function view()
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
// find the number of log items
$sql = "SELECT * FROM " . $config['table_prefix'] . "activitylog ORDER BY activitylog_id DESC";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num_rows = $recordSet->RecordCount();
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
$display .= $misc->next_prev($num_rows, intval($_GET['cur_page']), "", '', TRUE);
// put in the next/previous stuff
// build the string to select a certain number of users per page
$limit_str = intval($_GET['cur_page']) * 25;
$recordSet = $conn->SelectLimit($sql, 25, $limit_str);
if ($recordSet === false) {
$misc->log_error($sql);
}
$display .= '<table class="log_viewer" cellpadding="0" cellspacing="0" summary="' . $lang['log_viewer'] . '">';
$display .= '<caption>' . $lang['log_viewer'] . '</caption>';
$display .= '<tr>';
$display .= '<th>' . $lang['id'] . '</th>';
$display .= '<th>' . $lang['date'] . '</th>';
$display .= '<th>' . $lang['user_ip'] . '</th>';
$display .= '<th>' . $lang['user_manager_user_name'] . '</th>';
$display .= '<th>' . $lang['action'] . '</th>';
$display .= '</tr>';
$count = 0;
while (!$recordSet->EOF) {
// alternate the colors
if ($count == 0) {
$count = 1;
} else {
$count = 0;
}
$log_id = $misc->make_db_unsafe($recordSet->fields['activitylog_id']);
$log_date = $recordSet->UserTimeStamp($recordSet->fields['activitylog_log_date'], 'D M j G:i:s T Y');
$log_action = $misc->make_db_unsafe($recordSet->fields['activitylog_action']);
$log_ip = $misc->make_db_unsafe($recordSet->fields['activitylog_ip_address']);
$sqlUser = '******' . $config['table_prefix'] . 'userdb WHERE userdb_id =' . $recordSet->fields['userdb_id'];
$recordSet2 = $conn->execute($sqlUser);
if ($recordSet2 === false) {
$misc->log_error($sqlUser);
}
$first_name = $misc->make_db_unsafe($recordSet2->fields['userdb_user_first_name']);
$last_name = $misc->make_db_unsafe($recordSet2->fields['userdb_user_last_name']);
$display .= '<tr>';
$display .= '<td class="shade_' . $count . '">' . $log_id . '</td>';
$display .= '<td class="shade_' . $count . '">' . $log_date . '</td>';
$display .= '<td class="shade_' . $count . '">' . $log_ip . '</td>';
$display .= '<td class="shade_' . $count . '">' . $last_name . ', ' . $first_name . '</td>';
$display .= '<td class="shade_' . $count . '">' . $log_action . '</td>';
$display .= '</tr>';
$recordSet->MoveNext();
}
// end while
$display .= '</table>';
return $display;
}
function show_users($filter = '', $lookup_field = '', $lookup_value = '')
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
// Verify User is an Admin
$security = login::loginCheck('edit_all_users', true);
$display = '';
$filter_sql = '';
if ($filter == 'agents') {
$filter_sql = " WHERE userdb_is_agent = 'yes'";
} elseif ($filter == 'members') {
$filter_sql = " WHERE userdb_is_agent = 'no' AND userdb_is_admin = 'no'";
} elseif ($filter == 'admins') {
$filter_sql = " WHERE userdb_is_admin = 'yes'";
}
if ($security === true) {
$security2 = login::loginCheck('Admin', true);
if ($security2 === true) {
} else {
if ($filter === 'Show All' || $filter === '') {
$filter_sql = " WHERE userdb_is_admin = 'no'";
}
}
$sql = "SELECT * FROM " . $config['table_prefix'] . "userdb {$filter_sql} ORDER BY userdb_id ";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num_rows = $recordSet->RecordCount();
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
$display .= '<center>' . $misc->next_prev($num_rows, intval($_GET['cur_page']), '', '', TRUE) . '</center>';
// put in the next/previous stuff
// build the string to select a certain number of users per page
$limit_str = intval($_GET['cur_page']) * $config['listings_per_page'];
$recordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str);
if ($recordSet === false) {
$misc->log_error($sql);
}
$count = 0;
// $display .= "<br /><br />";
while (!$recordSet->EOF) {
// alternate the colors
if ($count == 0) {
$count = $count + 1;
} else {
$count = 0;
}
// strip slashes so input appears correctly
$edit_ID = $recordSet->fields['userdb_id'];
