function user_signup($type)
{
global $lang, $config, $conn;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
$display = '';
$referers = $config['baseurl'];
$referers = str_replace('http://', '', $referers);
$referers = str_replace('https://', '', $referers);
$referers = str_replace('www.', '', $referers);
$referers = explode("/", $referers);
$found = false;
$temp = explode("/", $_SERVER['HTTP_REFERER']);
$referer = $temp[2];
if (eregi($referers[0], $referer)) {
$found = true;
}
if (!$found) {
$temp = $lang['not_authorized'];
return $temp;
} else {
if (!isset($_SERVER['HTTP_USER_AGENT'])) {
$temp = $lang['not_authorized'];
return $temp;
}
}
if ($config['allow_' . $type . '_signup'] == 1) {
if (isset($_POST['edit_user_name'])) {
if ($_POST['edit_user_pass'] != $_POST['edit_user_pass2']) {
$display .= '<p>' . $lang['user_creation_password_identical'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['edit_user_pass'] == '') {
$display .= '<p>' . $lang['user_creation_password_blank'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['edit_user_name'] == '') {
$display .= '<p>' . $lang['user_editor_need_username'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['user_email'] == '') {
$display .= '<p>' . $lang['user_editor_need_email_address'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['user_first_name'] == "") {
$display .= '<p>' . $lang['user_editor_need_first_name'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['user_last_name'] == "") {
$display .= '<p>' . $lang['user_editor_need_last_name'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_SESSION['security_code'] != md5($_POST['security_code']) && $config["use_signup_image_verification"] == 1) {
$display .= '<p>' . $lang['signup_verification_code_not_valid'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} else {
$sql_user_name = $misc->make_db_safe($_POST['edit_user_name']);
$sql_user_email = $misc->make_db_safe($_POST['user_email']);
$sql_user_first_name = $misc->make_db_safe($_POST['user_first_name']);
$sql_user_last_name = $misc->make_db_safe($_POST['user_last_name']);
$pass_the_form = "No";
// first, make sure the user name isn't in use
$sql = 'SELECT userdb_user_name from ' . $config['table_prefix'] . 'userdb WHERE userdb_user_name = ' . $sql_user_name;
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num = $recordSet->RecordCount();
// second, make sure the user eamail isn't in use
$sql2 = 'SELECT userdb_emailaddress from ' . $config['table_prefix'] . 'userdb WHERE userdb_emailaddress = ' . $sql_user_email;
$recordSet2 = $conn->Execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
$num2 = $recordSet2->RecordCount();
if ($num >= 1) {
$pass_the_form = 'No';
$display .= $lang['user_creation_username_taken'];
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($num2 >= 1) {
$pass_the_form = 'No';
$display .= $lang['email_address_already_registered'];
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} else {
// validate the user form
$pass_the_form = $forms->validateForm($type . 'formelements');
if ($pass_the_form == 'No') {
// if we're not going to pass it, tell that they forgot to fill in one of the fields
$display .= '<p>' . $lang['required_fields_not_filled'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
}
if ($pass_the_form != 'Yes') {
// if we're not going to pass it, tell that they forgot to fill in one of the fields
$display .= '<p>' . $lang['required_fields_not_filled'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
}
}
if ($pass_the_form == 'Yes') {
// what the program should do if the form is valid
// generate a random number to enter in as the password (initially)
// we'll need to know the actual account id to help with retrieving the user
// We will be putting in a random number that we know the value of, we can easily
// retrieve the account id in a few moment
// check to see if moderation is turned on...
