<?php
header('Content-Type: text/html; charset=utf-8');
include_once '../includes/nocache.php';
include_once '../includes/config.php';
include_once '../includes/sanitize.php';
include_once '../includes/helpers.php';
require_once '../includes/class.upload.php';
include 'includes/valida-login.php';
include 'includes/meta.php';
if (_IS_POST()) {
$id_codigo = sanitize_sql_string($_POST['hcodigo']);
$titulo = sanitize_sql_string($_POST['titulo']);
$categorias = $_POST['categorias'];
$campos = array('titulo' => $titulo);
$db->update('confort', $campos, 'id=' . $id_codigo);
$db->delete('confort_categorias', 'id_confort=' . $id_codigo);
if (is_array($categorias)) {
foreach ($categorias as $clave => $valor) {
$campos = array('id_confort' => $id_codigo, 'id_categoria' => $clave);
$db->insert('confort_categorias', $campos);
}
}
redirige_pagina('confort_modificar.php?id_confort=' . $id_codigo . '&err=2');
}
$id_codigo = $_GET['id_confort'];
$aLisReg = $db->select(getRow, 'confort', array('where' => 'id=' . $id_codigo, 'order' => 'orden'));
$categoria = $aLisReg['padre'];
$titulo = $aLisReg['titulo'];
?>
<link href='http://fonts.googleapis.com/css?family=Ubuntu:300,400,700' rel='stylesheet' type='text/css'>
function check($input, $flags, $min = '', $max = '')
{
$oldput = $input;
if ($flags & UTF8) {
$input = my_utf8_decode($input);
}
if ($flags & PARANOID) {
$input = sanitize_paranoid_string($input, $min, $max);
}
if ($flags & INT) {
$input = sanitize_int($input, $min, $max);
}
if ($flags & FLOAT) {
$input = sanitize_float($input, $min, $max);
}
if ($flags & HTML) {
$input = sanitize_html_string($input, $min, $max);
}
if ($flags & SQL) {
$input = sanitize_sql_string($input, $min, $max);
}
if ($flags & LDAP) {
$input = sanitize_ldap_string($input, $min, $max);
}
if ($flags & SYSTEM) {
$input = sanitize_system_string($input, $min, $max, TRUE);
}
if ($input != $oldput) {
return FALSE;
}
return TRUE;
}
}
}
// Conforts relacionados del producto
$db->delete('productos_conforts','id_producto='.$id_publicacion);
$conforts = $_POST['conforts'];
foreach($conforts as $clave => $valor){
if($clave > 0){
$campos = array(
'id_producto' => $id_publicacion,
'id_confort' => sanitize_sql_string($clave),
'orden' => '0',
'estado' => '1',
);
$db->insert('productos_conforts',$campos);
}
}
$bErr = 2;
//redirige_pagina("vender_ok.php?err=2");
}
//
////////////////////////////////////////////////////////////////////////////////////
//by CobraCRK 21.07.2006 - www.extremeshare.org - cobracrk@yahoo.com
//converted to xbtit by cooly
if (!defined("IN_BTIT")) {
die("non direct access!");
}
require_once "include/sanitize.php";
require load_language("lang_subs.php");
global $STYLEURL, $CURUSER;
if ($CURUSER["view_torrents"] == "no") {
err_msg(ERROR, NOT_AUTH_VIEW_NEWS);
stdfoot();
exit;
}
$src = sanitize_sql_string($_POST['src']);
$subsearchtpl = new bTemplate();
$subsearchtpl->set("language", $language);
if ($CURUSER["can_upload"] == "yes") {
$subadd = "<br><center><a href=\"index.php?page=subadd\"><img src=\"images/Add.png\" width=30 height=30 alt=\"Add Subtitle\" title=\"Add Subtitle\"></a> <a href=\"index.php?page=subtitles\"><img src=\"images/Back.png\" width=30 height=30 alt=\"Back\" title=\"Back\"></a></center>";
}