$edit_user_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_name']);
$edit_user_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
$edit_user_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
$edit_emailAddress = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']);
$edit_active = $recordSet->fields['userdb_active'];
$edit_isAgent = $recordSet->fields['userdb_is_agent'];
$edit_isAdmin = $recordSet->fields['userdb_is_admin'];
$edit_canEditSiteConfig = $recordSet->fields['userdb_can_edit_site_config'];
$edit_canEditMemberTemplate = $recordSet->fields['userdb_can_edit_member_template'];
$edit_canEditAgentTemplate = $recordSet->fields['userdb_can_edit_agent_template'];
$edit_canEditListingTemplate = $recordSet->fields['userdb_can_edit_listing_template'];
$edit_canFeatureListings = $recordSet->fields['userdb_can_feature_listings'];
$edit_canViewLogs = $recordSet->fields['userdb_can_view_logs'];
$edit_canModerate = $recordSet->fields['userdb_can_moderate'];
$edit_can_have_vtours = $recordSet->fields['userdb_can_have_vtours'];
$edit_can_edit_expiration = $recordSet->fields['userdb_can_edit_expiration'];
$edit_can_export_listings = $recordSet->fields['userdb_can_export_listings'];
$edit_canEditAllListings = $recordSet->fields['userdb_can_edit_all_listings'];
$edit_canEditAllUsers = $recordSet->fields['userdb_can_edit_all_users'];
$edit_canEditPropertyClasses = $recordSet->fields['userdb_can_edit_property_classes'];
// Determine user type
if ($edit_isAgent == 'yes') {
$user_type = $lang['user_manager_agent'];
} elseif ($edit_isAdmin == 'yes') {
$user_type = $lang['user_manager_admin'];
} else {
$user_type = $lang['user_manager_member'];
}
// Layout Start
$display .= '<table width="600" border="0" align="center" cellpadding="0" cellspacing="0">';
// $display .= '<tbody style="border-width:thin;border-style:solid;border-color:#FFFFFF;">';
$display .= '<tr bgcolor="#330099">';
$display .= '<td width="510" colspan="2" style="padding-left:2px">';
$display .= '<span style="color:#FFFFFF;font-weight:bold;">' . $edit_user_first_name . ' ' . $edit_user_last_name . ' (' . $edit_ID . '): ' . $edit_emailAddress . '</span>';
$display .= '</td>';
$display .= '<td width="90" align="right">';
$display .= '<a href="index.php?action=user_manager&edit=' . $edit_ID . '"><img src="images/' . $config['lang'] . '/user_manager_edit.jpg" alt="' . $lang['user_manager_edit_user'] . '" width="16" height="16"></a>';
$display .= '<img src="images/blank.gif" alt=" " width="16" height="16">';
$display .= '<a href="index.php?action=user_manager&delete=' . $edit_ID . '" onclick="return confirmDelete(\'' . $lang['delete_user'] . '\')"><img src="images/' . $config['lang'] . '/user_manager_delete.jpg" alt="' . $lang['user_manager_delete_user'] . '" width="16" height="16"></a>';
$display .= '</td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_user_name'] . ': ' . $edit_user_name . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_account_type'] . ': ' . $user_type . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_active'] . ': ' . $edit_active . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
if ($edit_isAgent == 'yes') {
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_admin'] . ': ' . $edit_isAdmin . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_vtour'] . ': ' . $edit_can_have_vtours . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_featured_listings'] . ': ' . $edit_canFeatureListings . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_edit_expiration'] . ': ' . $edit_can_edit_expiration . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_export_listings'] . ': ' . $edit_can_export_listings . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_edit_all_listings'] . ': ' . $edit_canEditAllListings . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_edit_all_users'] . ': ' . $edit_canEditAllUsers . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_edit_property_classes'] . ': ' . $edit_canEditPropertyClasses . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_moderate'] . ': ' . $edit_canModerate . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_view_logs'] . ': ' . $edit_canViewLogs . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_member_template_access'] . ': ' . $edit_canEditMemberTemplate . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_agent_template_access'] . ': ' . $edit_canEditAgentTemplate . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_listing_template_access'] . ': ' . $edit_canEditListingTemplate . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td colspan="2"><strong>' . $lang['user_manager_site_config_access'] . ': ' . $edit_canEditSiteConfig . '</strong></td>';
