function edit_user($user_id)
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/user.inc.php';
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/listing_editor.inc.php';
$listing = new listing_editor();
$display = '';
// Set Variable to hold errors
// Verify ID is Numeric
if (!is_numeric($user_id)) {
return $lang['user_manager_invalid_user_id'];
}
// Admins can edit any user. Anyone can edit there own information.
if (($_SESSION['admin_privs'] == 'yes' || $_SESSION['edit_all_users'] == 'yes') && $user_id != '') {
$security = login::loginCheck('Admin', true);
if ($security === true) {
$sql_edit = intval($user_id);
$raw_id = $user_id;
} else {
$user_type = user::get_user_type($user_id);
if ($user_type === admin) {
// Agents cannot edit Admin account
return $lang['user_manager_permission_denied'];
} else {
$sql_edit = intval($user_id);
$raw_id = $user_id;
}
}
} elseif ($_SESSION['admin_privs'] == 'yes' && $user_id == '' || $_SESSION['userID'] == $user_id) {
$sql_edit = intval($_SESSION['userID']);
$raw_id = intval($_SESSION['userID']);
} else {
return $lang['user_manager_permission_denied'];
}
// $raw_id = $misc->make_db_unsafe($sql_edit);
// Save any Changes that were posted
if (isset($_POST['edit'])) {
$display .= user_managment::update_user($raw_id);
if (isset($_POST['edit_listing_active']) && $_POST['edit_listing_active'] != "") {
$display .= $listing->update_active_status($raw_id, $_POST['edit_listing_active']);
}
}
//Blog Permissions
$blog_perm[1] = $lang['blog_perm_subscriber'];
$blog_perm[2] = $lang['blog_perm_contributor'];
$blog_perm[3] = $lang['blog_perm_author'];
$blog_perm[4] = $lang['blog_perm_editor'];
// Show Account Edit Form
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
$display .= '<table width="600" border="0" align="center" cellpadding="0" cellspacing="0"><tr><td>';
$display .= '<table class="edit_users">';
$display .= '<tr><td colspan="2"><h3>' . $lang['user_manager_edit_user'] . '</h3></td></tr>';
$display .= '<tr>';
$display .= '<td valign="top" align="center">';
$display .= '<strong>' . $lang['images'] . '</strong>';
$display .= '<br />';
$display .= '<hr width="75%" />';
$display .= '<form action="' . $config['baseurl'] . '/admin/index.php?action=edit_user_images" method="post" name="edit_user_images"><input type="hidden" name="edit" value="' . $raw_id . '" /><a href="javascript:document.edit_user_images.submit()">' . $lang['edit_images'] . '</a></form>';
// Show User Images
$sql = 'SELECT userimages_caption, userimages_file_name, userimages_thumb_file_name FROM ' . $config['table_prefix'] . 'userimages WHERE userdb_id = ' . $sql_edit;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$caption = $misc->make_db_unsafe($recordSet->fields['userimages_caption']);
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['userimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['userimages_file_name']);
// gotta grab the image size
$imagedata = GetImageSize($config['user_upload_path'] . '/' . $thumb_file_name);
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
$shrinkage = $config['thumbnail_width'] / $imagewidth;
$displaywidth = $imagewidth * $shrinkage;
$displayheight = $imageheight * $shrinkage;
$display .= '<a href="' . $config['user_view_images_path'] . '/' . $file_name . '" target="_thumb"> ';
$display .= '<img src="' . $config['user_view_images_path'] . '/' . $thumb_file_name . '" height="' . $displayheight . '" width="' . $displaywidth . '" /></a><br /> ';
$display .= '<strong>' . $caption . '</strong><br /><br />';
$recordSet->MoveNext();
}
// end while
$display .= '</td>';
// Place the Files list and edit files link on the edit user profile page if they are allowed to have files.