if ($config['moderate_' . $type . 's'] == 1) {
$set_active = "no";
} else {
if ($type == 'agent') {
if ($config["agent_default_active"] == 0) {
$set_active = "no";
} else {
$set_active = "yes";
}
} else {
$set_active = "yes";
}
}
if ($config["require_email_verification"] == 1) {
$set_active = "no";
}
$sql_user_name = $misc->make_db_safe($_POST['edit_user_name']);
$md5_user_pass = md5($_POST['edit_user_pass']);
$md5_user_pass = $misc->make_db_safe($md5_user_pass);
$sql_user_email = $misc->make_db_safe($_POST['user_email']);
$sql_set_active = $misc->make_db_safe($set_active);
// create the account with the random number as the password
$sql = 'INSERT INTO ' . $config['table_prefix'] . 'userdb (userdb_user_name, userdb_user_password, userdb_user_first_name,userdb_user_last_name, userdb_emailaddress, userdb_creation_date,userdb_last_modified, userdb_active, userdb_comments,userdb_is_admin,userdb_can_edit_site_config,userdb_can_edit_member_template,userdb_can_edit_agent_template,userdb_can_edit_listing_template,userdb_can_feature_listings,userdb_can_view_logs, userdb_hit_count,userdb_can_moderate,userdb_can_edit_pages,userdb_can_have_vtours,userdb_is_agent,userdb_limit_listings,userdb_can_edit_expiration,userdb_can_export_listings,userdb_can_edit_all_users,userdb_can_edit_all_listings,userdb_can_edit_property_classes,userdb_can_have_files,userdb_can_have_user_files) VALUES (' . $sql_user_name . ', ' . $md5_user_pass . ', ' . $sql_user_first_name . ', ' . $sql_user_last_name . ', ' . $sql_user_email . ', ' . $conn->DBDate(time()) . ',' . $conn->DBTimeStamp(time()) . ',' . $sql_set_active . ',\'\',\'no\',\'no\',\'no\',\'no\',\'no\',\'no\',\'no\',0,\'no\',\'no\',\'no\',\'no\',0,\'no\',\'no\',\'no\',\'no\',\'no\',\'no\',\'no\')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$new_user_id = $conn->Insert_ID();
// this is the new user's ID number
// Update Agent Settings
if ($type == 'agent') {
$is_agent = $misc->make_db_safe("yes");
if ($config["agent_default_admin"] == 0) {
$agent_default_admin = $misc->make_db_safe('no');
} else {
$agent_default_admin = $misc->make_db_safe('yes');
}
if ($config["agent_default_feature"] == 0) {
$agent_default_feature = $misc->make_db_safe('no');
} else {
$agent_default_feature = $misc->make_db_safe('yes');
}
if ($config["agent_default_moderate"] == 0) {
$agent_default_moderate = $misc->make_db_safe('no');
} else {
$agent_default_moderate = $misc->make_db_safe('yes');
}
if ($config["agent_default_logview"] == 0) {
$agent_default_logview = $misc->make_db_safe('no');
} else {
$agent_default_logview = $misc->make_db_safe('yes');
}
if ($config["agent_default_edit_site_config"] == 0) {
$agent_default_edit_site_config = $misc->make_db_safe('no');
} else {
$agent_default_edit_site_config = $misc->make_db_safe('yes');
}
if ($config["agent_default_edit_member_template"] == 0) {
$agent_default_edit_member_template = $misc->make_db_safe('no');
} else {
$agent_default_edit_member_template = $misc->make_db_safe('yes');
}
if ($config["agent_default_edit_agent_template"] == 0) {
$agent_default_edit_agent_template = $misc->make_db_safe('no');
} else {
$agent_default_edit_agent_template = $misc->make_db_safe('yes');
}
if ($config["agent_default_edit_listing_template"] == 0) {
$agent_default_edit_listing_template = $misc->make_db_safe('no');
} else {
$agent_default_edit_listing_template = $misc->make_db_safe('yes');
}
if ($config["agent_default_canChangeExpirations"] == 0) {
$agent_default_canChangeExpirations = $misc->make_db_safe('no');
} else {
$agent_default_canChangeExpirations = $misc->make_db_safe('yes');
}
if ($config["agent_default_editpages"] == 0) {
$agent_default_editpages = $misc->make_db_safe('no');
} else {
$agent_default_editpages = $misc->make_db_safe('yes');
}
if ($config["agent_default_havevtours"] == 0) {
$agent_default_havevtours = $misc->make_db_safe('no');
} else {
$agent_default_havevtours = $misc->make_db_safe('yes');
}
if ($config["agent_default_havefiles"] == 0) {
$agent_default_havefiles = $misc->make_db_safe('no');
} else {
$agent_default_havefiles = $misc->make_db_safe('yes');
}
if ($config["agent_default_have_user_files"] == 0) {
$agent_default_have_user_files = $misc->make_db_safe('no');
} else {
$agent_default_have_user_files = $misc->make_db_safe('yes');
}
if ($config["agent_default_can_export_listings"] == 0) {