$display .= '<td></td>';
$display .= '</tr>';
}
// $display .= '</tbody>';
$display .= '</table>';
$recordSet->MoveNext();
}
// end while
}
// End Verify User isAdmin
return $display;
}
function edit_listings($only_my_listings = true)
{
global $conn, $lang, $config, $listingID;
if ($only_my_listings == false) {
$security = login::loginCheck('edit_all_listings', true);
} else {
$security = login::loginCheck('Agent', true);
}
$display = '';
if ($security === true) {
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$page = new page_user();
// $display .= '<span class="section_header">'.$lang['listings_editor'].'<span><br /><br />';
if (!isset($_GET['delete'])) {
$_GET['delete'] = '';
}
if ($_GET['delete'] != '') {
if ($_SESSION['admin_privs'] == 'yes' || $_SESSION['edit_all_listings'] == 'yes') {
listing_editor::delete_listing($_GET['delete'], false);
} else {
listing_editor::delete_listing($_GET['delete'], true);
}
}
if (!isset($_POST['action'])) {
$_POST['action'] = '';
}
if ($_POST['action'] == "update_listing") {
if ($_SESSION['admin_privs'] == 'yes' || $_SESSION['edit_all_listings'] == 'yes') {
$display .= listing_editor::update_listing(false);
} else {
$display .= listing_editor::update_listing(true);
}
}
// end if $action == "update listing"
if (!isset($_GET['edit'])) {
$_GET['edit'] = '';
}
if (isset($_POST['lookup_field']) && isset($_POST['lookup_value'])) {
$_SESSION['edit_listing_qeb_lookup_field'] = $_POST['lookup_field'];
$_SESSION['edit_listing_qeb_lookup_value'] = $_POST['lookup_value'];
}
if (isset($_SESSION['edit_listing_qeb_lookup_field']) && isset($_SESSION['edit_listing_qeb_lookup_value'])) {
if ($_SESSION['edit_listing_qeb_lookup_field'] != 'listingsdb_id') {
$_POST['lookup_field'] = $_SESSION['edit_listing_qeb_lookup_field'];
$_POST['lookup_value'] = $_SESSION['edit_listing_qeb_lookup_value'];
}
}
if (isset($_POST['filter'])) {
$_SESSION['edit_listing_qeb_filter'] = $_POST['filter'];
}
if (isset($_SESSION['edit_listing_qeb_filter'])) {
$_POST['filter'] = $_SESSION['edit_listing_qeb_filter'];
}
if (isset($_POST['agent_filter'])) {
$_SESSION['edit_listing_qeb_agent_filter'] = $_POST['agent_filter'];
}
if (isset($_SESSION['edit_listing_qeb_agent_filter'])) {
$_POST['agent_filter'] = $_SESSION['edit_listing_qeb_agent_filter'];
}
if (isset($_POST['pclass_filter'])) {
$_SESSION['edit_listing_qeb_pclass_filter'] = $_POST['pclass_filter'];
}
if (isset($_SESSION['edit_listing_qeb_pclass_filter'])) {
$_POST['pclass_filter'] = $_SESSION['edit_listing_qeb_pclass_filter'];
}
if (isset($_POST['lookup_field']) && isset($_POST['lookup_value']) && $_POST['lookup_field'] == 'listingsdb_id' && $_POST['lookup_value'] != '') {
$_GET['edit'] = intval($_POST['lookup_value']);
}
if ($only_my_listings == TRUE) {
unset($_POST['agent_filter']);
}
if ($_GET['edit'] != "") {
$edit = intval($_GET['edit']);
// first, grab the listings's main info
if ($only_my_listings == true) {
$sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_notes, userdb_id, listingsdb_last_modified, listingsdb_featured, listingsdb_active, listingsdb_mlsexport, listingsdb_expiration FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$edit}) AND (userdb_id = '{$_SESSION['userID']}')";
} else {
$sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_notes, userdb_id, listingsdb_last_modified, listingsdb_featured, listingsdb_active, listingsdb_mlsexport, listingsdb_expiration FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$edit})";
}
