/**
* Update META tags for pages
* @param $params
* @param $lang_id
*/
public static function UpdateMetaTags($params, $lang_id = '')
{
$tag_title = isset($params['tag_title']) ? $params['tag_title'] : '';
$tag_keywords = isset($params['tag_keywords']) ? $params['tag_keywords'] : '';
$tag_description = isset($params['tag_description']) ? $params['tag_description'] : '';
$sql = 'UPDATE ' . TABLE_PAGES . '
SET
tag_title = \'' . mysql_real_escape_string($tag_title) . '\',
tag_keywords = \'' . mysql_real_escape_string($tag_keywords) . '\',
tag_description = \'' . mysql_real_escape_string($tag_description) . '\'
WHERE language_id = \'' . $lang_id . '\'';
if (database_void_query($sql)) {
return true;
} else {
///$this->error = _TRY_LATER;
return false;
}
}
/**
* After-Deleting Record
*/
public function AfterDeleteRecord()
{
$sql = 'SELECT id, is_active FROM ' . TABLE_CURRENCIES;
if ($result = database_query($sql, DATA_AND_ROWS, ALL_ROWS)) {
if ((int) $result[1] == 1) {
// make last currency always
$sql = 'UPDATE ' . TABLE_CURRENCIES . ' SET rate= \'1\', is_default = \'1\', is_active = \'1\' WHERE id= ' . (int) $result[0][0]['id'];
database_void_query($sql);
return true;
}
}
return true;
}
/**
* Removes customer account
*/
public function RemoveAccount()
{
$sql = 'UPDATE ' . TABLE_CUSTOMERS . '
SET is_removed = 1, is_active = 0, comments = CONCAT(comments, "\\r\\n' . @date('Y-m-d H:i:s') . ' - account was removed by customer. ")
WHERE id = ' . (int) $this->GetLoggedID();
return database_void_query($sql) > 0 ? true : false;
}
/**
* After-Deleting - delete banner descriptions from description table
*/
public function AfterDeleteRecord()
{
$sql = 'DELETE FROM ' . TABLE_BANNERS_DESCRIPTION . ' WHERE banner_id = ' . (int) $this->curRecordId;
if (database_void_query($sql)) {
return true;
} else {
return false;
}
}
/**
* 'After'-operation methods
*/
public function AfterInsertRecord()
{
// clone to other languages ---
$total_languages = Languages::GetAllActive();
$language_id = MicroGrid::GetParameter('language_id');
$template_code = MicroGrid::GetParameter('template_code', false);
$template_name = MicroGrid::GetParameter('template_name', false);
$template_subject = MicroGrid::GetParameter('template_subject', false);
$template_content = MicroGrid::GetParameter('template_content', false);
$is_system_template = MicroGrid::GetParameter('is_system_template', false);
for ($i = 0; $i < $total_languages[1]; $i++) {
if ($language_id != '' && $total_languages[0][$i]['abbreviation'] != $language_id) {
$sql = 'INSERT INTO ' . TABLE_EMAIL_TEMPLATES . ' (
id,
language_id,
template_code,
template_name,
template_subject,
template_content,
is_system_template
) VALUES (
NULL,
\'' . encode_text($total_languages[0][$i]['abbreviation']) . '\',
\'' . encode_text($template_code) . '\',
\'' . encode_text($template_name) . '\',
\'' . encode_text($template_subject) . '\',
\'' . encode_text($template_content) . '\',
' . (int) $is_system_template . '
)';
database_void_query($sql);
$this->SetSQLs('insert_lan_' . $total_languages[0][$i]['abbreviation'], $sql);
}
}
}
/**
* After-Deleting Record
*/
public function AfterDeleteRecord()
{
//remove sub-locations
$sql = 'DELETE FROM ' . TABLE_LISTINGS_SUB_LOCATIONS . ' WHERE location_id = ' . (int) $this->curRecordId;
return database_void_query($sql) ? true : false;
}
/**
* Sends order mail
* @param $order_number
* @param $order_type
* @param $customer_id
*/
public static function SendOrderEmail($order_number, $order_type = 'accepted', $customer_id = '')
{
global $objSettings;
$currencyFormat = get_currency_format();
$order_details = '';
// send email to customer
$sql = 'SELECT
o.*,
CASE
WHEN o.payment_type = 0 THEN "' . _ONLINE_ORDER . '"
WHEN o.payment_type = 1 THEN "' . _PAYPAL . '"
WHEN o.payment_type = 2 THEN "2CO"
WHEN o.payment_type = 3 THEN "Authorize.Net"
ELSE "' . _UNKNOWN . '"
END as m_payment_type,
CASE
WHEN o.payment_method = 0 THEN "' . _PAYMENT_COMPANY_ACCOUNT . '"
WHEN o.payment_method = 1 THEN "' . _CREDIT_CARD . '"
WHEN o.payment_method = 2 THEN "E-Check"
ELSE "' . _UNKNOWN . '"
END as m_payment_method,
CASE
WHEN o.status = 0 THEN "<span style=color:#960000>' . _PREPARING . '</span>"
WHEN o.status = 1 THEN "<span style=color:#FF9966>' . _PENDING . '</span>"
WHEN o.status = 2 THEN "<span style=color:#336699>' . _PAID . '</span>"
WHEN o.status = 3 THEN "<span style=color:#009600>' . _COMPLETED . '</span>"
WHEN o.status = 4 THEN "<span style=color:#969600>' . _REFUNDED . '</span>"
ELSE "' . _UNKNOWN . '"
END as m_status,
c.first_name,
c.last_name,
c.user_name as customer_name,
c.preferred_language,
c.email,
c.b_address,
c.b_address_2,
c.b_city,
c.b_state,
count.name as b_country,
c.b_zipcode,
c.phone,
c.fax,
cur.symbol,
cur.symbol_placement
FROM ' . TABLE_ORDERS . ' o
LEFT OUTER JOIN ' . TABLE_CURRENCIES . ' cur ON o.currency = cur.code
LEFT OUTER JOIN ' . TABLE_CUSTOMERS . ' c ON o.customer_id = c.id
LEFT OUTER JOIN ' . TABLE_COUNTRIES . ' count ON c.b_country = count.abbrv
WHERE
o.customer_id = ' . (int) $customer_id . ' AND
o.order_number = "' . $order_number . '"';
$result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY);
if ($result[1] > 0) {
$plan_info = AdvertisePlans::GetPlanInfo($result[0]['advertise_plan_id']);
if (ModulesSettings::Get('payments', 'mode') == 'TEST MODE') {
$order_details .= '<div style="text-align:center;padding:10px;color:#a60000;border:1px dashed #a60000;width:100px">TEST MODE!</div><br />';