$agent_default_can_export_listings = $misc->make_db_safe('no');
} else {
$agent_default_can_export_listings = $misc->make_db_safe('yes');
}
if ($config["agent_default_edit_all_users"] == 0) {
$agent_default_edit_all_users = $misc->make_db_safe('no');
} else {
$agent_default_edit_all_users = $misc->make_db_safe('yes');
}
if ($config["agent_default_edit_all_listings"] == 0) {
$agent_default_edit_all_listings = $misc->make_db_safe('no');
} else {
$agent_default_edit_all_listings = $misc->make_db_safe('yes');
}
if ($config["agent_default_edit_property_classes"] == 0) {
$agent_default_edit_property_classes = $misc->make_db_safe('no');
} else {
$agent_default_edit_property_classes = $misc->make_db_safe('yes');
}
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_is_agent = ' . $is_agent . ', userdb_is_admin = ' . $agent_default_admin . ',
userdb_can_feature_listings = ' . $agent_default_feature . ', userdb_can_moderate = ' . $agent_default_moderate . ', userdb_can_view_logs =
' . $agent_default_logview . ', userdb_can_edit_site_config = ' . $agent_default_edit_site_config . ', userdb_can_edit_member_template = ' . $agent_default_edit_member_template . '
, userdb_can_edit_agent_template = ' . $agent_default_edit_agent_template . ', userdb_can_edit_listing_template = ' . $agent_default_edit_listing_template . ', userdb_can_edit_pages = ' . $agent_default_editpages . ',
userdb_can_have_vtours = ' . $agent_default_havevtours . ',
userdb_can_have_files = ' . $agent_default_havefiles . ',
userdb_can_have_user_files = ' . $agent_default_have_user_files . ', userdb_limit_listings = ' . $config["agent_default_num_listings"] . ', userdb_can_edit_expiration = ' . $agent_default_canChangeExpirations . ', userdb_can_export_listings = ' . $agent_default_can_export_listings . ', userdb_can_edit_all_users = ' . $agent_default_edit_all_users . ', userdb_can_edit_all_listings = ' . $agent_default_edit_all_listings . ', userdb_can_edit_property_classes = ' . $agent_default_edit_property_classes . ' WHERE userdb_id = ' . $new_user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
} else {
$is_agent = $misc->make_db_safe("no");
$agent_default_admin = $misc->make_db_safe('no');
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_is_agent = ' . $is_agent . ', userdb_is_admin = ' . $agent_default_admin . ' WHERE userdb_id = ' . $new_user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
// Update Remaining Variables
$message = user_managment::updateUserData($new_user_id);
if ($message == 'success') {
// $user_name = $misc->make_db_unsafe($_POST['edit_user_name']);
$display .= '<p>' . $lang['user_creation_username_success'] . ', ' . $_POST['edit_user_name'] . '</p>';
if ($config['moderate_' . $type . 's'] == 1) {
// if moderation is turned on...
$display .= '<p>' . $lang['admin_new_user_moderated'] . '</p>';
} elseif ($config["require_email_verification"] == 1) {
$display .= '<p>' . $lang['admin_new_user_email_verification'] . '</p>';
} else {
//log the user in
$_POST['user_name'] = $_POST['edit_user_name'];
$_POST['user_pass'] = $_POST['edit_user_pass'];
login::loginCheck('Member');
$display .= '<p>' . $lang['you_may_now_view_priv'] . '</p>';
}
$misc->log_action($lang['log_created_user'] . ': ' . $_POST['edit_user_name']);
if ($config['email_notification_of_new_users'] == 1 && $config["require_email_verification"] == 0) {
// if the site admin should be notified when a new user is added
$message = $_SERVER['REMOTE_ADDR'] . ' -- ' . date('F j, Y, g:i:s a') . "\r\n\r\n" . $lang['admin_new_user'] . ":\r\n" . $config['baseurl'] . '/admin/index.php?action=user_manager&edit=' . $new_user_id . "\r\n";
$header = 'From: ' . $config['admin_name'] . ' <' . $config['admin_email'] . ">\r\n";
$header .= "X-Sender: {$config['admin_email']}\r\n";
$header .= "Return-Path: {$config['admin_email']}\r\n";
mail("{$config['admin_email']}", "{$lang['admin_new_user']}", $message, $header);
}
// end if
if ($config['email_information_to_new_users'] == 1 || $config["require_email_verification"] == 1) {
$message = $lang['user_email_message'] . ":\r\n\r\n";
if ($config['moderate_' . $type . 's'] == 1) {
$message .= $lang['admin_new_user_moderated'] . "\r\n\r\n";
}
if ($config["require_email_verification"] == 1) {
$message .= $lang['admin_new_user_email_verification_message'] . "\r\n\r\n";