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($recordSet->RecordCount() > 0) {
// collect up the main DB's various fields
$listing_ID = $misc->make_db_unsafe($recordSet->fields['listingsdb_id']);
$edit_title = $misc->make_db_unsafe($recordSet->fields['listingsdb_title']);
$edit_notes = $misc->make_db_unsafe($recordSet->fields['listingsdb_notes']);
$edit_mlsexport = $misc->make_db_unsafe($recordSet->fields['listingsdb_mlsexport']);
$edit_or_owner = $recordSet->fields['userdb_id'];
$last_modified = $recordSet->UserTimeStamp($recordSet->fields['listingsdb_last_modified'], 'D M j G:i:s T Y');
$edit_featured = $recordSet->fields['listingsdb_featured'];
$edit_active = $recordSet->fields['listingsdb_active'];
$expiration = $recordSet->UserTimeStamp($recordSet->fields['listingsdb_expiration'], $config["date_format_timestamp"]);
// now, display all that stuff
$display .= '<table class="form_main">';
$display .= '<tr>';
$display .= '<td colspan="3" class="row_main">';
if ($only_my_listings == true) {
$display .= '<span class="section_header"><a href="index.php?action=edit_my_listings">' . $lang['listings_editor'] . '</a></span><br />';
} else {
$display .= '<span class="section_header"><a href="index.php?action=edit_listings">' . $lang['listings_editor'] . '</a></span><br />';
}
$display .= '<h3>' . $lang['admin_listings_editor_modify_listing'] . ' (<a href="' . $config['baseurl'] . '/index.php?action=listingview&listingID=' . $listing_ID . '" target="_preview">' . $lang['preview'] . '</a>)</h3>';
$display .= '</td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td valign="top" align="center" class="row_main">';
$display .= '<b>' . $lang['images'] . '</b>';
$display .= '<br />';
$display .= '<hr width="75%" />';
$display .= '<form action="index.php?action=edit_listing_images" method="post" name="edit_listing_images"><input type="hidden" name="edit" value="' . $_GET['edit'] . '" /><a href="javascript:document.edit_listing_images.submit()">' . $lang['edit_images'] . '</a></form>';
$display .= '<br />';
$sql = "SELECT listingsimages_caption, listingsimages_file_name, listingsimages_thumb_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE (listingsdb_id = {$edit}) ORDER BY listingsimages_rank";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$caption = $misc->make_db_unsafe($recordSet->fields['listingsimages_caption']);
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_file_name']);
// gotta grab the image size
$thumb_imagedata = GetImageSize("{$config['listings_upload_path']}/{$thumb_file_name}");
$thumb_imagewidth = $thumb_imagedata[0];
$thumb_imageheight = $thumb_imagedata[1];
$thumb_max_width = $config['thumbnail_width'];
$thumb_max_height = $config['thumbnail_height'];
$resize_by = $config['resize_thumb_by'];
$shrinkage = 1;
if ($thumb_max_width == $thumb_imagewidth || $thumb_max_height == $thumb_imageheight) {
$thumb_displaywidth = $thumb_imagewidth;
$thumb_displayheight = $thumb_imageheight;
} else {
if ($resize_by == 'width') {
$shrinkage = $thumb_imagewidth / $thumb_max_width;
$thumb_displaywidth = $thumb_max_width;
$thumb_displayheight = round($thumb_imageheight / $shrinkage);
} elseif ($resize_by == 'height') {
$shrinkage = $thumb_imageheight / $thumb_max_height;
$thumb_displayheight = $thumb_max_height;
$thumb_displaywidth = round($thumb_imagewidth / $shrinkage);
} elseif ($resize_by == 'both') {
$thumb_displayheight = $thumb_max_height;
$thumb_displaywidth = $thumb_max_width;
}
}
$display .= "<a href=\"{$config['listings_view_images_path']}/{$file_name}\" target=\"_thumb\"> ";
$display .= "<img src=\"{$config['listings_view_images_path']}/{$thumb_file_name}\" height=\"{$thumb_displayheight}\" width=\"{$thumb_displaywidth}\" alt=\"{$thumb_file_name}\" /></a><br /> ";
$display .= "<b>{$caption}</b><br /><br />";
$recordSet->MoveNext();
}
// end while
$display .= '</td>';
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevtours'] == "yes") {
$display .= '<td valign="top" align="center" class="row_main">';
$display .= '<b>' . $lang['vtours'] . '</b>';
$display .= '<br />';
$display .= '<hr width="75%" />';