}
// Personal Info
$order_details .= '<b>' . _PERSONAL_INFORMATION . ':</b><br />';
$order_details .= _FIRST_NAME . ' : ' . $result[0]['first_name'] . '<br />';
$order_details .= _LAST_NAME . ' : ' . $result[0]['last_name'] . '<br />';
$order_details .= _EMAIL_ADDRESS . ' : ' . $result[0]['email'] . '<br />';
$order_details .= '<br />';
// Billing Info
$order_details .= '<b>' . _BILLING_INFORMATION . ':</b><br />';
$order_details .= _ADDRESS . ': ' . $result[0]['b_address'] . '<br />';
$order_details .= _ADDRESS_2 . ': ' . $result[0]['b_address_2'] . '<br />';
$order_details .= _CITY . ': ' . $result[0]['b_city'] . '<br />';
$order_details .= _STATE_PROVINCE . ': ' . $result[0]['b_state'] . '<br />';
$order_details .= _COUNTRY . ': ' . $result[0]['b_country'] . '<br />';
$order_details .= _ZIP_CODE . ': ' . $result[0]['b_zipcode'] . '<br />';
if (!empty($result[0]['phone'])) {
$order_details .= _PHONE . ' : ' . $result[0]['phone'] . '<br />';
}
if (!empty($result[0]['fax'])) {
$order_details .= _FAX . ' : ' . $result[0]['fax'] . '<br />';
}
$order_details .= '<br />';
// Order Details
$order_details .= '<b>' . _ORDER_DETAILS . ':</b><br />';
$order_details .= _ORDER_DESCRIPTION . ': ' . $result[0]['order_description'] . '<br />';
$order_details .= _ADVERTISE_PLAN . ': ' . (isset($plan_info[0]['plan_name']) ? $plan_info[0]['plan_name'] : '') . '<br />';
$order_details .= _LISTINGS_COUNT . ': ' . $result[0]['listings_amount'] . '<br />';
$order_details .= _CURRENCY . ': ' . $result[0]['currency'] . '<br />';
$order_details .= _CREATED_DATE . ': ' . format_datetime($result[0]['created_date']) . '<br />';
$order_details .= _PAYMENT_DATE . ': ' . format_datetime($result[0]['payment_date']) . '<br />';
$order_details .= _PAYMENT_TYPE . ': ' . $result[0]['m_payment_type'] . '<br />';
$order_details .= _PAYMENT_METHOD . ': ' . $result[0]['m_payment_method'] . '<br />';
//$order_details .= (($result[0]['campaign_name'] != '') ? _DISCOUNT_CAMPAIGN.': '.$result[0]['campaign_name'].' ('.$result[0]['discount_percent'].'%)' : '').'<br />';
$order_details .= _ORDER_PRICE . ': ' . Currencies::PriceFormat($result[0]['order_price'], $result[0]['symbol'], $result[0]['symbol_placement'], $currencyFormat) . '<br />';
$order_details .= _VAT . ': ' . Currencies::PriceFormat($result[0]['vat_fee'], $result[0]['symbol'], $result[0]['symbol_placement'], $currencyFormat) . ' (' . $result[0]['vat_percent'] . '%)' . '<br />';
$order_details .= _TOTAL_PRICE . ': ' . Currencies::PriceFormat($result[0]['total_price'], $result[0]['symbol'], $result[0]['symbol_placement'], $currencyFormat) . '<br />';
//$order_details .= _ADDITIONAL_INFO.': '.nl2br($result[0]['additional_info']).'<br /><br />';
$send_order_copy_to_admin = ModulesSettings::Get('payments', 'send_order_copy_to_admin');
////////////////////////////////////////////////////////////
$sender = $objSettings->GetParameter('admin_email');
$recipient = $result[0]['email'];
if ($order_type == 'completed') {
// exit if email was already sent
if ($result[0]['email_sent'] == '1') {
return true;
}
$email_template = 'order_paid';
$admin_copy_subject = 'Client order has been paid (admin copy)';
} else {
$email_template = 'order_accepted_online';
$admin_copy_subject = 'Client has placed online order (admin copy)';
}
////////////////////////////////////////////////////////////
send_email($recipient, $sender, $email_template, array('{FIRST NAME}' => $result[0]['first_name'], '{LAST NAME}' => $result[0]['last_name'], '{ORDER NUMBER}' => $order_number, '{ORDER DETAILS}' => $order_details), $result[0]['preferred_language'], $send_order_copy_to_admin == 'yes' ? $sender : '', $send_order_copy_to_admin == 'yes' ? $admin_copy_subject : '');
////////////////////////////////////////////////////////////
if ($order_type == 'completed') {
$sql = 'UPDATE ' . TABLE_ORDERS . ' SET email_sent = 1 WHERE order_number = \'' . $order_number . '\'';
database_void_query($sql);
}
////////////////////////////////////////////////////////////
return true;
} else {
///echo $sql;
///echo mysql_error();
}
return false;
}
// *** Make sure the file isn't accessed directly
defined('APPHP_EXEC') or die('Restricted Access');
//--------------------------------------------------------------------------
if (!$objLogin->IsLoggedIn() && ModulesSettings::Get('customers', 'allow_registration') == 'yes') {
$code = isset($_REQUEST['c']) ? prepare_input($_REQUEST['c']) : '';
$task = isset($_POST['task']) ? prepare_input($_POST['task']) : '';
$msg = '';
$confirmed = false;
if ($code != '') {
$sql = 'SELECT * FROM ' . TABLE_CUSTOMERS . ' WHERE registration_code = \'' . encode_text($code) . '\' AND is_active = 0';
$result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY);
if ($result[1] > 0) {
$sql = 'UPDATE ' . TABLE_CUSTOMERS . '
SET is_active = 1, registration_code = \'\'
WHERE registration_code = \'' . encode_text($code) . '\' AND is_active = 0';
database_void_query($sql);
$msg = draw_success_message(_CONFIRMED_SUCCESS_MSG, false);
$confirmed = true;
$msg .= '<script type="text/javascript">setTimeout(\'appGoTo("customer=login")\', 15000);</script>';
} else {
if (strlen($code) == 20) {
$confirmed = true;
$msg = draw_message(_CONFIRMED_ALREADY_MSG, false);
} else {
$msg = draw_important_message(_WRONG_CONFIRMATION_CODE, false);
}
}
} else {
if ($task == 'post_submission') {
$msg = draw_important_message(str_replace('_FIELD_', _CONFIRMATION_CODE, _FIELD_CANNOT_BE_EMPTY), false);