$message .= $config['baseurl'] . '/index.php?action=verify_email&id=' . $new_user_id . '&key=' . md5($new_user_id . ':' . $_POST['user_email']) . "\r\n\r\n";
}
$message .= $lang['user_email_login_information'] . "\r\n\r\n" . $lang['user_email_username'] . "\r\n\r\n" . $lang['user_email_password'] . "\r\n\r\n" . $lang['user_email_login_link'];
if ($type == 'member') {
$message .= $config['baseurl'] . '/index.php?action=member_login';
}
if ($type == 'agent') {
$message .= $config['baseurl'] . '/admin/index.php';
}
$message .= "\r\n\r\n" . $lang['user_email_privacy_info'];
if (isset($config['site_email']) && $config['site_email'] != '') {
$sender_email = $config['site_email'];
} else {
$sender_email = $config['admin_email'];
}
$header = 'From: ' . $config['admin_name'] . ' <' . $sender_email . ">\r\n";
$header .= "X-Sender: {$sender_email}\r\n";
$header .= "Return-Path: {$sender_email}\r\n";
$header .= 'Content-Type: text/plain; charset="' . $config["charset"] . '"' . "\r\n";
mail("{$_POST['user_email']}", "{$lang['email_user_subject']}", $message, $header);
}
//end if
} else {
$display .= '<p>' . $lang['alert_site_admin'] . '</p>';
}
// end else
}
// end if
}
// end else
} else {
$display .= '<form action="?action=signup&type=' . $type . '" method="post">';
$display .= '<table class="form_main">';
if ($type == 'agent') {
$display .= '<tr><td colspan="2" class="row_main"><h3>' . $lang['user_signup_agent'] . '</h3><p>Register with us to stay updated on commercial business opportunities</p></td></tr>';
} else {
$display .= '<tr><td colspan="2" class="row_main"><h3>' . $lang['user_signup'] . '</h3></td></tr>';
}
$display .= '<tr>';
$display .= ' <td align="right" class="row_main"><strong>' . $lang['user_name'] . ' <span class="required">*</span></strong></td>';
$display .= ' <td align="left" class="row_main"> <input type="text" name="edit_user_name" /></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td align="right" class="row_main"><strong>' . $lang['user_password'] . ' <span class="required">*</span></strong></td>';
$display .= '<td align="left" class="row_main"> <input type="password" name="edit_user_pass" /></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= ' <td align="right" class="row_main"><strong>' . $lang['user_password'] . '</strong> (' . $lang['again'] . ')<strong><span class="required">*</span></strong> </td>';
$display .= ' <td align="left" class="row_main"> <input type="password" name="edit_user_pass2" /></td>';
$display .= '</tr>';
// First Name
$display .= '<tr>';
$display .= '<td align="right" class="row_main"><b>' . $lang['user_manager_first_name'] . '</b> <b><span class="required">*</span></b></td>';
$display .= '<td align="left" class="row_main"> <input type="text" name="user_first_name" /></td>';
$display .= '</tr>';
// Last name
$display .= '<tr>';
$display .= '<td align="right" class="row_main"><b>' . $lang['user_manager_last_name'] . '</b> <b><span class="required">*</span></b></td>';
$display .= '<td align="left" class="row_main"> <input type="text" name="user_last_name" /></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td align="right" class="row_main"><strong>' . $lang['user_email'] . '</strong> <strong><span class="required">*</span></strong><br />' . $lang['email_not_displayed'] . '</td>';
$display .= ' <td align="left" class="row_main"> <input type="text" name="user_email" /></td>';
$display .= '</tr>';
global $conn;
$sql = 'SELECT ' . $type . 'formelements_field_type, ' . $type . 'formelements_field_name, ' . $type . 'formelements_field_caption, ' . $type . 'formelements_default_text, ' . $type . 'formelements_field_elements, ' . $type . 'formelements_required, ' . $type . 'formelements_tool_tip FROM ' . $config['table_prefix'] . $type . 'formelements ORDER BY ' . $type . 'formelements_rank, ' . $type . 'formelements_field_caption';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$field_type = $recordSet->fields[$type . 'formelements_field_type'];
$field_name = $recordSet->fields[$type . 'formelements_field_name'];
$field_caption = $recordSet->fields[$type . 'formelements_field_caption'];
$default_text = $recordSet->fields[$type . 'formelements_default_text'];
$field_elements = $recordSet->fields[$type . 'formelements_field_elements'];
$required = $recordSet->fields[$type . 'formelements_required'];