$display .= '<form action="index.php?action=edit_vtour_images" method="post" name="edit_vtour_images"><input type="hidden" name="edit" value="' . $edit . '" /><a href="javascript:document.edit_vtour_images.submit()">' . $lang['edit_vtours'] . '</a></form>';
$display .= '<br />';
$sql = "SELECT vtourimages_caption, vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE (listingsdb_id = '{$edit}') ORDER BY vtourimages_rank";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$caption = $misc->make_db_unsafe($recordSet->fields['vtourimages_caption']);
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
$ext = substr(strrchr($file_name, '.'), 1);
if ($ext == 'jpg') {
// gotta grab the image size
$imagedata = GetImageSize("{$config['vtour_upload_path']}/{$thumb_file_name}");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
$shrinkage = $config['thumbnail_width'] / $imagewidth;
$displaywidth = $imagewidth * $shrinkage;
$displayheight = $imageheight * $shrinkage;
$display .= "<a href=\"{$config['vtour_view_images_path']}/{$file_name}\" target=\"_thumb\">";
$display .= "<img src=\"{$config['vtour_view_images_path']}/{$thumb_file_name}\" height=\"{$displayheight}\" width=\"{$displaywidth}\" alt=\"{$thumb_file_name}\" /></a><br /> ";
$display .= "<strong>{$caption}</strong><br /><br />";
$recordSet->MoveNext();
} elseif ($ext == 'egg') {
$display .= "<img src=\"{$config['baseurl']}/images/eggimage.gif\" alt=\"eggimage.gif\" /><br /> ";
$recordSet->MoveNext();
} else {
$display .= $file_name . '<br />' . $lang['unsupported_vtour'] . '<br /><br />';
$recordSet->MoveNext();
}
}
// end while
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") {
$display .= '<br />';
} else {
$display .= '</td>';
}
}
// Place the Files list and edit files link on the edit listing page if we are allowed to have files.
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") {
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevtours'] == "yes") {
$display .= '<br />';
} else {
$display .= '<td valign="top" align="center" class="row_main">';
}
$display .= '<b>' . $lang['files'] . '</b>';
$display .= '<br />';
$display .= '<hr width="75%" />';
$display .= '<form action="index.php?action=edit_listing_files" method="post" name="edit_listing_files"><input type="hidden" name="edit" value="' . $_GET['edit'] . '" /><a href="javascript:document.edit_listing_files.submit()">' . $lang['edit_files'] . '</a></form>';
$display .= '<br />';
$sql = "SELECT listingsfiles_id, listingsfiles_caption, listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE (listingsdb_id = '{$_GET['edit']}')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$caption = $misc->make_db_unsafe($recordSet->fields['listingsfiles_caption']);
$file_name = $misc->make_db_unsafe($recordSet->fields['listingsfiles_file_name']);
$file_id = $misc->make_db_unsafe($recordSet->fields['listingsfiles_id']);
$iconext = substr(strrchr($file_name, '.'), 1);
$iconpath = $config["file_icons_path"] . '/' . $iconext . '.png';
if (file_exists($iconpath)) {
$icon = $config["listings_view_file_icons_path"] . '/' . $iconext . '.png';
} else {
$icon = $config["listings_view_file_icons_path"] . '/default.png';
}
$file_download_url = 'index.php?action=create_download&ID=' . $edit . '&file_id=' . $file_id . '&type=listing';
$display .= '<a href="' . $config['baseurl'] . '/' . $file_download_url . '" target="_thumb">';
$display .= '<img src="' . $icon . '" height="' . $config["file_icon_height"] . '" width="' . $config["file_icon_width"] . '" alt="' . $file_name . '" /><br />';
$display .= '<strong>' . $file_name . '</strong></a><br />';
$display .= '<strong>' . $caption . '</strong><br /><br />';
$recordSet->MoveNext();
}
// end while
$display .= '</td>';
}
$display .= '<td class="row_main">';
//START FORM VALIDATION
if (isset($_POST['property_class'])) {
$class_sql = '';
foreach ($_POST['property_class'] as $class_id) {
if (empty($class_sql)) {
$class_sql .= ' class_id = ' . $class_id;
} else {
$class_sql .= ' OR class_id = ' . $class_id;
}
$display .= '<input type="hidden" name="property_class[]" value="' . $class_id . '" />';