}
/**
* Clean module tables
* @param $module_name
*/
private function CleanModuleTables($module_tables = '')
{
$module_tables_arr = explode(',', $module_tables);
foreach ($module_tables_arr as $table) {
if ($table != '') {
$sql = 'TRUNCATE ' . constant('TABLE_' . strtoupper(trim($table)));
database_void_query($sql);
}
}
}
/**
* Inactives dependent modules
*/
public function InactiveDependentModules()
{
$sql = 'SELECT name, module_tables, dependent_modules FROM ' . TABLE_MODULES . ' WHERE name = \'' . $this->moduleName . '\'';
$result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY);
if ($result[1] > 0) {
$dependent_modules_arr = explode(',', $result[0]['dependent_modules']);
foreach ($dependent_modules_arr as $table) {
$sql = 'UPDATE ' . TABLE_MODULES_SETTINGS . ' SET settings_value = \'no\' WHERE module_name = \'' . $table . '\' AND settings_key = \'is_active\'';
database_void_query($sql);
}
}
///echo mysql_error();
}
/**
* Delete data of language
* @param $lang_abbrev
*/
private function DeleteDataOfLang($lang_abbrev)
{
$sql = 'DELETE FROM ' . TABLE_MENUS . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_VOCABULARY . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_PAGES . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_NEWS . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_EMAIL_TEMPLATES . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUMS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUM_ITEMS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_BANNERS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_SITE_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
if (self::$PROJECT == 'BusinessDirectory') {
$sql = 'DELETE FROM ' . TABLE_ADVERTISE_PLANS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_CATEGORIES_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_LISTINGS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
} else {
if (self::$PROJECT == 'HotelSite') {
$sql = 'DELETE FROM ' . TABLE_HOTELS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_ROOMS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_MEAL_PLANS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_HOTELS_LOCATIONS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_ROOM_FACILITIES_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
} else {
if (self::$PROJECT == 'ShoppingCart') {
$sql = 'DELETE FROM ' . TABLE_CATEGORIES_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_PRODUCTS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\'';
database_void_query($sql);
}
}
}
// delete language file
@unlink('include/messages.' . $lang_abbrev . '.inc.php');
}
/**
* Run - called by outside cron
*/
public static function Run()
{
// add here your code...
// Class::Method();
$perform_actions = false;
// update last time running
$sql = 'SELECT
cron_type,
cron_run_last_time,
cron_run_period,
cron_run_period_value,
CASE
WHEN cron_run_last_time = \'0000-00-00 00:00:00\' THEN \'999\'
WHEN cron_run_period = \'minute\' THEN TIMESTAMPDIFF(MINUTE, cron_run_last_time, \'' . date('Y-m-d H:i:s') . '\')
ELSE TIMESTAMPDIFF(HOUR, cron_run_last_time, \'' . date('Y-m-d H:i:s') . '\')
END as time_diff
FROM ' . TABLE_SETTINGS;
$result = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY);
if ($result['cron_type'] == 'batch') {
$perform_actions = true;
} else {
if ($result['cron_type'] == 'non-batch' && $result['time_diff'] > $result['cron_run_period_value']) {
$perform_actions = true;
} else {
$perform_actions = false;
}
}
if ($perform_actions) {
// update Feeds
RSSFeed::UpdateFeeds();
if (self::$PROJECT == 'ShoppingCart') {
// close expired discount campaigns
Campaigns::UpdateStatus();
// remove expired orders
Orders::RemoveExpired();
} else {
if (self::$PROJECT == 'HotelSite') {
// close expired discount campaigns
Campaigns::UpdateStatus();
// close expired coupons
Coupons::UpdateStatus();
// remove expired 'Preparing' bookings
Bookings::RemoveExpired();
} else {
if (self::$PROJECT == 'BusinnessDirectory') {
// close expired lisitngs
Listings::UpdateStatus();
// remove old inquiries
Inquiries::RemoveOld();
} else {
if (self::$PROJECT == 'MedicalAppointment') {
// remove expired appointments
Appointments::RemoveExpired();
// send reminders for patient and doctor
Appointments::SendReminders();
} else {
if (self::$PROJECT == 'MicroBlog') {
// close expired polls
Pools::UpdateStatus();
}
}
}
}
}
// update last time running
$sql = 'UPDATE ' . TABLE_SETTINGS . ' SET cron_run_last_time = \'' . date('Y-m-d H:i:s') . '\'';
database_void_query($sql);
}
}
/**
* Updates vocabulary key
* @param $key_value
* @param $key_text
*/
public function UpdateKey($key_value = '', $key_text = '')
{
// Block all operations in demo mode
if (strtolower(SITE_MODE) == 'demo') {
$this->error = _OPERATION_BLOCKED;
return false;
}
// Check input parameters
if ($key_text == '') {
$this->error = _VOC_KEY_VALUE_EMPTY;
return false;
} else {
if (strlen($key_text) > 2048) {
$msg_text = str_replace('_FIELD_', '<b>' . _VALUE . '</b>', _FIELD_LENGTH_ALERT);
$msg_text = str_replace('_LENGTH_', '2048', $msg_text);
$this->error = $msg_text;
return false;
}
}
$sql = 'UPDATE ' . TABLE_VOCABULARY . '
SET key_text = \'' . $this->GetFieldsEncoded(trim($key_text, "\r\n")) . '\'
WHERE
key_value = \'' . $key_value . '\' AND
language_id = \'' . $this->languageId . '\'';
if (database_void_query($sql)) {
$this->isKeyUpdated = true;
return true;
} else {
$this->error = _TRY_LATER;