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") {
$display .= '<td valign="top" align="center" class="row_main">';
$display .= '<b>' . $lang['files'] . '</b>';
$display .= '<br />';
$display .= '<hr width="75%" />';
$display .= '<form action="index.php?action=edit_user_files" method="post" name="edit_user_files"><input type="hidden" name="edit" value="' . intval($_GET['edit']) . '" /><a href="javascript:document.edit_user_files.submit()">' . $lang['edit_files'] . '</a></form>';
$display .= '<br />';
$sql = "SELECT usersfiles_id, usersfiles_caption, usersfiles_file_name FROM " . $config['table_prefix'] . "usersfiles WHERE (userdb_id = {$sql_edit})";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$caption = $misc->make_db_unsafe($recordSet->fields['usersfiles_caption']);
$file_name = $misc->make_db_unsafe($recordSet->fields['usersfiles_file_name']);
$file_id = $misc->make_db_unsafe($recordSet->fields['usersfiles_id']);
$iconext = substr(strrchr($file_name, '.'), 1);
$iconpath = $config["file_icons_path"] . '/' . $iconext . '.png';
if (file_exists($iconpath)) {
$icon = $config["listings_view_file_icons_path"] . '/' . $iconext . '.png';
} else {
$icon = $config["listings_view_file_icons_path"] . '/default.png';
}
//
$file_download_url = 'index.php?action=create_download&ID=' . $sql_edit . '&file_id=' . $file_id . '&type=user';
$display .= '<a href="' . $config['baseurl'] . '/' . $file_download_url . '" target="_thumb">';
$display .= '<img src="' . $icon . '" height="' . $config["file_icon_height"] . '" width="' . $config["file_icon_width"] . '" alt="' . $file_name . '" /><br />';
$display .= '<strong>' . $file_name . '</strong></a><br />';
$display .= '<strong>' . $caption . '</strong><br /><br />';
$recordSet->MoveNext();
}
// end while
$display .= '</td>';
}
$display .= '<td valign="top" class="row_main">';
// first, grab the user's main info
$sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_edit;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
// collect up the main DB's various fields
$_POST['edit_user_name'] = $misc->make_db_unsafe($recordSet->fields['userdb_user_name']);
$edit_emailAddress = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']);
// $edit_comments = $misc->make_db_unsafe ($recordSet->fields['userdb_comments']);
$edit_firstname = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
$edit_lastname = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
$edit_active = $recordSet->fields['userdb_active'];
$edit_isAgent = $recordSet->fields['userdb_is_agent'];
$edit_isAdmin = $recordSet->fields['userdb_is_admin'];
$edit_limitListings = $recordSet->fields['userdb_limit_listings'];
$edit_limitFeaturedListings = $recordSet->fields['userdb_featuredlistinglimit'];
$edit_userRank = $recordSet->fields['userdb_rank'];
$edit_canEditAllListings = $recordSet->fields['userdb_can_edit_all_listings'];
$edit_canEditAllUsers = $recordSet->fields['userdb_can_edit_all_users'];
$edit_canEditSiteConfig = $recordSet->fields['userdb_can_edit_site_config'];
$edit_canEditMemberTemplate = $recordSet->fields['userdb_can_edit_member_template'];
$edit_canEditAgentTemplate = $recordSet->fields['userdb_can_edit_agent_template'];
$edit_canEditListingTemplate = $recordSet->fields['userdb_can_edit_listing_template'];
$edit_canExportListings = $recordSet->fields['userdb_can_export_listings'];
$edit_canEditListingExpiration = $recordSet->fields['userdb_can_edit_expiration'];
$edit_canEditPropertyClasses = $recordSet->fields['userdb_can_edit_property_classes'];
$edit_canModerate = $recordSet->fields['userdb_can_moderate'];
$edit_canViewLogs = $recordSet->fields['userdb_can_view_logs'];
$edit_canVtour = $recordSet->fields['userdb_can_have_vtours'];
$edit_canFiles = $recordSet->fields['userdb_can_have_files'];
$edit_canUserFiles = $recordSet->fields['userdb_can_have_user_files'];
$edit_canFeatureListings = $recordSet->fields['userdb_can_feature_listings'];
$edit_canPages = $recordSet->fields['userdb_can_edit_pages'];
$edit_BlogPrivileges = $recordSet->fields['userdb_blog_user_type'];
$last_modified = $recordSet->UserTimeStamp($recordSet->fields['userdb_last_modified'], $config["date_format_timestamp"]);
$edit_canManageAddons = $recordSet->fields['userdb_can_manage_addons'];
$recordSet->MoveNext();
}
// end while
// now, display all that stuff
$display .= '<form name="updateUser" action="index.php?action=user_manager&edit=' . $raw_id . '" method="post">';