$search = "<form id=\"form1\" name=\"form1\" method=\"post\" action=\"index.php?page=subsearch\">\r\r <div align=\"center\">\r\r <input name=\"src\" type=\"text\" size=\"40\" value=\"{$src}\" />\r\r <input type=\"submit\" class=btn name=\"Submit\" value=\"" . $language['SUBSEARCH'] . "\" />\r\r </div>\r\r</form>\r\r\r<p> </p>\r\r<table border=\"0\" align=\"center\" cellpadding=\"1\" cellspacing=\"1\">";
$subsearchtpl->set("subadd", $subadd);
$subsearchtpl->set("subsearch", $search);
$subres = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}subtitles WHERE name LIKE '%{$src}%'", true);
$subnum = mysqli_fetch_row($subres);
$num2 = $subnum[0];
if ($num2 == 0) {
stderr("Sorry", $language['SUBS_EMPTY_STD']);
}
$perpage = max(0, $CURUSER["torrentsperpage"]) > 0 ? $CURUSER["torrentsperpage"] : 10;
include_once('includes/helpers.php');
require_once( 'inc/variables.php' );
require_once('includes/class.upload.php');
$nombre_pagina = 'HOME';
if(_IS_POST()){
$plan = sanitize_sql_string($_POST['plan']);
$nombre = sanitize_sql_string($_POST['nombre']);
$provincia = sanitize_sql_string($_POST['provincia']);
$localidad = sanitize_sql_string($_POST['localidad']);
$cuit = sanitize_sql_string($_POST['cuit']);
$telefono = sanitize_sql_string($_POST['telefono']);
$direccion = sanitize_sql_string($_POST['direccion']);
$email = sanitize_sql_string($_POST['email']);
$clave = sanitize_sql_string($_POST['clave']);
// Verificar que usuario de la concesionarias no exista.
$aLisReg = $db->select(getRow,'clientes',array('where'=>'email="'.$email.'"','order'=>'email'));
if(count($aLisReg) > 0){
$bErr = 1;
$bErrDes = "El usuario ya existe, por favor revise bien el email.";
}else{
$i = 0;
foreach ($_FILES as $imagenesT){
$i++;
<?
include_once('includes/nocache.php');
include_once('includes/config.php');
include_once('includes/sanitize.php');
include_once('includes/helpers.php');
require_once( 'inc/variables.php' );
require_once('includes/class.upload.php');
$nombre_pagina = 'HOME';
if(_IS_POST()){
$direccion = sanitize_sql_string($_POST['address']);
$punto = $_POST['point'];
if($direccion == '') $punto = '';
// Verificar que usuario del cliente no exista.
$i = 0;
foreach ($_FILES as $imagenesT){
$i++;
if(is_array($_FILES['imagen'.$i]) && $_FILES['imagen'.$i]['name'] != ''){
$oImgReg = new Upload($_FILES['imagen'.$i]);
if ($oImgReg->uploaded) {
$oImgReg->allowed = array('image/*');
$oImgReg->Process('imagenes/concesionario/temp/');
if ($oImgReg->processed) $imagen = $oImgReg->file_dst_name;
require load_language("lang_subs.php");
global $STYLEURL, $CURUSER;
if ($CURUSER["view_torrents"] == "no") {
err_msg($langauge["ERROR"], $language["NOT_AUTH_VIEW_NEWS"]);
stdfoot();
exit;
}
$substpl = new bTemplate();
$substpl->set("language", $language);
if ($CURUSER["can_upload"] == "yes") {
$subadd = "<br><center><a href=\"index.php?page=subadd\"><img src=\"images/Add.png\" width=30 height=30 alt=\"Add Subtitle\" title=\"Add Subtitle\"></a></center>";
}
$search = "<form id=\"form1\" name=\"form1\" method=\"post\" action=\"index.php?page=subsearch\">\n\n <div align=\"center\">\n\n <input name=\"src\" type=\"text\" size=\"40\" />\n\n <input type=\"submit\" class=btn name=\"Submit\" value=\"" . $language['SUBSEARCH'] . "\" />\n\n </div>\n\n</form>\n\n";
require_once "include/sanitize.php";
if (isset($_GET['id'])) {
$id = sanitize_sql_string($_GET['id']);
$where = "AND hash='{$id}'";
}
$substpl->set("subadd", $subadd);
$substpl->set("subsearch", $search);
$subres = do_sqlquery("SELECT COUNT(*) from {$TABLE_PREFIX}subtitles where id>0 {$where} ORDER BY id ASC {$limit}");
$subnum = mysqli_fetch_row($subres);