return false;
}
}
/**
* After-insertion operation
*/
public function AfterInsertRecord()
{
// --- clone to other languages
$total_languages = Languages::GetAllActive();
$language_id = self::GetParameter('language_id', false);
$news_code = self::GetParameter('news_code', false);
$header_text = self::GetParameter('header_text', false);
$body_text = self::GetParameter('body_text', false);
$date_created = self::GetParameter('date_created', false);
for ($i = 0; $i < $total_languages[1]; $i++) {
if ($language_id != '' && $total_languages[0][$i]['abbreviation'] != $language_id) {
$sql = 'INSERT INTO ' . TABLE_NEWS . ' (id, news_code, header_text, body_text, date_created, language_id)
VALUES(NULL, \'' . encode_text($news_code) . '\', \'' . encode_text($header_text) . '\', \'' . encode_text($body_text) . '\', \'' . encode_text($date_created) . '\', \'' . encode_text($total_languages[0][$i]['abbreviation']) . '\')';
database_void_query($sql);
$this->SetSQLs('insert_lan_' . $total_languages[0][$i]['abbreviation'], $sql);
}
}
}
/**
* Close expired listings
*/
public static function UpdateStatus()
{
$sql = 'UPDATE ' . TABLE_LISTINGS . '
SET is_published = 0
WHERE is_published = 1 AND
finish_publishing != \'0000-00-00 00:00:00\' AND
finish_publishing < \'' . date('Y-m-d H:i:s') . '\'';
$result = database_void_query($sql, false, false);
if ($result) {
Categories::RecalculateListingsCount();
}
return $result;
}
/**
* Place order
* @param $order_number
* @param $cc_params
*/
public static function PlaceOrder($order_number, $cc_params = array())
{
global $objLogin;
if (SITE_MODE == 'demo') {
self::$message = draw_important_message(_OPERATION_BLOCKED, false);
return false;
}
$sql = 'SELECT id, order_number
FROM ' . TABLE_ORDERS . '
WHERE
order_number = \'' . $order_number . '\' AND
customer_id = ' . (int) $objLogin->GetLoggedID() . ' AND
status = 0
ORDER BY id DESC';
$result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY);
if ($result[1] > 0) {
$sql = 'UPDATE ' . TABLE_ORDERS . '
SET
created_date = \'' . date('Y-m-d H:i:s') . '\',
status_changed = \'' . date('Y-m-d H:i:s') . '\',
cc_type = \'' . $cc_params['cc_type'] . '\',
cc_holder_name = \'' . $cc_params['cc_holder_name'] . '\',
cc_number = AES_ENCRYPT(\'' . $cc_params['cc_number'] . '\', \'' . PASSWORDS_ENCRYPT_KEY . '\'),
cc_expires_month = \'' . $cc_params['cc_expires_month'] . '\',
cc_expires_year = \'' . $cc_params['cc_expires_year'] . '\',
cc_cvv_code = \'' . $cc_params['cc_cvv_code'] . '\',
status = \'1\'
WHERE order_number = \'' . $order_number . '\'';
database_void_query($sql);
if (Orders::SendOrderEmail($order_number, 'accepted', $objLogin->GetLoggedID())) {
// OK
} else {
//$this->message = draw_success_message(_ORDER_SEND_MAIL_ERROR, false);
}
return true;
} else {
self::$message = _ORDER_ERROR;
return false;
}
}
/**
* Draws article comments
* @param $article_id
* @param $draw
*/
public function DrawArticleComments($article_id = '', $draw = true)
{
if (!$article_id) {
return '';
}
global $objLogin;
$delete_pending_time = ModulesSettings::Get('comments', 'delete_pending_time');
$user_type = ModulesSettings::Get('comments', 'user_type');
$comment_length = ModulesSettings::Get('comments', 'comment_length');
$image_verification = ModulesSettings::Get('comments', 'image_verification_allow');
$comments_on_page = ModulesSettings::Get('comments', 'page_size');
$is_published = ModulesSettings::Get('comments', 'pre_moderation_allow') == 'yes' ? '0' : '1';
if ($image_verification == 'yes') {
include_once 'modules/captcha/securimage.php';
$objImg = new Securimage();
}
//echo '<pre>';
//print_r($_SERVER);
//echo '</pre>';
$task = isset($_POST['task']) ? prepare_input($_POST['task']) : '';
$comment_id = isset($_POST['comment_id']) ? (int) $_POST['comment_id'] : '';
$init_state = 'closed';
$user_id = isset($_POST['user_id']) ? (int) $_POST['user_id'] : '';
$user_name = isset($_POST['comment_user_name']) ? prepare_input($_POST['comment_user_name']) : '';
$user_email = isset($_POST['comment_user_email']) ? prepare_input($_POST['comment_user_email']) : '';
$comment_text = isset($_POST['comment_text']) ? prepare_input($_POST['comment_text']) : '';
$captcha_code = isset($_POST['captcha_code']) ? prepare_input($_POST['captcha_code']) : '';
$msg = '';
$task_completed = false;
$focus_field = '';
$current_page = isset($_GET['p']) ? abs((int) $_GET['p']) : '1';
if ($task == 'publish_comment') {
$init_state = 'opened';
if ($user_name == '') {
$msg = draw_important_message(_USERNAME_EMPTY_ALERT, false);
$focus_field = 'comment_user_name';
} else {
if (!check_email_address($user_email) && !$objLogin->IsLoggedInAs($this->user_type_name)) {
$msg = draw_important_message(_EMAIL_IS_WRONG, false);
$focus_field = 'comment_user_email';
} else {
if ($comment_text == '') {
$msg = draw_important_message(_MESSAGE_EMPTY_ALERT, false);
$focus_field = 'comment_text';
} else {
if ($comment_text != '' && strlen($comment_text) > $comment_length) {
$msg = draw_important_message(str_replace('_LENGTH_', $comment_length, _COMMENT_LENGTH_ALERT), false);
$focus_field = 'comment_text';
} else {
if ($image_verification == 'yes' && !$objImg->check($captcha_code)) {
$msg = draw_important_message(_WRONG_CODE_ALERT, false);
$focus_field = 'captcha_code';
} else {
// Block operation in demo mode
if (strtolower(SITE_MODE) == 'demo') {
$msg = draw_important_message(_OPERATION_BLOCKED, false);
} else {
if ($objLogin->IpAddressBlocked(get_current_ip())) {