$display .= '<input type="hidden" name="edit" value="' . $raw_id . '" />';
$display .= '<table class="edit_users"><tr><td>';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_name'] . ':</strong></td><td align="left" class="row_main">' . $_POST['edit_user_name'] . '</td></tr>';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_first_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_first_name" value="' . $edit_firstname . '" /> ';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_last_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_last_name" value="' . $edit_lastname . '" /> ';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['last_modified'] . ':</strong></td><td align="left">' . $last_modified . '</td></tr>';
if ($config["demo_mode"] != 1 || $_SESSION['admin_privs'] == 'yes') {
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="password" name="edit_user_pass" /></td></tr>';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ' (' . $lang['again'] . ') <span class="required">*</span></strong> </td><td align="left" class="row_main"> <input type="password" name="edit_user_pass2" /></td></tr>';
} else {
$display .= '<input type="hidden" name="edit_user_pass" value="">';
$display .= '<input type="hidden" name="edit_user_pass2" value="">';
}
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_email'] . ': <span class="required">*</span></strong><br />' . $lang['email_not_displayed'] . '</td><td align="left" class="row_main"> <input type="text" name="user_email" value="' . $edit_emailAddress . '" /> ';
if ($_SESSION['admin_privs'] == 'yes') {
// if the user is an admin, they can set additional properties about a given user
// is the user active?
$display .= "<tr><td align=right><b>{$lang['user_manager_is_user_active']}: </b></td>";
$display .= "<td align=left><select name=\"edit_active\" size=\"1\" ";
if ($edit_isAgent == 'yes') {
$display .= "onchange=\"listing_change_confirm(this.form.edit_active)\"";
}
$display .= "><option value=\"{$edit_active}\">{$edit_active}<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select><input type=\"hidden\" name=\"edit_listing_active\" value=\"\" /></td></tr>";
// is the user an administrator?
$display .= "<tr><td align=right><b>{$lang['user_manager_is_an_admin']}: </b></td>";
$display .= "<td align=left>{$edit_isAdmin}</td></tr>";
$display .= "<input type=\"hidden\" name=\"edit_isAdmin\" value=\"" . $edit_isAdmin . "\" />";
// is the user an agent?
$display .= "<tr><td align=right><b>{$lang['user_manager_is_an_agent']}: </b></td>";
$display .= "<td align=left>{$edit_isAgent}</td></tr>";
$display .= "<input type=\"hidden\" name=\"edit_isAgent\" value=\"" . $edit_isAgent . "\" />";
if ($edit_isAgent == 'yes' || $edit_isAdmin == 'yes') {
// limit # of listings?
$display .= '<tr><td align=right><b>' . $lang['user_manager_limitListings'] . ': </b></td>';
$display .= '<td align=left><input id="edit_limitListings" name="edit_limitListings" size="6" value="' . $edit_limitListings . '" /><i>(-1 = Unlimited)</i></td></tr>';
// limit # of featured listings?
$display .= '<tr><td align=right><b>' . $lang['user_manager_limitFeaturedListings'] . ': </b></td>';
$display .= '<td align=left><input id="edit_limitFeaturedListings" name="edit_limitFeaturedListings" size="6" value="' . $edit_limitFeaturedListings . '" /><i>(-1 = Unlimited)</i></td></tr>';
// user display order?
$display .= '<tr><td align=right><b>' . $lang['user_manager_displayorder'] . ': </b></td>';
$display .= '<td align=left><input id="edit_userRank" name="edit_userRank" size="6" value="' . $edit_userRank . '" /></td></tr>';
}
if ($edit_isAgent == 'yes') {
// can they edit all listings?
$display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_all_listings'] . ': </b></td>';
$display .= '<td align=left><select id="edit_canEditAllListings" name="edit_canEditAllListings" size="1"><option value="' . $edit_canEditAllListings . '">' . $edit_canEditAllListings . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
// can they edit all users?
$display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_all_users'] . ': </b></td>';
$display .= '<td align=left><select id="edit_canEditAllUsers" name="edit_canEditAllUsers" size="1"><option value="' . $edit_canEditAllUsers . '">' . $edit_canEditAllUsers . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
// can they edit site config?