$result = "";
$num2 = $subnum[0];
if ($num2 == 0) {
$result = $language['SUBS_EMPTY'];
}
$perpage = max(0, $CURUSER["torrentsperpage"]) > 0 ? $CURUSER["torrentsperpage"] : 10;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $num2, "index.php?page=subtitles&");
$substpl->set("pagertop", $pagertop);
$substpl->set("pagerbottom", $pagerbottom);
$aeliminar = $_POST['elimina'];
$estado_gral = $_POST['estado_consulta'];
if (count($aestados) > 0) {
$campos = array('estado' => '0');
$db->update('productos', $campos, 'id in (' . implode(",", $estado_gral) . ')');
foreach ($aestados as $key => $value) {
if ($key != '') {
$campos = array('estado' => '1');
$db->update('productos', $campos, 'id=' . $key);
}
}
}
$titulo = $_POST['titulo'];
$precio1 = $_POST['precio1'];
foreach ($precio1 as $key => $value) {
$campos = array('precio' => sanitize_sql_string($value), 'titulo' => htmlentities($titulo[$key], ENT_QUOTES, "UTF-8"));
$db->update('productos_articulos', $campos, 'id=' . $key);
}
if (is_array($aeliminar)) {
foreach ($aeliminar as $key => $value) {
if ($key != '') {
$db->delete('productos', 'id=' . $key);
$db->delete('productos_articulos', 'id_producto=' . $key);
$db->delete('productos_imagenes', 'id_producto=' . $key);
}
}
}
$bErr = 2;
}
?>
<link href='http://fonts.googleapis.com/css?family=Ubuntu:300,400,700' rel='stylesheet' type='text/css'>
function sanitize($input, $flags, $min = '', $max = '')
{
if ($flags & UTF8) {
$input = my_utf8_decode($input);
}
if ($flags & PARANOID) {
$input = sanitize_paranoid_string($input, $min, $max);
}
if ($flags & INT) {
$input = sanitize_int($input, $min, $max);
}
if ($flags & FLOAT) {
$input = sanitize_float($input, $min, $max);
}
if ($flags & HTML) {
$input = sanitize_html_string($input, $min, $max);
}
if ($flags & SQL) {
$input = sanitize_sql_string($input, $min, $max);
}
if ($flags & LDAP) {
$input = sanitize_ldap_string($input, $min, $max);
}
if ($flags & SYSTEM) {
$input = sanitize_system_string($input, $min, $max);
}
return $input;
}
include_once '../includes/config.php';
include_once '../includes/sanitize.php';
include_once '../includes/helpers.php';
require_once '../includes/class.upload.php';
include 'includes/valida-login.php';
include 'includes/meta.php';
$id_codigo = $_GET['id'];
if (_IS_POST()) {
$categoria = $_POST['categoria'];
$id_codigo = sanitize_int($_POST['id_codigo']);
$titulo = sanitize_sql_string($_POST['titulo']);
$fecha = sanitize_sql_string($_POST['fecha']);
$descripcion = sanitize_sql_string($_POST['descripcion']);
$target = $_POST['target'];
$link = $_POST['link'];
$portada = sanitize_sql_string($_POST['portada']);
$imagen = $_POST['himagen'];
$imagen_thumbs = $_POST['himagen_thumb'];
if ($portada == '') {
$portada = '0';
}
if ($_POST['chkborrar'] == '1') {
if (file_exists("../marcas/" . $imagen)) {
unlink("../marcas/" . $imagen);
}
if (file_exists("../marcas/thumbs/" . $imagen_thumbs)) {
unlink("../marcas/thumbs/" . $imagen_thumbs);
}
$imagen = "";
$imagen_thumbs = "";
}
?>
" class="contenido_botonera" target="_blank">
<span class="cuadrado"></span><p>Configuración de E-mails</p>
</a>
<a href="modificar_clave.php" class="contenido_botonera">
<span class="cuadrado"></span><p>Modificar Contraseña</p>
</a>
</div>
</div>
<div id="contenido" class="mod_cont">
<p class="titulo_abm color">Productos :: Ordenar productos</p>
<div class="titulo_abm_line bcolor"></div>
<div id="imageFloatContainer">
<?