$msg = draw_important_message(_IP_ADDRESS_BLOCKED, false);
} else {
if ($objLogin->EmailBlocked($user_email)) {
$msg = draw_important_message(_EMAIL_BLOCKED, false);
} else {
$sql = 'INSERT INTO ' . TABLE_COMMENTS . '(
id,
article_id,
user_id,
user_name,
user_email,
comment_text,
date_created,
date_published,
is_published
)VALUES(
NULL,
' . (int) $article_id . ',
' . (int) $user_id . ',
\'' . encode_text($user_name) . '\',
\'' . encode_text($user_email) . '\',
\'' . encode_text(strip_tags($comment_text, '<b><i><u><br>')) . '\',
\'' . date('Y-m-d H:i:s') . '\',
\'' . ($is_published == '1' ? date('Y-m-d H:i:s') : '0000-00-00 00:00:00') . '\',
\'' . $is_published . '\'
)';
if (database_void_query($sql)) {
if ($is_published == '1') {
$msg = draw_success_message(_COMMENT_POSTED_SUCCESS, false);
} else {
$msg = draw_success_message(_COMMENT_SUBMITTED_SUCCESS, false);
}
$task_completed = true;
} else {
$msg = draw_important_message(_TRY_LATER, false);
}
}
}
}
}
}
}
}
}
} else {
if ($task == 'delete_comment') {
$init_state = 'opened';
$sql = 'DELETE FROM ' . $this->tableName . '
WHERE TIMESTAMPDIFF(MINUTE, date_published, \'' . date('Y-m-d H:i:s') . '\') < ' . $delete_pending_time . ' AND
id = ' . (int) $comment_id;
if (database_void_query($sql)) {
$msg = draw_success_message(_COMMENT_DELETED_SUCCESS, false);
} else {
$msg = draw_important_message(_TRY_LATER, false);
}
}
}
// -------- pagination
$total_comments = 0;
$page_size = $comments_on_page;
$sql = 'SELECT COUNT(*) as cnt FROM ' . TABLE_COMMENTS . ' WHERE is_published = 1 AND article_id = ' . (int) $article_id;
$comments_result = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY);
$total_comments = $comments_result['cnt'];
$total_pages = (int) ($total_comments / $page_size);
if ($current_page > $total_pages + 1) {
$current_page = 1;
}
if ($total_comments % $page_size != 0) {
$total_pages++;
}
if ($task_completed) {
$current_page = $total_pages;
}
if (!is_numeric($current_page) || (int) $current_page <= 0) {
$current_page = 1;
}
$start_row = ($current_page - 1) * $page_size;
if (isset($_GET['p'])) {
$init_state = 'opened';
}
// --------
$sql = 'SELECT *
FROM ' . TABLE_COMMENTS . '
WHERE article_id = ' . (int) $article_id . ' AND is_published = 1
ORDER BY date_published ASC
LIMIT ' . $start_row . ', ' . $page_size;
$result = database_query($sql, DATA_AND_ROWS);
$output = '<script type="text/javascript">function deleteComment(cid) {
if(confirm(\'' . _PERFORM_OPERATION_COMMON_ALERT . '\')){
jQuery(\'#comment_task\').val(\'delete_comment\');
jQuery(\'#comment_id\').val(cid);
jQuery(\'#frmComments\').submit();
return true;
}
return false;
} </script>';
$output .= '<div id="commentsLink"><a href="javascript:void(0);" onclick="javascript:jQuery(\'#commentsWrapper\').slideToggle(\'fast\');">' . str_replace('_COUNT_', $total_comments, _COMMENTS_LINK) . '</a><br /><br /></div>';
$output .= '<div id="commentsWrapper" style="display:' . ($init_state == 'opened' ? '' : 'none') . ';">';
$output .= '<div id="commentsPublished">';
if ($result[1] > 0) {
for ($i = 0; $i < $result[1]; $i++) {
$output .= '<div class="comment">';
$output .= '<div class="comment_user_name"><b>' . $result[0][$i]['user_name'] . '</b> ' . _SAID . '...</div>';
$output .= '<div class="comment_test">' . $result[0][$i]['comment_text'] . '</div>';
$output .= '<div class="comment_date">';
if ($result[0][$i]['user_id'] == $objLogin->GetLoggedID() && floor(time_diff(date('Y-m-d H:i:s'), $result[0][$i]['date_published']) / 60) < $delete_pending_time) {
$output .= '<img src="images/published_x.gif" alt="" style="cursor:pointer;margin-bottom:-3px;margin-right:3px;" onclick="deleteComment(\'' . $result[0][$i]['id'] . '\');">';
}
$output .= '<i>' . _PUBLISHED . ': ' . format_datetime($result[0][$i]['date_published']) . '</i></div>';
$output .= '</div>';
}
// draw pagination links
if ($total_pages > 1) {
$output .= '<div class="paging">';
for ($page_ind = 1; $page_ind <= $total_pages; $page_ind++) {
$output .= prepare_permanent_link('index.php?page=' . Application::Get('page') . '&pid=' . Application::Get('page_id') . '&p=' . $page_ind, $page_ind == $current_page ? '<b>[' . $page_ind . ']</b>' : $page_ind, '', 'paging_link') . ' ';
}
$output .= '</div>';
}
} else {
$output .= '<div class="comment">';
$output .= '<b>' . _NO_COMMENTS_YET . '</b><br /><br />';
$output .= '</div>';
}
$output .= '</div>';
$output .= $msg != '' ? $msg . '<br />' : '';
if ($user_type == 'registered' && !$objLogin->IsLoggedInAs($this->user_type_name)) {
$output .= draw_message(_POST_COM_REGISTERED_ALERT, false);
} else {
$output .= $this->DrawCommentsForm($article_id, $image_verification, $focus_field, $task_completed, false);
}
$output .= '</div>';
if ($draw) {
echo $output;
} else {
return $output;
}
}
/**
* Send forgotten password
* @param $email
*/
public function SendPassword($email)
{
global $objSettings;
$lang = Application::Get('lang');
// deny all operations in demo version
if (strtolower(SITE_MODE) == 'demo') {
$this->error = _OPERATION_BLOCKED;
return false;
}
if (!empty($email)) {
if (check_email_address($email)) {
if (!PASSWORDS_ENCRYPTION) {
$sql = 'SELECT id, first_name, last_name, user_name, password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1';
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') {
$sql = 'SELECT id, first_name, last_name, user_name, AES_DECRYPT(password, ' . quote_text(PASSWORDS_ENCRYPT_KEY) . ') as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1';