$display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_site_config'] . ': </b></td>';
$display .= '<td align=left><select id="edit_canEditSiteConfig" name="edit_canEditSiteConfig" size="1"><option value="' . $edit_canEditSiteConfig . '">' . $edit_canEditSiteConfig . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
// can they edit member templates?
$display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_member_template'] . ': </b></td>';
$display .= '<td align=left><select id="edit_canEditMemberTemplate" name="edit_canEditMemberTemplate" size="1"><option value="' . $edit_canEditMemberTemplate . '">' . $edit_canEditMemberTemplate . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
// can they edit agent templates?
$display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_agent_template'] . ': </b></td>';
$display .= '<td align=left><select id="edit_canEditAgentTemplate" name="edit_canEditAgentTemplate" size="1"><option value="' . $edit_canEditAgentTemplate . '">' . $edit_canEditAgentTemplate . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
// can they edit listing templages?
$display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_listing_template'] . ': </b></td>';
$display .= '<td align=left><select id="edit_canEditListingTemplate" name="edit_canEditListingTemplate" size="1"><option value="' . $edit_canEditListingTemplate . '">' . $edit_canEditListingTemplate . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
// can they edit property classes?
$display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_property_classes'] . ': </b></td>';
$display .= '<td align=left><select id="edit_canEditPropertyClasses" name="edit_canEditPropertyClasses" size="1"><option value="' . $edit_canEditPropertyClasses . '">' . $edit_canEditPropertyClasses . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
// can they view logs?
$display .= "<tr><td align=right><b>{$lang['user_manager_can_view_logs']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canViewLogs\" size=\"1\"><option value=\"{$edit_canViewLogs}\">{$edit_canViewLogs}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
// can they moderate incoming listings?
$display .= "<tr><td align=right><b>{$lang['user_manager_is_a_moderator']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canModerate\" size=\"1\"><option value=\"{$edit_canModerate}\">{$edit_canModerate}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
// can they feature listings?
$display .= "<tr><td align=right><b>{$lang['user_manager_feature_listings']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canFeatureListings\" size=\"1\"><option value=\"{$edit_canFeatureListings}\">{$edit_canFeatureListings}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
// can they edit pages?
$display .= "<tr><td align=right><b>{$lang['user_manager_can_edit_pages']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canPages\" size=\"1\"><option value=\"{$edit_canPages}\">{$edit_canPages}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
// can they have vtours?
$display .= "<tr><td align=right><b>{$lang['user_manager_can_have_vtours']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canVtour\" size=\"1\"><option value=\"{$edit_canVtour}\">{$edit_canVtour}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
// can they have listings files
$display .= "<tr><td align=right><b>{$lang['user_manager_can_have_files']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canFiles\" size=\"1\"><option value=\"{$edit_canFiles}\">{$edit_canFiles}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
// can they have user files
$display .= "<tr><td align=right><b>{$lang['user_manager_can_have_user_files']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canUserFiles\" size=\"1\"><option value=\"{$edit_canUserFiles}\">{$edit_canUserFiles}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
// can modify expiration?
$display .= "<tr><td align=right><b>{$lang['user_editor_can_edit_listing_expiration']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canEditListingExpiration\" size=\"1\"><option value=\"{$edit_canEditListingExpiration}\">{$edit_canEditListingExpiration}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
// Blog Permisisons
$display .= "<tr><td align=right><b>{$lang['user_editor_blog_privileges']}: </b></td>";
$display .= "<td align=left><select name=\"edit_BlogPrivileges\" size=\"1\"><option value=\"{$edit_BlogPrivileges}\">{$blog_perm[$edit_BlogPrivileges]}</option><option value=\"\">-----</option>";
foreach ($blog_perm as $perm_key => $perm_value) {
$display .= '<option value="' . $perm_key . '">' . $perm_value . '</option>';
}
$display .= "</select></td></tr>";
// can access addon manager
$display .= "<tr><td align=right><b>{$lang['user_editor_can_manage_addons']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canManageAddons\" size=\"1\"><option value=\"{$edit_canManageAddons}\">{$edit_canManageAddons}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
if ($config["export_listings"] == 1) {
// can export listings?
$display .= "<tr><td align=right><b>{$lang['user_editor_can_export_listings']}: </b></td>";
$display .= "<td align=left><select name=\"edit_canExportListings\" size=\"1\"><option value=\"{$edit_canExportListings}\">{$edit_canExportListings}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
} else {
$display .= '<input type="hidden" name="edit_canExportListings" value="no" />';
}
}
}
// now grab miscellenous debris
if ($edit_isAgent == "yes" || $edit_isAdmin == 'yes') {
$db_to_use = 'agentformelements';
} else {
$db_to_use = 'memberformelements';
}
$sql = 'SELECT ' . $db_to_use . '_field_name, userdbelements_field_value, ' . $db_to_use . '_field_type, ' . $db_to_use . '_rank, ' . $db_to_use . '_field_caption, ' . $db_to_use . '_default_text, ' . $db_to_use . '_required, ' . $db_to_use . '_field_elements, ' . $db_to_use . '_tool_tip FROM ' . $config['table_prefix'] . $db_to_use . ' left join ' . $config['table_prefix'] . 'userdbelements on userdbelements_field_name = ' . $db_to_use . '_field_name and userdb_id = ' . $sql_edit . ' ORDER BY ' . $db_to_use . '_rank';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$field_name = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_name']);
$field_value = $misc->make_db_unsafe($recordSet->fields['userdbelements_field_value']);
$field_type = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_type']);
$field_caption = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_caption']);
$default_text = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_default_text']);
$field_elements = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_elements']);
$required = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_required']);
$tool_tip = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_tool_tip']);
// pass the data to the function
$display .= $forms->renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements, '', $tool_tip);
$recordSet->MoveNext();
}
// end while
$display .= '<tr><td colspan="2" align="center" class="row_main">' . $lang['required_form_text'] . '</td></tr>';
$display .= '<tr><td colspan="2" align="center" class="row_main"><input type="submit" value="' . $lang['update_button'] . '" />';
$security = login::loginCheck('edit_all_users', true);
if ($security === true) {
$display .= ' <a href="index.php?action=user_manager&delete=' . $user_id . '" onclick="return confirmDelete(\'' . $lang['delete_user'] . '\')">' . $lang['delete'] . '</a>';
}
$display .= '</td></tr></table></form>';
$display .= '</td></tr></table>';
$display .= '</td></tr></table>';
return $display;
}
function replace_admin_actions()
{
global $config, $lang;
require_once $config['basepath'] . '/include/login.inc.php';
$login = new login();
$login_status = $login->loginCheck('Agent');
if ($login_status !== true) {
// Run theese commands even if not logged in.
$data = '';
switch ($_GET['action']) {
case 'send_forgot':
require_once $config['basepath'] . '/include/login.inc.php';
$data = login::forgot_password();
break;
case 'forgot':
require_once $config['basepath'] . '/include/login.inc.php';
$data = login::forgot_password_reset();
break;
default:
$data .= $login_status;
break;
}
} else {
switch ($_GET['action']) {
case 'index':
require_once $config['basepath'] . '/include/admin.inc.php';
$admin = new general_admin();
$data = $admin->index_page();
break;
case 'edit_page':
require_once $config['basepath'] . '/include/editor.inc.php';
$listing = new editor();
$data = $listing->page_edit();
break;
case 'edit_user_images':
require_once $config['basepath'] . '/include/images.inc.php';
$images = new image_handler();
$data = $images->edit_user_images();
break;
case 'edit_listing_images':
require_once $config['basepath'] . '/include/images.inc.php';
$images = new image_handler();
$data = $images->edit_listing_images();
break;
case 'edit_vtour_images':
require_once $config['basepath'] . '/include/images.inc.php';
$images = new image_handler();
$data = $images->edit_vtour_images();
break;
case 'edit_listing_files':
require_once $config['basepath'] . '/include/files.inc.php';
$files = new file_handler();
$data = $files->edit_listing_files();
break;
case 'edit_user_files':
require_once $config['basepath'] . '/include/files.inc.php';
$files = new file_handler();
$data = $files->edit_user_files();
break;
case 'add_listing':
require_once $config['basepath'] . '/include/listing_editor.inc.php';
$listing_editor = new listing_editor();
$data = $listing_editor->add_listing();
break;
case 'edit_my_listings':
require_once $config['basepath'] . '/include/listing_editor.inc.php';
$listing_editor = new listing_editor();
$data = $listing_editor->edit_listings();
break;
case 'edit_listings':
require_once $config['basepath'] . '/include/listing_editor.inc.php';
$listing_editor = new listing_editor();
$data = $listing_editor->edit_listings(false);
break;
case 'configure':
require_once $config['basepath'] . '/include/controlpanel.inc.php';
$listing_editor = new configurator();
$data = $listing_editor->show_configurator();
break;
case 'edit_listing_template':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_listing_template();
break;
case 'edit_listings_template_field_order':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_listings_template_field_order();
break;
case 'edit_agent_template_field_order':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_template_field_order($type = 'agent');
break;
case 'edit_member_template_field_order':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_template_field_order($type = 'member');
break;
case 'edit_agent_template_add_field':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->add_user_template_field($type = 'agent');
break;
case 'edit_member_template_add_field':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$type = 'member';
$data = $listing->add_user_template_field($type);
break;
case 'edit_listing_template_search':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_listing_template_search();
break;
case 'edit_listing_template_search_results':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_listing_template_search_results();
break;
case 'user_manager':
require_once $config['basepath'] . '/include/user_manager.inc.php';
$user_managment = new user_managment();
$data = $user_managment->show_user_manager();
break;
case 'edit_user_template':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_user_template();
break;
case 'edit_listing_template_add_field':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->add_listing_template_field();
break;
case 'add_page':
require_once $config['basepath'] . '/include/editor.inc.php';
$listing = new editor();
$data = $listing->add_page();
break;
case 'view_log':
require_once $config['basepath'] . '/include/log.inc.php';
$data = log::view();
break;
case 'clear_log':
require_once $config['basepath'] . '/include/log.inc.php';
$data = log::clear_log();
break;
case 'show_property_classes':
require_once $config['basepath'] . '/include/propertyclass.inc.php';
$data = propertyclass::show_classes();
break;
case 'modify_property_class':
require_once $config['basepath'] . '/include/propertyclass.inc.php';
$data = propertyclass::modify_property_class();
break;
case 'delete_property_class':
require_once $config['basepath'] . '/include/propertyclass.inc.php';
$data = propertyclass::delete_property_class();
break;
case 'insert_property_class':
require_once $config['basepath'] . '/include/propertyclass.inc.php';
$data = propertyclass::insert_property_class();
break;
case 'add_listing_property_class':
require_once $config['basepath'] . '/include/listing_editor.inc.php';
$listing_editor = new listing_editor();
$data = $listing_editor->add_listing_logic();
break;
//Todo Finish Adding Blog Items
//Todo Finish Adding Blog Items
case 'edit_blog':
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$listing = new blog_editor();
$data = $listing->blog_edit_index();
break;
case 'edit_blog_post':
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$listing = new blog_editor();
$data = $listing->blog_edit();
break;
case 'add_blog':
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$listing = new blog_editor();
$data = $listing->add_post();
break;
case 'edit_blog_post_comments':
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$listing = new blog_editor();
$data = $listing->edit_post_comments();
break;
case 'addon_manager':
require_once $config['basepath'] . '/include/addon_manager.inc.php';
$am = new addon_manager();
$data = $am->display_addon_manager();
break;
case 'send_notifications':
require_once $config['basepath'] . '/include/notification.inc.php';
$notify = new notification();
$data = $notify->NotifyUsersOfAllNewListings();
break;
default:
// Handle Addons
$addon_name = array();
if (preg_match("/^addon_(.\\S*?)_.*/", $_GET['action'], $addon_name)) {
include_once $config['basepath'] . '/addons/' . $addon_name[1] . '/addon.inc.php';
$function_name = $addon_name[1] . '_run_action_admin_template';
$data = $function_name();
}
}
}
return $data;
}
function update_listing($verify_user = true)
{
global $conn, $lang, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
require_once $config['basepath'] . '/include/listing.inc.php';
$listing_pages = new listing_pages();
$display = '';
// update the listing
if ($verify_user) {
$sql_edit = intval($_POST['edit']);
$listing_ownerID = $listing_pages->getListingAgentID($sql_edit);
if (intval($_SESSION['userID']) != $listing_ownerID) {
$display = $lang['listing_editor_permission_denied'] . '<br />';
return $display;
}
}
if ($_POST['title'] == "") {
// if the title is blank
$display .= "{$lang['admin_new_listing_enter_a_title']}<br />";