if($categoria != '') $scad = ' and id_categoria='.$categoria;
$aLisReg = $db->select(getAll,'productos',array('where'=>'id is not null'.sanitize_sql_string($scad),'order'=>'orden, id desc'));
for($i=0; $i < count($aLisReg); $i++){
?>
<div class="cls_ordenar" id="img_<?php
echo $aLisReg[$i]['id'];
?>
">
<?php
echo limpiarTexto($aLisReg[$i]['codigo'] . '-' . $aLisReg[$i]['titulo']);
?>
</div>
<? }?>
<hr style="clear:both;border:0;visibility:none;">
</div>
<br>
<?php
require_once '../../includes/config_reports.php';
require_once '../../includes/config.php';
$template->loadTemplatefile('ad_campaign/summary.tpl');
$client_id = sanitize_int($_GET['client_id']);
$product_data_id = sanitize_int($_GET['product_data_id']);
$report_month = sanitize_int($_GET['report_month']);
$report_year = sanitize_int($_GET['report_year']);
$year_period_start_date = sanitize_sql_string($_GET['year_period_start_date']);
$year_period_end_date = sanitize_sql_string($_GET['year_period_end_date']);
$date = DateTime::createFromFormat("Y-m-d", $year_period_end_date);
$quantity_days = $date->format("d");
$last_month = "";
$measurement_array = array('clicks', 'impressions', 'ctr', 'avg_cpc', 'cost');
// finding the Search Ad product client_id
$query = "\tSELECT gpd.currency_id\n\t\t\tFROM sYra.google_advertising ga\n\t\t\t\tLEFT JOIN sYra.generic_products_data gpd ON gpd.product_data_id = ga.product_data_id\n\t\t\tWHERE ga.client_id = :client_id";
$db_syssql = db::connect('syssql');
$row = $db_syssql->select($query)->binds(array(':client_id' => $client_id))->execute()->fetch();
$currency_id = $row['currency_id'];
$query = "\tSELECT MONTH(awr.DAY) AS month, YEAR(awr.DAY) AS year,\n\t\t\t\tSUM(awr.clicks) AS clicks,\n\t\t\t\tSUM(awr.impressions) AS impressions,\n\t\t\t\tIFNULL((SUM(awr.clicks)/SUM(awr.impressions))*100, 0) AS ctr,\n\t\t\t\tIFNULL((SUM(awr.cost)/SUM(awr.clicks)), 0) AS avg_cpc,\n\t\t\t\tSUM(awr.cost) AS cost\n\t\t\tFROM AWReports.AW_ReportAd awr\n\t\t\tWHERE awr.account_id = :client_id\n\t\t\t\tAND CAST(awr.DAY AS DATE) BETWEEN :year_period_start_date AND :year_period_end_date\n\t\t\t\tAND awr.DEVICE IS NOT NULL\n\t\t\tGROUP BY YEAR(awr.DAY), MONTH(awr.DAY)\n\t\t\tORDER BY YEAR(awr.DAY), MONTH(awr.DAY)";
$bind = array(':client_id' => $client_id, ':year_period_start_date' => $year_period_start_date, ':year_period_end_date' => $year_period_end_date);
$result = db::connect('awreports')->select($query)->binds($bind)->execute();
if ($result->row_count() > 0) {
$row = $result->fetch_all();
$template->touchBlock("campaign_summary_google_data");
foreach ($row as $summary_row) {
foreach ($measurement_array as $label) {
${$label}[] = array(substr($month_name[$summary_row['month']], 0, 3) . '/' . $summary_row['year'], round((double) $summary_row[$label], 2));
if (in_array($label, array('clicks', 'impressions'))) {
$template_data['campaign_summary_' . $label] = number_format($summary_row[$label], 0, ".", ",");
$localidad = sanitize_int($_POST['localidad']);
$precio = sanitize_sql_string($_POST['precio']);
$tipo = sanitize_sql_string($_POST['tipo']);
$portada = sanitize_sql_string($_POST['portada']);
$principal = sanitize_sql_string($_POST['principal']);
if ($portada == '') {
$portada = '0';
}
if ($principal == '') {
$principal = '0';
}
if ($precio == '') {
$precio = '0';
}
$imagen = sanitize_sql_string($_POST['himagen']);
$imagen_thumbs = sanitize_sql_string($_POST['himagen_thumb']);
$campos = array('id_vendedor' => $vendedor, 'id_concesionaria' => $concesionaria, 'id_categoria' => $categoria, 'id_marca' => $marca, 'id_modelo' => $modelo, 'id_provincia' => $provincia, 'id_localidad' => $localidad, 'titulo' => $titulo, 'copete' => $copete, 'descripcion' => $descripcion, 'confort' => $confort, 'ano' => $ano, 'recorrido' => $recorrido, 'color' => $color, 'imagen' => "", 'imagen_thumbs' => "", 'precio' => $precio, 'url_amigable' => $url_ami, 'portada' => $portada, 'principal' => $principal, 'tipo' => $tipo);
$db->update('productos', $campos, 'id=' . $id_producto);
// Eliminamos las imagenes seleccionadas
if (is_array($a_archivos)) {
foreach ($a_archivos as $key => $value) {
if ($key != '') {
$db->delete('productos_imagenes', 'id=' . $key);
}
}
}
// Imágenes relacionadas del producto
$i = 0;
foreach ($_FILES as $imagenesT) {
$i++;
if (is_array($_FILES['imagen' . $i]) && $_FILES['imagen' . $i]['name'] != '') {
include 'includes/meta.php';
$id_cliente = $_GET['id'] == '' ? $_POST['id_cliente'] : $_GET['id'];
if (_IS_POST()) {
$codigo = sanitize_sql_string($_POST['codigo']);
$nombre = sanitize_sql_string($_POST['nombre']);
$apellido = sanitize_sql_string($_POST['apellido']);
$dni = sanitize_sql_string($_POST['dni']);
$email = sanitize_sql_string($_POST['email']);
$nacimiento = sanitize_sql_string($_POST['nacimiento']);
$telefono = sanitize_sql_string($_POST['telefono']);
$celular = sanitize_sql_string($_POST['celular']);
$direccion = sanitize_sql_string($_POST['direccion']);
$sexo = sanitize_sql_string($_POST['sexo']);
$usuario = $email;
$clave = sanitize_sql_string($_POST['clave']);
$vendedor = sanitize_sql_string($_POST['vendedor']);
if ($vendedor == '') {
$vendedor = 0;
}
$campos = array('id_vendedor' => $vendedor, 'nombre' => $nombre, 'apellido' => $apellido, 'dni' => $dni, 'email' => $email, 'nacimiento' => $nacimiento, 'sexo' => $sexo, 'telefono' => $telefono, 'celular' => $celular, 'direccion' => $direccion, 'usuario' => $usuario, 'clave' => $clave);
$db->update('clientes', $campos, 'id=' . $id_cliente);
echo "<script>document.location.href='clientes_modificar.php?id=" . $id_cliente . "&err=2';</script>";
}
$aLisReg = $db->select(getRow, 'clientes', array('where' => 'id=' . $id_cliente));
$codigo = $aLisReg['codigo'];
$nombre = $aLisReg['nombre'];
$apellido = $aLisReg['apellido'];
$dni = $aLisReg['dni'];
$email = $aLisReg['email'];
$telefono = $aLisReg['telefono'];
$celular = $aLisReg['celular'];
<?php
include_once '../../includes/config.php';
include_once '../../includes/helpers.php';
include_once '../../includes/sanitize.php';
// recuperamos el criterio de la busqueda
$criterio = $_GET["term"];
if (!$criterio) {
return;
}
?>
[<?php
$aLisPro = $db->select(getAll, 'productos p', array('select' => 'pa.id, p.titulo, pa.titulo as modelo', 'where' => 'p.titulo like "%' . sanitize_sql_string($criterio) . '%"', 'joins' => array('inner join productos_articulos pa on (pa.id_producto=p.id)'), 'order' => 'p.titulo'));
// cada elemento debe tener la forma:
// { label : "lo que quieras que aparezca escrito", value: { datos del producto... } }
for ($i = 0; $i < count($aLisPro); $i++) {
$codigo = $aLisPro[$i]['id'];
$titulo = $aLisPro[$i]['titulo'] . ' - ' . $aLisPro[$i]['modelo'];
$stock = 0;
if ($i > 0) {
print ", ";
}
// agregamos esta linea porque cada elemento debe estar separado por una coma
print "{ \"label\" : \"{$titulo}\", \"value\" : { \"descripcion\" : \"{$codigo}\", \"stock\" : {$stock} } }";
}
// siguiente producto
?>
]
include 'includes/valida-login.php';
include 'includes/meta.php';
$id_empresa = sanitize_int($_GET['id_emp']);
if ($id_empresa == '') {
$id_empresa = sanitize_int($_POST['hid_empresa']);
}
if ($id_empresa == '') {
$id_empresa = $db->select(getOne, 'empresas', array('select' => 'id', 'where' => 'estado="1"', 'order' => 'orden', 'limit' => '0,1'));
}
if (_IS_POST()) {
$sw = true;
$i = 0;
$db->delete('modulos_home', 'id_empresa=' . $id_empresa);
while ($sw) {
$i++;
$titulo = sanitize_sql_string($_POST['modulo' . $i]);
if ($titulo == '') {
$sw = false;
} else {
$campos = array('id_empresa' => $id_empresa, 'titulo' => $titulo);
$db->insert('modulos_home', $campos);
}
}
echo "<script>document.location.href='home.php?err=2&id_emp={$id_empresa}&seccion=nosotros';</script>";
}
$aLisSec = $db->select(getAll, 'modulos_home', array('where' => 'id_empresa=' . $id_empresa));
?>
<link href='http://fonts.googleapis.com/css?family=Ubuntu:300,400,700' rel='stylesheet' type='text/css'>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js/jquery-1.8.3.min.js"></script>
<script type="text/javascript" src="js/botonera.js"></script>
<?php
error_reporting(0);
header('Content-Type: text/html; charset=utf-8');
include_once '../includes/nocache.php';
include_once '../includes/config.php';
include_once '../includes/sanitize.php';
include_once '../includes/helpers.php';
include 'includes/valida-login.php';
include 'includes/meta.php';
$bErr = sanitize_sql_string($_GET['err']);
if (_IS_POST()) {
$aestados = $_POST['estado'];
$aeliminar = $_POST['elimina'];
$estado_gral = $_POST['estado_consulta'];
if (count($aestados) > 0) {
$campos = array('estado' => '0');
$db->update('clientes', $campos, 'id in (' . implode(",", $estado_gral) . ')');
foreach ($aestados as $key => $value) {
if ($key != '') {
$campos = array('estado' => '1');
$db->update('clientes', $campos, 'id=' . $key);
}
}
}
if (is_array($aeliminar)) {
foreach ($aeliminar as $key => $value) {
if ($key != '') {
$db->delete('clientes', 'id=' . $key);
}
}
$oImgReg->allowed = array('image/*');
$oImgReg->Process('../productos/thumbs/');
if ($oImgReg->processed) {
$imagen_thumbs = $oImgReg->file_dst_name;
}
$oImgReg->Clean();
$campos = array('id_producto' => sanitize_sql_string($id_producto), 'imagen' => sanitize_sql_string($imagen), 'imagen_thumbs' => sanitize_sql_string($imagen_thumbs), 'imagen_original' => sanitize_sql_string($imagen_original), 'orden' => $i, 'estado' => '1');
$db->insert('productos_imagenes', $campos);
}
}
}
// Conforts relacionados del producto
$conforts = $_POST['conforts'];
foreach ($conforts as $clave => $valor) {
if ($clave > 0) {
$campos = array('id_producto' => sanitize_sql_string($id_producto), 'id_confort' => sanitize_sql_string($clave), 'orden' => '0', 'estado' => '1');
$db->insert('productos_conforts', $campos);
}
}
redirige_pagina("productos_registro.php?err=2");
}
?>
<link href='http://fonts.googleapis.com/css?family=Ubuntu:300,400,700' rel='stylesheet' type='text/css'>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js/jquery-1.8.3.min.js"></script>
<script type="text/javascript" src="js/botonera.js"></script>
<script type="text/javascript" src="js/validate/jquery.validate.js"></script>
<script src="js/validate/jquery.metadata.js" type="text/javascript"></script>
<link href="css/jquery-ui.css" rel="stylesheet" type="text/css"/>
<?php
include_once '../includes/nocache.php';
include_once '../includes/config.php';
include_once '../includes/sanitize.php';
include_once '../includes/helpers.php';
require_once '../includes/class.upload.php';
include 'includes/valida-login.php';
include 'includes/meta.php';
$id_seccion = 'PUBLICIDAD_HOME_POPUP';
$bErr = 0;
if (_IS_POST()) {
$categoria = $_POST['categoria'];
$titulo = sanitize_sql_string($_POST['titulo']);
$fecha = sanitize_sql_string($_POST['fecha']);
$descripcion = sanitize_sql_string($_POST['descripcion']);
$target = $_POST['target'];
$link = $_POST['link'];
$imagen = $_POST['himagen'];
$imagen_temp = $_POST['himagen_temp'];
$url_ami = urls_amigables($titulo, 'publicidad');
$portada = $_POST['portada'] == '' ? '0' : '1';
if ($_POST['chkborrar'] == '1') {
$imagen = '';
$imagen_temp = '';
}
// IMAGENES DE publicidad
$i = 1;
if (is_array($_FILES['imagen' . $i]) && $_FILES['imagen' . $i]['name'] != '') {
$oImgReg = new Upload($_FILES['imagen' . $i]);
if ($oImgReg->uploaded) {
$id_vehiculo = sanitize_int($_GET['id_pub']);
$aLisReg = $db->select(getRow,'productos p',array('select'=>'p.*,m.titulo as marca, md.titulo as modelo',
'joins'=>array('left join marcas m on (m.id=p.id_marca)','left join modelos md on (md.id=p.id_modelo)'),
'where'=>'p.id='.$id_vehiculo,
'order'=>'p.orden'));
$aLisRegCli = $db->select(getRow,'clientes',array('where'=>'id='.$aLisReg['id_vendedor'],'order'=>'id'));
if(_IS_POST()){
$publicacion = sanitize_sql_string($_GET['publicacion']);
$nombre = sanitize_sql_string($_POST['nombre']);
$email = sanitize_sql_string($_POST['email']);
$telefono = sanitize_sql_string($_POST['telefono']);
$comentario = sanitize_sql_string($_POST['comentario']);
$campos = array(
'id_publicacion' => $aLisReg['id'],
'id_vendedor' => $aLisReg['id_vendedor'],
'nombre' => $nombre,
'telefono' => $telefono,
'email' => $email,
'comentario' => $comentario,
'estado' => '0',
'tipo' => '0',
'fecha' => date("d-m-Y H:i"),
'fecha_registro' => date("Y-m-d")
);
$db->insert('consultas',$campos);