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') {
$sql = 'SELECT id, first_name, last_name, user_name, \'\' as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text($email) . ' AND is_active = 1';
}
}
}
$temp = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY);
if (is_array($temp) && count($temp) > 0) {
//////////////////////////////////////////////////////////////////
if (!PASSWORDS_ENCRYPTION) {
$password = $temp['password'];
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') {
$password = $temp['password'];
} else {
if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') {
$password = get_random_string(8);
$sql = 'UPDATE ' . TABLE_ACCOUNTS . ' SET password = '******' WHERE id = ' . (int) $temp['id'];
database_void_query($sql);
}
}
}
send_email($email, $objSettings->GetParameter('admin_email'), 'password_forgotten', array('{FIRST NAME}' => $temp['first_name'], '{LAST NAME}' => $temp['last_name'], '{USER NAME}' => $temp['user_name'], '{USER PASSWORD}' => $password, '{BASE URL}' => APPHP_BASE, '{WEB SITE}' => $_SERVER['SERVER_NAME'], '{YEAR}' => date('Y')), $temp['preferred_language']);
//////////////////////////////////////////////////////////////////
return true;
} else {
$this->error = _EMAIL_NOT_EXISTS;
return false;
}
} else {
$this->error = _EMAIL_IS_WRONG;
return false;
}
} else {
$this->error = _EMAIL_EMPTY_ALERT;
return false;
}
return true;
}
/**
* Remove very old inquiries
*/
public static function RemoveOld()
{
$keep_history_days = ModulesSettings::Get('inquiries', 'keep_history_days');
$sql = 'DELETE FROM ' . TABLE_INQUIRIES_REPLIES . '
WHERE DATEDIFF(\'' . date('Y-m-d H:i:s') . '\', ' . TABLE_INQUIRIES_REPLIES . '.date_added) > ' . (int) $keep_history_days;
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_INQUIRIES_HISTORY . '
WHERE DATEDIFF(\'' . date('Y-m-d H:i:s') . '\', ' . TABLE_INQUIRIES_HISTORY . '.date_added) > ' . (int) $keep_history_days;
database_void_query($sql);
$sql = 'DELETE FROM ' . TABLE_INQUIRIES . '
WHERE DATEDIFF(\'' . date('Y-m-d H:i:s') . '\', ' . TABLE_INQUIRIES . '.date_created) > ' . (int) $keep_history_days;
database_void_query($sql);
}
/**
* Set orders for specific customer
* @param $customer_id
* @param $operation
*/
public static function SetOrdersForCustomer($customer_id = 0, $operation = '')
{
$sql = 'UPDATE ' . TABLE_CUSTOMERS . ' ';
if ($operation == '+') {
$sql .= 'SET orders_count = orders_count + 1 ';
} else {
$sql .= 'SET orders_count = IF(orders_count > 0, orders_count - 1, 0) ';
}
$sql .= 'WHERE id = ' . (int) $customer_id;
database_void_query($sql);
}
/**
* Updates listings count for all categories
* @param $parent_id
*/
public static function RecalculateListingsCount($parent_id = 0)
{
if (strtolower(SITE_MODE) == 'demo') {
self::$static_error = _OPERATION_BLOCKED;
return false;
}
$sql = 'SELECT id, parent_id FROM ' . TABLE_CATEGORIES . ' WHERE parent_id = ' . (int) $parent_id;
$result = database_query($sql, DATA_AND_ROWS, ALL_ROWS);
$count = 0;
$count_public = 0;
$total_listings = array('count' => 0, 'count_public' => 0);
$current_listings = array('count' => 0, 'count_public' => 0);
$child_listings = array('count' => 0, 'count_public' => 0);
for ($i = 0; $i < $result[1]; $i++) {
$child_listings = self::RecalculateListingsCount($result[0][$i]['id']);
$sql = 'SELECT
COUNT(*) as cnt,
SUM(IF(' . TABLE_LISTINGS . '.access_level = "public", 1, 0)) as cnt_public
FROM ' . TABLE_LISTINGS . '
INNER JOIN ' . TABLE_LISTINGS_CATEGORIES . ' ON ' . TABLE_LISTINGS . '.id = ' . TABLE_LISTINGS_CATEGORIES . '.listing_id
WHERE
' . TABLE_LISTINGS . '.is_published = 1 AND
(' . TABLE_LISTINGS . '.finish_publishing = "0000-00-00 00:00:00" OR ' . TABLE_LISTINGS . '.finish_publishing > "' . date('Y-m-d H:i:s') . '") AND
' . TABLE_LISTINGS_CATEGORIES . '.category_id = ' . (int) $result[0][$i]['id'];
$res = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY);
$current_listings['count'] = isset($res['cnt']) ? $res['cnt'] : 0;
$current_listings['count_public'] = isset($res['cnt_public']) ? $res['cnt_public'] : 0;
$count = $current_listings['count'] + $child_listings['count'];
$count_public = $current_listings['count_public'] + $child_listings['count_public'];
$sql = 'UPDATE ' . TABLE_CATEGORIES . '
SET listings_count = ' . (int) $count . ',
listings_count_public = ' . (int) $count_public . '
WHERE id = ' . (int) $result[0][$i]['id'];
database_void_query($sql);
$total_listings['count'] += $count;
$total_listings['count_public'] += $count_public;
}
if (mysql_error() != '') {
self::$static_error = _TRY_LATER;
return 0;
} else {
return $total_listings;
/// ($total_listings['count'] > 0 || $total_listings['count_public'] > 0)
/// return true;
}
}
/**
* After-deleting operations
*/
public function AfterDeleteRecord()
{
$sql = 'DELETE FROM ' . TABLE_FAQ_CATEGORY_ITEMS . ' WHERE category_id = ' . (int) $this->curRecordId;
database_void_query($sql);
}
/**
* After-Deleting - delete album descriptions from description table
*/
public function AfterDeleteRecord()
{
$sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUMS_DESCRIPTION . ' WHERE gallery_album_id = ' . (int) $this->curRecordId;
database_void_query($sql);
if ($this->curAlbumCode != '') {
$sql = 'SELECT id, album_code, item_file, item_file_thumb, priority_order, is_active
FROM ' . TABLE_GALLERY_ALBUM_ITEMS . '
WHERE album_code = \'' . $this->curAlbumCode . '\'';
$result = database_query($sql, DATA_AND_ROWS, ALL_ROWS);
if ($result[1] > 0) {
for ($i = 0; $i < $result[1]; $i++) {
if ($this->curAlbumType == 'images') {
unlink('images/gallery/' . $result[0][$i]['item_file']);
unlink('images/gallery/' . $result[0][$i]['item_file_thumb']);
}
$sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUM_ITEMS_DESCRIPTION . ' WHERE gallery_album_item_id = ' . (int) $result[0][$i]['id'];
database_void_query($sql);
}
$sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUM_ITEMS . ' WHERE album_code = \'' . $this->curAlbumCode . '\'';
database_void_query($sql);
return true;
}
}
return false;
}
/**
* Set sql_mode
*/
function set_sql_mode()
{
database_void_query('SET sql_mode = ""');
}
/**
* Update table
*/
public function Update($rid = '', $params = array())
{
if ($rid = '') {
return false;
}
$sql = 'UPDATE `' . $this->tableName . '` SET ';
$fields_count = 0;
foreach ($params as $key => $val) {
if ($fields_count++ > 0) {
$sql .= ',';
}
$sql .= '`' . $key . '` = ' . mysql_real_escape_string($val);
}
$sql .= ' WHERE `' . $this->primaryKey . '`=' . (int) $rid;
if (!database_void_query($sql)) {
return false;
} else {
return true;
}
}
/**
* Execute SqlDump
* @param $restore_query - resore query or list of queries
*/
private function ExecuteSqlDump($restore_query)
{
$nl = "\n";
$sql_array = array();
$sql_length = strlen($restore_query);
$pos = strpos($restore_query, ';');
for ($i = $pos; $i < $sql_length; $i++) {
if ($restore_query[0] == '#') {
$restore_query = ltrim(substr($restore_query, strpos($restore_query, $nl)));
$sql_length = strlen($restore_query);
$i = strpos($restore_query, ';') - 1;
continue;
}
if ($restore_query[$i + 1] == $nl) {
for ($j = $i + 2; $j < $sql_length; $j++) {
if (trim($restore_query[$j]) != '') {
$next = substr($restore_query, $j, 6);
if ($next[0] == '#') {
// remove line where the break position (#comment line)
for ($k = $j; $k < $sql_length; $k++) {
if ($restore_query[$k] == $nl) {
break;
}
}
$query = substr($restore_query, 0, $i + 1);
$restore_query = substr($restore_query, $k);
// join 2 parts of query
$restore_query = $query . $restore_query;
$sql_length = strlen($restore_query);
$i = strpos($restore_query, ';') - 1;
continue 2;
}
break;
}
}
if ($next == '') {
// get last insert query
$next = 'insert';
}
if (preg_match('/create/i', $next) || preg_match('/insert/i', $next) || preg_match('/drop t/i', $next)) {
$next = '';
$sql_array[] = substr($restore_query, 0, $i);
$restore_query = ltrim(substr($restore_query, $i + 1));
$sql_length = strlen($restore_query);
$i = strpos($restore_query, ';') - 1;
}
}
}
for ($i = 0; $i < sizeof($sql_array); $i++) {
if (!@database_void_query($sql_array[$i])) {
///echo $sql_array[$i].mysql_error();
return false;
}
}
return true;
}
/**
* After addition record
*/
public function AfterInsertRecord()
{
global $objSettings, $objLogin;
$maximum_replies = ModulesSettings::Get('inquiries', 'maximum_replies');
// increase by 1 a number of replies and update is_active field
$sql = 'UPDATE ' . TABLE_INQUIRIES . '
SET replies_count = replies_count + IF(replies_count < ' . (int) $maximum_replies . ', 1, 0),
is_active = IF(replies_count > (' . (int) $maximum_replies . ' - 1), 0, 1)
WHERE id = ' . (int) $this->params['inquiry_id'];
database_void_query($sql);
$objInquiries = Inquiries::Instance();
$inquiry_info = $objInquiries->GetInfoByID($this->params['inquiry_id']);
$visitor_email = isset($inquiry_info['email']) ? $inquiry_info['email'] : '';
$visitor_name = isset($inquiry_info['name']) ? $inquiry_info['name'] : '';
$reply_details = _MESSAGE . ':';
$reply_details .= '<br>-----------<br>';
$reply_details .= $this->params['message'];
$reply_details .= '<br><br>';
$reply_details .= _CUSTOMER_DETAILS . ':';
$reply_details .= '<br>-----------<br>';
$reply_details .= _FIRST_NAME . ': ' . $objLogin->GetLoggedFirstName() . '<br>';
$reply_details .= _LAST_NAME . ': ' . $objLogin->GetLoggedLastName() . '<br>';
$reply_details .= _EMAIL . ': ' . $objLogin->GetLoggedEmail() . '<br>';
// send inquiry reply to visitor
send_email($visitor_email, $objSettings->GetParameter('admin_email'), 'inquiry_reply', array('{FIRST NAME}' => '', '{LAST NAME}' => $visitor_name, '{REPLY DETAILS}' => $reply_details, '{WEB SITE}' => $_SERVER['SERVER_NAME'], '{BASE URL}' => APPHP_BASE));
}
/**
* Deletes menu
* @param $menu_id - menu ID
* @param $menu_order
*/
public function MenuDelete($menu_id = '0', $menu_order = '0')
{
// Block operation in demo mode
if (strtolower(SITE_MODE) == 'demo') {
$this->error = _OPERATION_BLOCKED;
return false;
}
$sql = 'SELECT language_id FROM ' . TABLE_MENUS . ' WHERE id = ' . (int) $menu_id;
if ($menu = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY)) {
$sql = 'DELETE FROM ' . TABLE_MENUS . ' WHERE id = ' . (int) $menu_id;
if (database_void_query($sql)) {
$sql = 'UPDATE ' . TABLE_MENUS . ' SET menu_order = menu_order - 1 WHERE language_id = \'' . $menu['language_id'] . '\' AND menu_order > ' . (int) $menu_order;
if (database_void_query($sql)) {
return true;
}
}
}
return false;
}
$message .= 'Possible Attempt of Hack Attack? ' . "<br />\n";
$message .= 'Please check this order: ' . "<br />\n";
$message .= 'Order Price: ' . $result[0]['total_price'] . "<br />\n";
$message .= 'Payment Processing Gross Price: ' . $total . "<br />\n";
write_log($message);
break;
}
$sql = 'UPDATE ' . TABLE_ORDERS . ' SET
status = 2,
transaction_number = \'' . $transaction_number . '\',
payment_date = \'' . date('Y-m-d H:i:s') . '\',
status_changed = \'' . date('Y-m-d H:i:s') . '\',
payment_type = 1,
payment_method = ' . $payment_method . '
WHERE order_number = \'' . $order_number . '\'';
if (database_void_query($sql)) {
// update customer orders/listings amount
Customers::SetOrdersForCustomer($result[0]['customer_id'], '+');
Customers::SetListingsForCustomer($result[0]['customer_id'], $result[0]['advertise_plan_id'], $result[0]['listings_amount'], '+');
// send email to customer
if (Orders::SendOrderEmail($order_number, 'completed', $result[0]['customer_id'])) {
write_log($sql, _ORDER_PLACED_MSG);
} else {
write_log($sql, _ORDER_ERROR);
}
} else {
write_log($sql, mysql_error());
}
} else {
write_log($sql, 'Error: no records found. ' . mysql_error());
}
/**
* Searchs in pages by keyword
* @param $keyword - keyword
* @param $page
* @param $search_in
*/
public function SearchBy($keyword, $page = 1, $search_in = 'listings')
{
$lang_id = Application::Get('lang');
$order_by_clause = 'ASC';
if ($search_in == 'news') {
$sql = 'SELECT
CONCAT(\'page=news&nid=\', id) as url,
header_text as title,
body_text as text,
\'article\' as content_type,
\'\' as link_url
FROM ' . TABLE_NEWS . ' n
WHERE
language_id = \'' . $lang_id . '\' AND
(
header_text LIKE \'%' . encode_text($keyword) . '%\' OR
body_text LIKE \'%' . encode_text($keyword) . '%\'
)';
$order_field = 'n.id';
} else {
if ($search_in == 'pages') {
$sql = 'SELECT
CONCAT(\'page=pages&pid=\', id) as url,
page_title as title,
page_text as text,
content_type,
link_url
FROM ' . TABLE_PAGES . ' p
WHERE
language_id = \'' . $lang_id . '\' AND
is_published = 1 AND
show_in_search = 1 AND
is_removed = 0 AND
(finish_publishing = \'0000-00-00\' OR finish_publishing >= \'' . date('Y-m-d') . '\') AND
(
page_title LIKE \'%' . encode_text($keyword) . '%\' OR
page_text LIKE \'%' . encode_text($keyword) . '%\'
)';
$order_field = 'p.id';
} else {
$sel_categories = isset($_POST['sel_categories']) ? (int) $_POST['sel_categories'] : '';
$sel_listings_locations = isset($_POST['sel_listings_locations']) ? prepare_input($_POST['sel_listings_locations']) : '';
$sel_listings_sub_locations = isset($_POST['sel_listings_sub_locations']) ? prepare_input($_POST['sel_listings_sub_locations']) : '';
$sel_view = isset($_POST['sel_view']) ? prepare_input($_POST['sel_view']) : '';
$sel_sortby = isset($_POST['sel_sortby']) ? prepare_input($_POST['sel_sortby']) : '';
$order_by_clause = isset($_POST['sel_orderby']) ? prepare_input($_POST['sel_orderby']) : 'ASC';
$chk_with_images = isset($_POST['chk_with_images']) ? prepare_input($_POST['chk_with_images']) : '';
// 'listings' or 'empty'
$sql = 'SELECT
CONCAT(\'page=listing&lid=\', l.id) as url,
ld.business_name as title,
ld.business_description as text,
\'article\' as content_type,
\'\' as link_url
' . ($chk_with_images == '1' ? ', l.image_file_thumb' : '') . '
FROM ' . TABLE_LISTINGS . ' l
' . ($sel_categories != '' ? 'LEFT OUTER JOIN ' . TABLE_LISTINGS_CATEGORIES . ' lc ON l.id = lc.listing_id' : '') . '
LEFT OUTER JOIN ' . TABLE_LISTINGS_DESCRIPTION . ' ld ON l.id = ld.listing_id
WHERE
l.is_published = 1 AND
ld.language_id = \'' . $lang_id . '\' AND
' . ($sel_categories != '' ? 'lc.category_id = \'' . $sel_categories . '\' AND ' : '') . '
' . ($sel_listings_locations != '' ? 'l.listing_location_id = \'' . $sel_listings_locations . '\' AND ' : '') . '
' . ($sel_listings_sub_locations != '' ? 'l.listing_sub_location_id = \'' . $sel_listings_sub_locations . '\' AND ' : '') . '
' . ($sel_view == '1' ? ' l.date_published LIKE \'%' . date('Y-m-d') . '%\' AND ' : '') . '
' . ($sel_view == '2' ? ' l.date_published LIKE \'%' . date('Y-m-d', strtotime('-1 day')) . '%\' AND ' : '') . '
' . ($sel_view == '3' ? ' l.date_published >= \'%' . date('Y-m-d', strtotime('-7 days')) . '%\' AND ' : '') . '
' . ($chk_with_images == '1' ? ' (l.image_file != \'\') AND' : '') . '
(
' . (!empty($keyword) ? 'l.keywords LIKE \'%,' . encode_text($keyword) . '%\' OR
l.keywords LIKE \'%' . encode_text($keyword) . ',%\' OR
ld.business_name LIKE \'%' . encode_text($keyword) . '%\' OR
ld.business_address LIKE \'%' . encode_text($keyword) . '%\' OR
ld.business_description LIKE \'%' . encode_text($keyword) . '%\'' : '1=1') . '
)';
$order_field = 'l.id';
if ($sel_sortby == '0') {
$order_field = 'l.date_published';
}
}
}
if (!is_numeric($page) || (int) $page <= 0) {
$page = 1;
}
$this->totalSearchRecords = (int) database_query($sql, ROWS_ONLY);
$total_pages = (int) ($this->totalSearchRecords / $this->pageSize);
if ($this->totalSearchRecords % $this->pageSize != 0) {
$total_pages++;
}
$start_row = ($page - 1) * $this->pageSize;
$result = database_query($sql . ' ORDER BY ' . $order_field . ' ' . $order_by_clause . ' LIMIT ' . $start_row . ', ' . $this->pageSize, DATA_AND_ROWS);
// update search results table
if (strtolower(SITE_MODE) != 'demo' && $result[1] > 0) {
$sql = 'INSERT INTO ' . TABLE_SEARCH_WORDLIST . ' (word_text, word_count) VALUES (\'' . $keyword . '\', 1) ON DUPLICATE KEY UPDATE word_count = word_count + 1';
database_void_query($sql);
// store table contains up to 1000 records
$sql = 'SELECT id, COUNT(*) as cnt FROM ' . TABLE_SEARCH_WORDLIST . ' ORDER BY word_count ASC';
$res1 = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY);
if ($res1[1] > 0 && $res1[0]['cnt'] > 1000) {
$sql = 'DELETE FROM ' . TABLE_SEARCH_WORDLIST . ' WHERE id = ' . (int) $res1[0]['id'];
database_void_query($sql);
}
}
return $result;
}