$tool_tip = $recordSet->fields[$type . 'formelements_tool_tip'];
$field_type = $misc->make_db_unsafe($field_type);
$field_name = $misc->make_db_unsafe($field_name);
$field_caption = $misc->make_db_unsafe($field_caption);
$default_text = $misc->make_db_unsafe($default_text);
$field_elements = $misc->make_db_unsafe($field_elements);
$required = $misc->make_db_unsafe($required);
$tool_tip = $misc->make_db_unsafe($tool_tip);
$display .= $forms->renderFormElement($field_type, $field_name, $field_caption, $default_text, $field_elements, $required, '', $tool_tip);
$recordSet->MoveNext();
}
// end while
if ($config["use_signup_image_verification"] == 1) {
$display .= '<tr>';
$display .= '<td align="right" class="row_main"></td>';
$display .= '<td align="left" class="row_main"><img src="' . $config['baseurl'] . '/include/class/captcha/captcha_image.php" /></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td align="right" class="row_main"><b>' . $lang['email_verification_code'] . '</b> <b><span class="required">*</span></b></td>';
$display .= '<td align="left" class="row_main"> <input id="security_code" name="security_code" type="text" /></td>';
$display .= '</tr>';
}
$display .= $forms->renderFormElement("submit", "", "{$lang['submit']}", "", "", "", "");
$display .= '<tr><td colspan="2" align="center" class="row_main">' . $lang['required_form_text'] . '</td></tr>';
$display .= '</table>';
$display .= '</form>';
}
} else {
// if users can't sign up...
$display .= '<h3>' . $lang['no_user_signup'] . '</h3>';
}
return $display;
}
function add_listing()
{
@set_time_limit(1500);
global $conn, $lang, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
require_once $config['basepath'] . '/include/listing.inc.php';
$listing = new listing_pages();
$display = '';
$display .= '<span class="section_header">' . $lang['admin_menu_add_a_listing'] . '</span>';
if (isset($_POST['action']) && $_POST['action'] == "create_new_listing") {
// Check Number of Listings User has
if (isset($_POST['or_owner'])) {
$or_owner = $misc->make_db_safe($_POST['or_owner']);
$sql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $or_owner;
} else {
$sql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $_SESSION['userID'];
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$listing_count = $recordSet->fields['listing_count'];
// Get User Listing Limit
if (isset($_POST['or_owner'])) {
$or_owner = $misc->make_db_safe($_POST['or_owner']);
$sql = 'SELECT userdb_limit_listings FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $or_owner;
} else {
$sql = 'SELECT userdb_limit_listings FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $_SESSION['userID'];
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$listing_limit = $recordSet->fields['userdb_limit_listings'];
//Ok Decide if user can have more listings
if ($listing_count >= $listing_limit && $listing_limit != '-1') {
$display .= '<br />';
$display .= '<!-- ' . $listing_count . ' >= ' . $listing_limit . ' -->';
$display .= $lang['admin_listing_limit_reached'];
} else {
// creates a new listing
if ($_POST['title'] == "") {
$display .= "<p>{$lang['admin_new_listing_enter_a_title']}</p>";
$display .= "<form><input type=\"button\" value=\"{$lang['back_button_text']}\" onclick=\"history.back()\" /></form>";
} else {
$pass_the_form = $forms->validateForm('listingsformelements', $_POST['property_class']);
if ($pass_the_form != "Yes") {
// if we're not going to pass it, tell that they forgot to fill in one of the fields
foreach ($pass_the_form as $k => $v) {
if ($v == 'REQUIRED') {
$display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>";
}
if ($v == 'TYPE') {
$display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>";
}
}
$display .= "<form><input type=\"button\" value=\"{$lang['back_button_text']}\" onclick=\"history.back()\" /></form>";
} else {
$title = $misc->make_db_safe($_POST['title']);
$notes = $misc->make_db_safe($_POST['notes']);
$mlsexport = $misc->make_db_safe($_POST['mlsexport']);
if (isset($_POST['or_owner'])) {
$new_listing_owner = $_POST['or_owner'];
$sql_new_listing_owner = $misc->make_db_safe($_POST['or_owner']);
} else {
$new_listing_owner = $_SESSION['userID'];
$sql_new_listing_owner = $misc->make_db_safe($_SESSION['userID']);
}
// check to see if moderation is turned on...
if ($config['moderate_listings'] == false) {
$set_active = "yes";
} else {
$set_active = "no";
}
if (isset($_POST['active'])) {
$set_active = $_POST['active'];
}
// create the account with the random number as the password
$expiration_date = mktime(0, 0, 0, date("m"), date("d") + $config['days_until_listings_expire'], date("Y"));
$sql = "INSERT INTO " . $config['table_prefix'] . "listingsdb (listingsdb_title, listingsdb_notes, userdb_id, listingsdb_active, listingsdb_mlsexport, listingsdb_creation_date, listingsdb_last_modified, listingsdb_expiration, listingsdb_hit_count, listingsdb_featured) VALUES ({$title}, {$notes}, {$sql_new_listing_owner}, '{$set_active}', {$mlsexport}, " . $conn->DBDate(time()) . "," . $conn->DBTimeStamp(time()) . "," . $conn->DBDate($expiration_date) . ",0,'no')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
} else {
$new_listing_id = $conn->Insert_ID();
}
// end while
// Add Listing to the property class system.
foreach ($_POST['property_class'] as $class_id) {
$sql = 'INSERT INTO ' . $config['table_prefix_no_lang'] . 'classlistingsdb (listingsdb_id, class_id) VALUES(' . $new_listing_id . ',' . $class_id . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
// now that that's taken care of, it's time to insert all the rest
// of the variables into the database
$message = listing_editor::updateListingsData($new_listing_id, $new_listing_owner);
if ($message == "success") {
$display .= "<p>{$lang['admin_new_listing_created']}, {$_SESSION['username']}</p>";
if ($config['moderate_listings'] === "1") {
// if moderation is turned on...
$display .= "<p>{$lang['admin_new_listing_moderated']}</p>";
}
if (isset($_POST['or_owner'])) {
$display .= "<p><a href=\"index.php?action=edit_listings&edit={$new_listing_id}\">{$lang['you_may_now_edit_the_listing']}</a></p>";
} else {
$display .= "<p><a href=\"index.php?action=edit_my_listings&edit={$new_listing_id}\">{$lang['you_may_now_edit_your_listing']}</a></p>";
}
$display .= "<br /><p>{$lang['admin_additional_steps']}</p>";
$display .= '<form action="index.php?action=edit_listing_images" method="post" name="edit_listing_images"><input type="hidden" name="edit" value="' . $new_listing_id . '" /><a href="javascript:document.edit_listing_images.submit()">' . $lang['upload_images'] . '</a></form>';
$display .= '<br />';
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevtours'] == "yes") {
$display .= '<form action="index.php?action=edit_vtour_images" method="post" name="edit_vtour_images"><input type="hidden" name="edit" value="' . $new_listing_id . '" /><a href="javascript:document.edit_vtour_images.submit()">' . $lang['upload_vtours'] . '</a></form>';
$display .= '<br />';
}
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") {
$display .= '<form action="index.php?action=edit_listing_files" method="post" name="edit_listing_files"><input type="hidden" name="edit" value="' . $new_listing_id . '" /><a href="javascript:document.edit_listing_files.submit()">' . $lang['upload_files'] . '</a></form>';
$display .= '<br />';
}
$misc->log_action("{$lang['log_created_listing']} {$new_listing_id}");
if ($config['email_notification_of_new_listings'] === "1") {
// if the site admin should be notified when a new listing is added
global $config, $lang;
$agent_email = $listing->getListingEmail($new_listing_id, true);
$agent_first_name = $listing->getListingAgentFirstName($new_listing_id);
$agent_last_name = $listing->getListingAgentLastName($new_listing_id);
$message = $_SERVER['REMOTE_ADDR'] . " -- " . date("F j, Y, g:i:s a") . "\r\n\r\n{$lang['admin_new_listing']}:\r\n{$config['baseurl']}/admin/index.php?action=edit_listings&edit={$new_listing_id}\r\n";
$header = "From: " . $agent_first_name . " " . $agent_last_name . " <" . $agent_email . ">\r\n";
$header .= "X-Sender: {$config['admin_email']}\r\n";
$header .= "Return-Path: {$config['admin_email']}\r\n";
$sent = $misc->send_email($agent_first_name . " " . $agent_last_name, $agent_email, $config['admin_email'], $message, $lang['admin_new_listing']);
}
// end if
} else {
$display .= "<p>{$lang['alert_site_admin']}</p>";
}
// end else
}
// end $pass_the_form == "Yes"
}
// end else
}
//End if (($listing_count >= $listing_limit) && ($listing_limit !== -1))
} else {
// Check Number of Listings User has
$sql = 'SELECT count(listingsdb_id) FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $_SESSION['userID'];
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$listing_count = $recordSet->fields[0];
// Get User Listing Limit
$sql = 'SELECT userdb_limit_listings FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $_SESSION['userID'];
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$listing_limit = $recordSet->fields[0];
$display .= '<!-- ' . $listing_count . ' >= ' . $listing_limit . ' -->';
if ($listing_count >= $listing_limit && $listing_limit !== '-1') {
$display .= '<br />';
$display .= $lang['admin_listing_limit_reached'];
} else {
//START FORM VALIDATION
if (isset($_POST['property_class'])) {
$class_sql = '';
foreach ($_POST['property_class'] as $class_id) {
if (empty($class_sql)) {
$class_sql .= ' class_id = ' . $class_id;
} else {
$class_sql .= ' OR class_id = ' . $class_id;
}
$display .= '<input type="hidden" name="property_class[]" value="' . $class_id . '" />';
}
$pclass_list = '';
$sql = "SELECT DISTINCT(listingsformelements_id) FROM " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql;
$recordSet = $conn->execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
if (empty($pclass_list)) {
$pclass_list .= $recordSet->fields['listingsformelements_id'];
} else {
$pclass_list .= ',' . $recordSet->fields['listingsformelements_id'];
}
$recordSet->Movenext();
}
if ($pclass_list == '') {
$pclass_list = 0;
}
$sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_id IN (" . $pclass_list . ") ORDER BY listingsformelements_rank, listingsformelements_field_name";
} else {
$sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements ORDER BY listingsformelements_rank, listingsformelements_field_name";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$display .= "\r\n<script type=\"text/javascript\" >\r\n";
$display .= "<!--\r\n";
$display .= "function validate_form()\r\n";
$display .= "{\r\n";
$display .= "var msg=\"\"\r\n";
$display .= "valid = true;\r\n";
$display .= "if ( document.addlisting.title.value == \"\" )\r\n";
$display .= "{\r\n";
$display .= "msg += '{$lang['forgot_field']} {$lang['admin_listings_editor_title']} {$lang['admin_template_editor_field']}.\\r\\n';\r\n";
$display .= "valid = false;\r\n";
$display .= "}\r\n";
while (!$recordSet->EOF) {
$field_name = $recordSet->fields['listingsformelements_field_name'];
$field_caption = $recordSet->fields['listingsformelements_field_caption'];
$required = $recordSet->fields['listingsformelements_required'];
if ($required == 'Yes') {
$display .= "if ( document.addlisting.{$field_name}.value == \"\" )\r\n";
$display .= "{\r\n";
$display .= "msg += '{$lang['forgot_field']} {$field_caption} {$lang['admin_template_editor_field']}.\\r\\n';\r\n";
$display .= "valid = false;\r\n";
$display .= "}\r\n";
}
$recordSet->MoveNext();
}
$display .= "if (msg != \"\")\r\n";
$display .= "{\r\n";
$display .= "alert (msg);";
$display .= "}\r\n";
$display .= "return valid;\r\n";
$display .= "}\r\n";
$display .= "//-->\r\n";
$display .= "</script>\r\n";
//END FORM VALIDATION
$display .= '<form name="addlisting" action="index.php?action=add_listing" method="post" onsubmit="return validate_form ( );">';
$display .= '<input type="hidden" name="action" value="create_new_listing" />';
$display .= '<table class="form_main">';
$display .= '<tr>';
$display .= '<td align="right" class="row_main"><b>' . $lang['admin_listings_editor_title'] . '<span class="required">*</span></b></td>';
$display .= '<td align="left" class="row_main"> <input type="text" name="title" /></td>';
$display .= '</tr>';
// Display Agent selection Option to assign listing
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_all_listings'] == "yes") {
$display .= '<tr><td align="right"><b>' . $lang['listing_editor_listing_agent'] . ':</b></td>';
$display .= '<td align="left" class="row_main"><select name="or_owner" size="1">';
// find the name of the agent listed as ID in $edit_or_owner
$sql = "SELECT userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb WHERE (userdb_id = {$_SESSION['userID']})";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// strip slashes so input appears correctly
$agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
$agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
if ($_SESSION['admin_privs'] != "yes") {
$display .= "<option value=\"{$_SESSION['userID']}\">{$agent_last_name},{$agent_first_name}</option>";
}
// fill list with names of all agents
$sql = "SELECT userdb_id, userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb where userdb_is_agent = 'yes' or userdb_is_admin = 'yes' ORDER BY userdb_user_last_name,userdb_user_first_name";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
// strip slashes so input appears correctly
$agent_ID = $recordSet->fields['userdb_id'];
$agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
$agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
if ($agent_ID == $_SESSION['userID']) {
$display .= "<option value=\"{$agent_ID}\" selected=\"selected\">{$agent_last_name},{$agent_first_name}</option>";
} else {
$display .= "<option value=\"{$agent_ID}\">{$agent_last_name},{$agent_first_name}</option>";
}
$recordSet->MoveNext();
}
$display .= "</select></td>";
$display .= '</tr>';
}
if ($config["show_notes_field"] == 1) {
$display .= '<tr>';
$display .= '<td align="right" class="row_main"><b>' . $lang['admin_listings_editor_notes'] . '</b><br /><div class="small">(' . $lang['admin_listings_editor_notes_note'] . ')</div></td>';
$display .= '<td align="left" class="row_main"><textarea name="notes" cols="40" rows="6"></textarea></td>';
$display .= '</tr>';
} else {
$display .= '<input type="hidden" name="notes" value="" />';
}
if ($config["export_listings"] == 1 && $_SESSION['export_listings'] == "yes") {
$display .= '<tr>';
$display .= '<td align="right" class="row_main"><b>' . $lang['admin_listings_editor_mlsexport'] . '</b><br /><div class="small">(' . $lang['admin_listings_editor_mlsexport'] . ')</div></td>';
$display .= '<td align="left" class="row_main">';
$display .= '<select size="1" name="mlsexport">';
$display .= '<option value="no" selected="selected">' . $lang['no'] . '</option>';
$display .= '<option value="yes">' . $lang['yes'] . '</option>';
$display .= '</select>';
$display .= '</td>';
$display .= '</tr>';
} else {
$display .= '<input type="hidden" name="mlsexport" value="no" />';
}
// Determine which fields to show based on property class
if (isset($_POST['property_class'])) {
$class_sql = '';
foreach ($_POST['property_class'] as $class_id) {
if (empty($class_sql)) {
$class_sql .= ' class_id = ' . $class_id;
} else {
$class_sql .= ' OR class_id = ' . $class_id;
}
$display .= '<input type="hidden" name="property_class[]" value="' . $class_id . '" />';
}
$pclass_list = '';
$sql = "SELECT DISTINCT(listingsformelements_id) FROM " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql;
$recordSet = $conn->execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
if (empty($pclass_list)) {
$pclass_list .= $recordSet->fields['listingsformelements_id'];
} else {
$pclass_list .= ',' . $recordSet->fields['listingsformelements_id'];
}
$recordSet->Movenext();
}
if ($pclass_list == '') {
$pclass_list = 0;
}
$sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_id IN (" . $pclass_list . ") ORDER BY listingsformelements_rank, listingsformelements_field_name";
} else {
$sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements ORDER BY listingsformelements_rank, listingsformelements_field_name";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$field_type = $recordSet->fields['listingsformelements_field_type'];
$field_name = $recordSet->fields['listingsformelements_field_name'];
$field_caption = $recordSet->fields['listingsformelements_field_caption'];
$default_text = $recordSet->fields['listingsformelements_default_text'];
$field_elements = $recordSet->fields['listingsformelements_field_elements'];
$required = $recordSet->fields['listingsformelements_required'];
$field_length = $recordSet->fields['listingsformelements_field_length'];
$tool_tip = $recordSet->fields['listingsformelements_tool_tip'];
$field_type = $misc->make_db_unsafe($field_type);
$field_name = $misc->make_db_unsafe($field_name);
$field_caption = $misc->make_db_unsafe($field_caption);
$default_text = $misc->make_db_unsafe($default_text);
$field_elements = $misc->make_db_unsafe($field_elements);
$required = $misc->make_db_unsafe($required);
$field_length = $misc->make_db_unsafe($field_length);
$tool_tip = $misc->make_db_unsafe($tool_tip);
$display .= $forms->renderFormElement($field_type, $field_name, $field_caption, $default_text, $field_elements, $required, $field_length, $tool_tip);
$recordSet->MoveNext();
}
// end while
$display .= $forms->renderFormElement("submit", "", "{$lang['submit']}", "", "", "");
$display .= '<tr><td colspan="2" align="center" class="row_main">' . $lang['required_form_text'] . '</td></tr>';
$display .= '</table>';
$display .= '</form>';
}
//End
}
// end if
return $display;
}
