodified = COM_getUserDateTimeFormat($ad['modified']); $template->set_var('created', '<p>' . $LANG_CLASSIFIEDS_ADMIN['created'] . $LANG_CLASSIFIEDS_1['double_point'] . ' ' . $datecreated[0] . '</p>'); $template->set_var('modified', '<p>' . $LANG_CLASSIFIEDS_ADMIN['modified'] . $LANG_CLASSIFIEDS_1['double_point'] . ' ' . $datemodified[0] . '</p>'); } else { $template->set_var('admin_options', ''); $template->set_var('created', ''); $template->set_var('modified', ''); } $retval .= $template->parse('output', 'ad'); $retval .= COM_endBlock(); return $retval; }
/////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// $valid_prices = true; foreach ($cart->get_contents() as $item) { $realid = COM_sanitizeID(explode("|", $item['id'])); $item_id = $realid[0]; $item_price = $item['price']; $A = DB_fetchArray(DB_query("SELECT * FROM {$_TABLES['paypal_products']} WHERE id = '{$item_id}' LIMIT 1")); $price = $A['price']; if ($A['discount_a'] != '' && $A['discount_a'] != 0) { $price = number_format($A['price'] - $A['discount_a'], 2, '.', ''); } if ($A['discount_p'] != '' && $A['discount_p'] != 0) { $price = number_format($A['price'] - $A['price'] * ($A['discount_p'] / 100), 2, '.', ''); } if ($item_price != $price || !SEC_hasAccess2($A) || $A['active'] != '1') { $valid_prices = false; } } /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IF THE SUBMITTED PRICES ARE NOT VALID if ($valid_prices !== true) { // KILL THE SCRIPT die($jcart['text']['checkout_error']); } else { if ($valid_prices === true) { if ($_POST['pay_by'] == 'check') { echo COM_refresh($_PAY_CONF['site_url'] . '/informations.php?shipping=' . $_POST['shipping'] . '&pay_by=check'); exit; } else {
} } } } //subscrition $product->set_var('subscription', ''); //Donation $product->set_var('donation', ''); //Rent $product->set_var('rent', ''); switch ($type) { case 'subscription': break; case 'donation': break; case 'rent': break; default: break; } if ($A['active'] == 1 && SEC_hasAccess2($A) || SEC_hasRights('paypal.admin')) { $display .= $product->parse('output', 'product'); } else { $display .= COM_showMessageText($LANG_PAYPAL_1['not_active_message'], $LANG_PAYPAL_1['active']); } //Display cart $display .= '<div id="cart">' . PAYPAL_displayCart() . '</div>'; $display .= PAYPAL_siteFooter(); //hit +1 hitProduct($A['id']); COM_output($display);
$remove_from_tel = array(' ', '.', '|', ',', '/', ':', '-', '_'); $clean_tel = str_replace($remove_from_tel, '', $_REQUEST['tel']); $_REQUEST['hide_tel'] == '1' ? $hide_tel = '1' : ($hide_tel = '0'); $_REQUEST['status'] == '1' ? $status = '1' : ($status = '0'); $created = date("YmdHis"); $modified = date("YmdHis"); // price can only contain numbers and a decimal $price = str_replace(",", "", $_REQUEST['price']); $price = preg_replace('/[^\\d.]/', '', $price); if (!empty($_REQUEST['clid'])) { //Edit mode if (is_numeric($_REQUEST['clid'])) { $sql = "SELECT * FROM {$_TABLES['cl']} WHERE clid = {$_REQUEST['clid']}"; $res = DB_query($sql); $A = DB_fetchArray($res); if (SEC_hasAccess2($A) < 3) { echo COM_refresh($_CLASSIFIEDS_CONF['site_url'] . "/index.php"); exit; break; } } else { echo COM_refresh($_CLASSIFIEDS_CONF['site_url'] . "/index.php"); exit; break; } $sql = "catid = '{$_REQUEST['catid']}', " . "status = '{$status}', " . "type = '{$_REQUEST['type']}', " . "tel = '{$clean_tel}', " . "hide_tel = '{$hide_tel}', " . "title = '{$title}', " . "text = '{$text}', " . "price = '{$price}', " . "postcode = '{$_REQUEST['postcode']}', " . "city = '{$city}', " . "siren = '{$_REQUEST['siren']}', " . "modified = '{$modified}', " . "deleted = '{$_REQUEST['deleted']}'\n\t\t\t "; $sql = "UPDATE {$_TABLES['cl']} SET {$sql} " . "WHERE clid = {$_REQUEST['clid']}"; DB_query($sql); $last_pid = $_REQUEST['clid']; if (DB_error()) { $msg = $LANG_CLASSIFIEDS_2['save_fail'];
$vars = array('msg' => 'text', 'shipping' => 'text'); paypal_filterVars($vars, $_REQUEST); /* valid price, access and active product only */ $items = array(); $i = 1; $quantities = array(); $valid_prices = true; foreach ($cart->get_contents() as $item) { $realid = PAYPAL_realId($item['id']); $item_id = $realid[0]; $items[$i] = $item['id']; $namesfromcart[$i] = $item['name']; $quantities[$i] = $item['qty']; $item_price[$i] = $item['price']; $A = DB_fetchArray(DB_query("SELECT * FROM {$_TABLES['paypal_products']} WHERE id = '{$item_id}' LIMIT 1")); if ($item_price[$i] != PAYPAL_productPrice($A) || !SEC_hasAccess2($A) || $A['active'] != '1') { $valid_prices = false; } $i++; } if ($valid_prices !== true) { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } //Main // EMPTY THE CART $cart->empty_cart(); $display .= PAYPAL_siteHeader(); $display .= paypal_user_menu(); switch ($_REQUEST['mode']) { default: