function add_listing() { @set_time_limit(1500); global $conn, $lang, $config; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); require_once $config['basepath'] . '/include/forms.inc.php'; $forms = new forms(); require_once $config['basepath'] . '/include/listing.inc.php'; $listing = new listing_pages(); $display = ''; $display .= '<span class="section_header">' . $lang['admin_menu_add_a_listing'] . '</span>'; if (isset($_POST['action']) && $_POST['action'] == "create_new_listing") { // Check Number of Listings User has if (isset($_POST['or_owner'])) { $or_owner = $misc->make_db_safe($_POST['or_owner']); $sql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $or_owner; } else { $sql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $_SESSION['userID']; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $listing_count = $recordSet->fields['listing_count']; // Get User Listing Limit if (isset($_POST['or_owner'])) { $or_owner = $misc->make_db_safe($_POST['or_owner']); $sql = 'SELECT userdb_limit_listings FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $or_owner; } else { $sql = 'SELECT userdb_limit_listings FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $_SESSION['userID']; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $listing_limit = $recordSet->fields['userdb_limit_listings']; if ($listing_count >= $listing_limit && $listing_limit != '-1') { $display .= '<br />'; $display .= '<!-- ' . $listing_count . ' >= ' . $listing_limit . ' -->'; $display .= $lang['admin_listing_limit_reached']; } else { // creates a new listing if ($_POST['title'] == "") { $display .= "<p>{$lang['admin_new_listing_enter_a_title']}</p>"; $display .= "<form><input type=\"button\" value=\"{$lang['back_button_text']}\" onclick=\"history.back()\" /></form>"; } else { $pass_the_form = $forms->validateForm('listingsformelements', $_POST['property_class']); if ($pass_the_form != "Yes") { // if we're not going to pass it, tell that they forgot to fill in one of the fields foreach ($pass_the_form as $k => $v) { if ($v == 'REQUIRED') { $display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>"; } if ($v == 'TYPE') { $display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>"; } } $display .= "<form><input type=\"button\" value=\"{$lang['back_button_text']}\" onclick=\"history.back()\" /></form>"; } else { $title = $misc->make_db_safe($_POST['title']); $notes = $misc->make_db_safe($_POST['notes']); $mlsexport = $misc->make_db_safe($_POST['mlsexport']); if (isset($_POST['or_owner'])) { $new_listing_owner = $_POST['or_owner']; $sql_new_listing_owner = $misc->make_db_safe($_POST['or_owner']); } else { $new_listing_owner = $_SESSION['userID']; $sql_new_listing_owner = $misc->make_db_safe($_SESSION['userID']); } // check to see if moderation is turned on... if ($config['moderate_listings'] == false) { $set_active = "yes"; } else { $set_active = "no"; } if (isset($_POST['active'])) { $set_active = $_POST['active']; } // create the account with the random number as the password $expiration_date = mktime(0, 0, 0, date("m"), date("d") + $config['days_until_listings_expire'], date("Y")); $sql = "INSERT INTO " . $config['table_prefix'] . "listingsdb (listingsdb_title, listingsdb_notes, userdb_id, listingsdb_active, listingsdb_mlsexport, listingsdb_creation_date, listingsdb_last_modified, listingsdb_expiration, listingsdb_hit_count, listingsdb_featured) VALUES ({$title}, {$notes}, {$sql_new_listing_owner}, '{$set_active}', {$mlsexport}, " . $conn->DBDate(time()) . "," . $conn->DBTimeStamp(time()) . "," . $conn->DBDate($expiration_date) . ",0,'no')"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } else { $new_listing_id = $conn->Insert_ID(); } // end while // Add Listing to the property class system. foreach ($_POST['property_class'] as $class_id) { $sql = 'INSERT INTO ' . $config['table_prefix_no_lang'] . 'classlistingsdb (listingsdb_id, class_id) VALUES(' . $new_listing_id . ',' . $class_id . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } // now that that's taken care of, it's time to insert all the rest // of the variables into the database $message = listing_editor::updateListingsData($new_listing_id, $new_listing_owner); if ($message == "success") { $display .= "<p>{$lang['admin_new_listing_created']}, {$_SESSION['username']}</p>"; if ($config['moderate_listings'] === "1") { // if moderation is turned on... $display .= "<p>{$lang['admin_new_listing_moderated']}</p>"; } if (isset($_POST['or_owner'])) { $display .= "<p><a href=\"index.php?action=edit_listings&edit={$new_listing_id}\">{$lang['you_may_now_edit_the_listing']}</a></p>"; } else { $display .= "<p><a href=\"index.php?action=edit_my_listings&edit={$new_listing_id}\">{$lang['you_may_now_edit_your_listing']}</a></p>"; } $display .= "<br /><p>{$lang['admin_additional_steps']}</p>"; $display .= '<form action="index.php?action=edit_listing_images" method="post" name="edit_listing_images"><input type="hidden" name="edit" value="' . $new_listing_id . '" /><a href="javascript:document.edit_listing_images.submit()">' . $lang['upload_images'] . '</a></form>'; $display .= '<br />'; if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevtours'] == "yes") { $display .= '<form action="index.php?action=edit_vtour_images" method="post" name="edit_vtour_images"><input type="hidden" name="edit" value="' . $new_listing_id . '" /><a href="javascript:document.edit_vtour_images.submit()">' . $lang['upload_vtours'] . '</a></form>'; $display .= '<br />'; } if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevfiles'] == "yes") { $display .= '<form action="index.php?action=edit_listing_files" method="post" name="edit_listing_files"><input type="hidden" name="edit" value="' . $new_listing_id . '" /><a href="javascript:document.edit_listing_files.submit()">' . $lang['upload_files'] . '</a></form>'; $display .= '<br />'; } $misc->log_action("{$lang['log_created_listing']} {$new_listing_id}"); if ($config['email_notification_of_new_listings'] === "1") { // if the site admin should be notified when a new listing is added global $config, $lang; $agent_email = $listing->getListingEmail($new_listing_id, true); $agent_first_name = $listing->getListingAgentFirstName($new_listing_id); $agent_last_name = $listing->getListingAgentLastName($new_listing_id); $message = $_SERVER['REMOTE_ADDR'] . " -- " . date("F j, Y, g:i:s a") . "\r\n\r\n{$lang['admin_new_listing']}:\r\n{$config['baseurl']}/admin/index.php?action=edit_listings&edit={$new_listing_id}\r\n"; $header = "From: " . $agent_first_name . " " . $agent_last_name . " <" . $agent_email . ">\r\n"; $header .= "X-Sender: {$config['admin_email']}\r\n"; $header .= "Return-Path: {$config['admin_email']}\r\n"; $sent = $misc->send_email($agent_first_name . " " . $agent_last_name, $agent_email, $config['admin_email'], $message, $lang['admin_new_listing']); } // end if // Notify users with Saved Searches that match the new listing. if ($config['email_users_notification_of_new_listings'] == "1") { $display .= listing_editor::notify_new_listing($new_listing_id); } } else { $display .= "<p>{$lang['alert_site_admin']}</p>"; } // end else } // end $pass_the_form == "Yes" } // end else } //End if (($listing_count >= $listing_limit) && ($listing_limit !== -1)) } else { // Check Number of Listings User has $sql = 'SELECT count(listingsdb_id) FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $_SESSION['userID']; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $listing_count = $recordSet->fields[0]; // Get User Listing Limit $sql = 'SELECT userdb_limit_listings FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $_SESSION['userID']; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $listing_limit = $recordSet->fields[0]; $display .= '<!-- ' . $listing_count . ' >= ' . $listing_limit . ' -->'; if ($listing_count >= $listing_limit && $listing_limit !== '-1') { $display .= '<br />'; $display .= $lang['admin_listing_limit_reached']; } else { //START FORM VALIDATION if (isset($_POST['property_class'])) { $class_sql = ''; foreach ($_POST['property_class'] as $class_id) { if (empty($class_sql)) { $class_sql .= ' class_id = ' . $class_id; } else { $class_sql .= ' OR class_id = ' . $class_id; } $display .= '<input type="hidden" name="property_class[]" value="' . $class_id . '" />'; } $pclass_list = ''; $sql = "SELECT DISTINCT(listingsformelements_id) FROM " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql; $recordSet = $conn->execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { if (empty($pclass_list)) { $pclass_list .= $recordSet->fields['listingsformelements_id']; } else { $pclass_list .= ',' . $recordSet->fields['listingsformelements_id']; } $recordSet->Movenext(); } if ($pclass_list == '') { $pclass_list = 0; } $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_id IN (" . $pclass_list . ") ORDER BY listingsformelements_rank, listingsformelements_field_name"; } else { $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements ORDER BY listingsformelements_rank, listingsformelements_field_name"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $display .= "\r\n<script type=\"text/javascript\" >\r\n"; $display .= "<!--\r\n"; $display .= "function validate_form()\r\n"; $display .= "{\r\n"; $display .= "var msg=\"\"\r\n"; $display .= "valid = true;\r\n"; $display .= "if ( document.addlisting.title.value == \"\" )\r\n"; $display .= "{\r\n"; $display .= "msg += '{$lang['forgot_field']} {$lang['admin_listings_editor_title']} {$lang['admin_template_editor_field']}.\\r\\n';\r\n"; $display .= "valid = false;\r\n"; $display .= "}\r\n"; while (!$recordSet->EOF) { $field_name = $recordSet->fields['listingsformelements_field_name']; $field_caption = $recordSet->fields['listingsformelements_field_caption']; $required = $recordSet->fields['listingsformelements_required']; if ($required == 'Yes') { $display .= "if ( document.addlisting.{$field_name}.value == \"\" )\r\n"; $display .= "{\r\n"; $display .= "msg += '{$lang['forgot_field']} {$field_caption} {$lang['admin_template_editor_field']}.\\r\\n';\r\n"; $display .= "valid = false;\r\n"; $display .= "}\r\n"; } $recordSet->MoveNext(); } $display .= "if (msg != \"\")\r\n"; $display .= "{\r\n"; $display .= "alert (msg);"; $display .= "}\r\n"; $display .= "return valid;\r\n"; $display .= "}\r\n"; $display .= "//-->\r\n"; $display .= "</script>\r\n"; //END FORM VALIDATION $display .= '<form name="addlisting" action="index.php?action=add_listing" method="post" onsubmit="return validate_form ( );">'; $display .= '<input type="hidden" name="action" value="create_new_listing" />'; $display .= '<table class="form_main">'; $display .= '<tr>'; $display .= '<td align="right" class="row_main"><b>' . $lang['admin_listings_editor_title'] . '<span class="required">*</span></b></td>'; $display .= '<td align="left" class="row_main"> <input type="text" name="title" /></td>'; $display .= '</tr>'; // Display Agent selection Option to assign listing if ($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_all_listings'] == "yes") { $display .= '<tr><td align="right"><b>' . $lang['listing_editor_listing_agent'] . ':</b></td>'; $display .= '<td align="left" class="row_main"><select name="or_owner" size="1">'; // find the name of the agent listed as ID in $edit_or_owner $sql = "SELECT userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb WHERE (userdb_id = {$_SESSION['userID']})"; $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // strip slashes so input appears correctly $agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']); $agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']); if ($_SESSION['admin_privs'] != "yes") { $display .= "<option value=\"{$_SESSION['userID']}\">{$agent_last_name},{$agent_first_name}</option>"; } // fill list with names of all agents $sql = "SELECT userdb_id, userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb where userdb_is_agent = 'yes' ORDER BY userdb_user_last_name,userdb_user_first_name"; $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { // strip slashes so input appears correctly $agent_ID = $recordSet->fields['userdb_id']; $agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']); $agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']); if ($agent_ID == $_SESSION['userID']) { $display .= "<option value=\"{$agent_ID}\" selected=\"selected\">{$agent_last_name},{$agent_first_name}</option>"; } else { $display .= "<option value=\"{$agent_ID}\">{$agent_last_name},{$agent_first_name}</option>"; } $recordSet->MoveNext(); } $display .= "</select></td>"; $display .= '</tr>'; } if ($config["show_notes_field"] == 1) { $display .= '<tr>'; $display .= '<td align="right" class="row_main"><b>' . $lang['admin_listings_editor_notes'] . '</b><br /><div class="small">(' . $lang['admin_listings_editor_notes_note'] . ')</div></td>'; $display .= '<td align="left" class="row_main"><textarea name="notes" cols="40" rows="6"></textarea></td>'; $display .= '</tr>'; } else { $display .= '<input type="hidden" name="notes" value="" />'; } if ($config["export_listings"] == 1 && $_SESSION['export_listings'] == "yes") { $display .= '<tr>'; $display .= '<td align="right" class="row_main"><b>' . $lang['admin_listings_editor_mlsexport'] . '</b><br /><div class="small">(' . $lang['admin_listings_editor_mlsexport'] . ')</div></td>'; $display .= '<td align="left" class="row_main">'; $display .= '<select size="1" name="mlsexport">'; $display .= '<option value="no" selected="selected">' . $lang['no'] . '</option>'; $display .= '<option value="yes">' . $lang['yes'] . '</option>'; $display .= '</select>'; $display .= '</td>'; $display .= '</tr>'; } else { $display .= '<input type="hidden" name="mlsexport" value="no" />'; } // Determine which fields to show based on property class if (isset($_POST['property_class'])) { $class_sql = ''; foreach ($_POST['property_class'] as $class_id) { if (empty($class_sql)) { $class_sql .= ' class_id = ' . $class_id; } else { $class_sql .= ' OR class_id = ' . $class_id; } $display .= '<input type="hidden" name="property_class[]" value="' . $class_id . '" />'; } $pclass_list = ''; $sql = "SELECT DISTINCT(listingsformelements_id) FROM " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql; $recordSet = $conn->execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { if (empty($pclass_list)) { $pclass_list .= $recordSet->fields['listingsformelements_id']; } else { $pclass_list .= ',' . $recordSet->fields['listingsformelements_id']; } $recordSet->Movenext(); } if ($pclass_list == '') { $pclass_list = 0; } $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_id IN (" . $pclass_list . ") ORDER BY listingsformelements_rank, listingsformelements_field_name"; } else { $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements ORDER BY listingsformelements_rank, listingsformelements_field_name"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $field_type = $recordSet->fields['listingsformelements_field_type']; $field_name = $recordSet->fields['listingsformelements_field_name']; $field_caption = $recordSet->fields['listingsformelements_field_caption']; $default_text = $recordSet->fields['listingsformelements_default_text']; $field_elements = $recordSet->fields['listingsformelements_field_elements']; $required = $recordSet->fields['listingsformelements_required']; $field_length = $recordSet->fields['listingsformelements_field_length']; $tool_tip = $recordSet->fields['listingsformelements_tool_tip']; $field_type = $misc->make_db_unsafe($field_type); $field_name = $misc->make_db_unsafe($field_name); $field_caption = $misc->make_db_unsafe($field_caption); $default_text = $misc->make_db_unsafe($default_text); $field_elements = $misc->make_db_unsafe($field_elements); $required = $misc->make_db_unsafe($required); $field_length = $misc->make_db_unsafe($field_length); $tool_tip = $misc->make_db_unsafe($tool_tip); $display .= $forms->renderFormElement($field_type, $field_name, $field_caption, $default_text, $field_elements, $required, $field_length, $tool_tip); $recordSet->MoveNext(); } // end while $display .= $forms->renderFormElement("submit", "", "{$lang['submit']}", "", "", ""); $display .= '<tr><td colspan="2" align="center" class="row_main">' . $lang['required_form_text'] . '</td></tr>'; $display .= '</table>'; $display .= '</form>'; } //End } // end if return $display; }