} else {
$pass_the_form = $forms->validateForm('listingsformelements', $_POST['pclass']);
if ($pass_the_form !== "Yes") {
// if we're not going to pass it, tell that they forgot to fill in one of the fields
foreach ($pass_the_form as $k => $v) {
if ($v == 'REQUIRED') {
$display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>";
}
if ($v == 'TYPE') {
$display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>";
}
}
// $display .= "<p>$lang[required_fields_not_filled]</p>";
}
if ($pass_the_form == "Yes") {
$sql_title = $misc->make_db_safe($_POST['title']);
$sql_notes = $misc->make_db_safe($_POST['notes']);
$sql_edit = $misc->make_db_safe($_POST['edit']);
if (!isset($_POST['mlsexport'])) {
$_POST['mlsexport'] = "no";
}
$sql_mlsexport = $misc->make_db_safe($_POST['mlsexport']);
$sql = "UPDATE " . $config['table_prefix'] . "listingsdb SET ";
if (!$verify_user) {
$sql_or_owner = $misc->make_db_safe($_POST['or_owner']);
// update the listing data
$sql .= "userdb_ID = {$sql_or_owner}, ";
}
$sql .= "listingsdb_title = {$sql_title}, ";
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['featureListings'] == "yes") {
// Check Number of Featured Listings User has
if (isset($_POST['or_owner'])) {
$or_owner = $misc->make_db_safe($_POST['or_owner']);
$featuredsql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_featured = \'yes\' AND userdb_id = ' . $or_owner;
} else {
$featuredsql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_featured = \'yes\' AND userdb_id = ' . $_SESSION['userID'];
}
$recordSet = $conn->Execute($featuredsql);
if ($recordSet === false) {
$misc->log_error($featuredsql);
}
$featuredlisting_count = $recordSet->fields['listing_count'];
// Get User Featured Listing Limit
if (isset($_POST['or_owner'])) {
$or_owner = $misc->make_db_safe($_POST['or_owner']);
$featuredsql = 'SELECT userdb_featuredlistinglimit FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $or_owner;
} else {
$featuredsql = 'SELECT userdb_featuredlistinglimit FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $_SESSION['userID'];
}
$recordSet = $conn->Execute($featuredsql);
if ($recordSet === false) {
$misc->log_error($featuredsql);
}
$featuredlisting_limit = $recordSet->fields['userdb_featuredlistinglimit'];
$featuredLimitError = FALSE;
if ($_POST['featured'] == 'yes') {
if ($featuredlisting_limit > $featuredlisting_count || $featuredlisting_limit == '-1') {
// if the user can feature properties
$sql_featured = $misc->make_db_safe($_POST['featured']);
$sql .= "listingsdb_featured = {$sql_featured}, ";
} else {
//See if we are already featured..
$featuredcheckSql = 'SELECT listingsdb_featured FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_id = ' . $sql_edit;
$recordSetFeatured = $conn->Execute($featuredcheckSql);
if ($recordSetFeatured === false) {
$misc->log_error($featuredcheckSql);
}
$current_status = $recordSetFeatured->fields['listingsdb_featured'];
if ($current_status == 'yes') {
$sql_featured = $misc->make_db_safe($_POST['featured']);
$sql .= "listingsdb_featured = {$sql_featured}, ";
} else {
$featuredLimitError = TRUE;
}
}
} else {
//Not Feautred Save no matter what
$sql_featured = $misc->make_db_safe($_POST['featured']);
$sql .= "listingsdb_featured = {$sql_featured}, ";
}
}
// end if ($featureListings == "yes")
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['moderator'] == "yes") {
// if the user is an administrtor
$sql_active = $misc->make_db_safe($_POST['edit_active']);
$sql .= "listingsdb_active = {$sql_active}, ";
}
// end if ($admin_privs == "yes")
if (($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_expiration'] == "yes") && $config['use_expiration'] == "1") {
$expiration_date = $misc->or_date_format($_POST['edit_expiration']);
$sql .= "listingsdb_expiration = " . $expiration_date . ",";
}
if ($verify_user) {
$sql .= "listingsdb_notes = {$sql_notes}, listingsdb_mlsexport = {$sql_mlsexport}, listingsdb_last_modified = " . $conn->DBTimeStamp(time()) . " WHERE ((listingsdb_id = {$sql_edit}) AND (userdb_id = {$_SESSION['userID']}))";
} else {
$sql .= "listingsdb_notes = {$sql_notes}, listingsdb_mlsexport = {$sql_mlsexport}, listingsdb_last_modified = " . $conn->DBTimeStamp(time()) . " WHERE listingsdb_id = {$sql_edit}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($verify_user) {
$message = listing_editor::updateListingsData($_POST['edit'], $_SESSION['userID']);
} else {
// update the image data (in case the or_owner has changed)
$sql = "UPDATE " . $config['table_prefix'] . "listingsimages SET userdb_id = {$sql_or_owner} WHERE listingsdb_id = {$sql_edit}";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$message = listing_editor::updateListingsData($_POST['edit'], $_POST['or_owner']);
}
// Ok Now Handle Any property class changes that all the data is saved.
// First Get a list of all the currently assing property classes.
$sql2 = 'SELECT class_id FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE listingsdb_id =' . $sql_edit;
$recordSet2 = $conn->execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
$current_class_id = array();
while (!$recordSet2->EOF) {
$current_class_id[] = $recordSet2->fields['class_id'];
$recordSet2->MoveNext();
}
// Get List of edited pclasses
$new_class_assigned_sql = implode(',', $_POST['pclass']);
// Now if teh property class is no longer assigned remove this listin from the class and remove any listing fields tha belogn only to this class
foreach ($current_class_id as $c_class_id) {
if (!in_array($c_class_id, $_POST['pclass'])) {
// Delete listing from class
$sql = 'DELETE FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE class_id = ' . $c_class_id . ' AND listingsdb_id = ' . $sql_edit;
$recordSet = $conn->execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// Get a list of form element ids for the new selected property classes
$sql = 'SELECT listingsformelements_id FROM ' . $config['table_prefix_no_lang'] . 'classformelements WHERE class_id IN (' . $new_class_assigned_sql . ')';
$recordSet = $conn->execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$formelement_ids = array();
while (!$recordSet->EOF) {
$formelement_ids[] = $recordSet->fields['listingsformelements_id'];
$recordSet->Movenext();
}
$new_listingsformelements_id_sql = implode(',', $formelement_ids);
$sql = 'SELECT DISTINCT(listingsformelements_field_name) FROM ' . $config['table_prefix_no_lang'] . 'classformelements as c,' . $config['table_prefix'] . 'listingsformelements as f WHERE class_id = ' . $c_class_id . ' AND c.listingsformelements_id NOT IN (' . $new_listingsformelements_id_sql . ') AND c.listingsformelements_id = f.listingsformelements_id';
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$sql2 = 'DELETE FROM ' . $config['table_prefix'] . 'listingsdbelements WHERE listingsdbelements_field_name = ' . $recordSet->fields['listingsformelements_field_name'] . ' AND listingsdb_id = ' . $sql_edit;
$recordSet2 = $conn->execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
}
}
}
// If this is a new class add the listing to the class
foreach ($_POST['pclass'] as $class_id) {
if (!in_array($class_id, $current_class_id)) {
$sql2 = 'INSERT INTO ' . $config['table_prefix_no_lang'] . 'classlistingsdb (class_id,listingsdb_id) VALUES (' . $class_id . ',' . $sql_edit . ')';
$recordSet2 = $conn->execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
}
}
if ($message == "success") {
$display .= "<p>{$lang['admin_listings_editor_listing_number']} {$_POST['edit']} {$lang['has_been_updated']} </p>";
if ($featuredLimitError == TRUE) {
$display .= "<p style=\"error\">{$lang['admin_listings_editor_featuredlistingerror']} </p>";
}
$misc->log_action("{$lang['log_updated_listing']} {$_POST['edit']}");
} else {
$display .= "<p>{$lang['alert_site_admin']}</p>";
}
// end else
}
// end if $pass_the_form == "Yes"
}
// end else
return $display;
}