}
$pclass_list = '';
$sql = "SELECT DISTINCT(listingsformelements_id) FROM " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql;
$recordSet = $conn->execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
if (empty($pclass_list)) {
$pclass_list .= $recordSet->fields['listingsformelements_id'];
} else {
$pclass_list .= ',' . $recordSet->fields['listingsformelements_id'];
}
$recordSet->Movenext();
}
if ($pclass_list == '') {
$pclass_list = 0;
}
$sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required from " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_id IN (" . $pclass_list . ") ORDER BY listingsformelements_rank, listingsformelements_field_name";
} else {
$sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required from " . $config['table_prefix'] . "listingsformelements ORDER BY listingsformelements_rank, listingsformelements_field_name";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$display .= "\r\n<script type=\"text/javascript\" >\r\n";
$display .= "<!--\r\n";
$display .= "function validate_form()\r\n";
$display .= "{\r\n";
$display .= "var msg=\"\"\r\n";
$display .= "valid = true;\r\n";
$display .= "if ( document.update_listing.title.value == \"\" )\r\n";
$display .= "{\r\n";
$display .= "msg += '{$lang['forgot_field']} {$lang['admin_listings_editor_title']} {$lang['admin_template_editor_field']}.\\r\\n';\r\n";
$display .= "valid = false;\r\n";
$display .= "}\r\n";
while (!$recordSet->EOF) {
$field_name = $recordSet->fields['listingsformelements_field_name'];
$field_caption = $recordSet->fields['listingsformelements_field_caption'];
$required = $recordSet->fields['listingsformelements_required'];
if ($required == 'Yes') {
$display .= "if ( document.update_listing.{$field_name}.value == \"\" )\r\n";
$display .= "{\r\n";
$display .= "msg += '" . html_entity_decode($lang[forgot_field]) . " {$field_caption} " . html_entity_decode($lang[admin_template_editor_field]) . ".\\r\\n';\r\n";
$display .= "valid = false;\r\n";
$display .= "}\r\n";
}
$recordSet->MoveNext();
}
$display .= "if (msg != \"\")\r\n";
$display .= "{\r\n";
$display .= "alert (msg);";
$display .= "}\r\n";
$display .= "return valid;\r\n";
$display .= "}\r\n";
$display .= "//-->\r\n";
$display .= "</script>\r\n";
//END FORM VALIDATION
$display .= '<table>';
if ($only_my_listings == true) {
$display .= '<form name="update_listing" action="index.php?action=edit_my_listings&edit=' . $_GET['edit'] . '" method="post" onsubmit="return validate_form ( );">';
} else {
$display .= '<form name="update_listing" action="index.php?action=edit_listings&edit=' . $_GET['edit'] . '" method="post" onsubmit="return validate_form ( );">';
}
$display .= '<input type="hidden" name="action" value="update_listing">';
$display .= '<input type="hidden" name="edit" value="' . $_GET['edit'] . '">';
$display .= '<tr>';
$display .= '<td align="right"><b>' . $lang['admin_listings_editor_title'] . ': <font color="red">*</font></b></td>';
$display .= '<td align="left"> <input type="text" name="title" value="' . $edit_title . '"></td></tr>';
// Display Property Classes
$sql2 = 'SELECT class_id FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE listingsdb_id =' . $listing_ID;
$recordSet2 = $conn->execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
$selected_class_id = array();
while (!$recordSet2->EOF) {
$selected_class_id[] = $recordSet2->fields['class_id'];
$recordSet2->MoveNext();
}
$sql2 = 'SELECT class_id,class_name FROM ' . $config['table_prefix'] . 'class';
$recordSet2 = $conn->execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
$display .= '<tr><td align="right"><b>' . $lang['admin_listings_editor_property_class'] . '</b></td><td align="left">';
$display .= '<select name="pclass[]"';
if ($config["multiple_pclass_selection"] == '1') {
$display .= ' multiple="multiple" size="5"';
}
$display .= '>';
while (!$recordSet2->EOF) {
$class_id = $recordSet2->fields['class_id'];
$class_name = $misc->make_db_unsafe($recordSet2->fields['class_name']);
if (in_array($class_id, $selected_class_id, true)) {
$display .= '<option value="' . $class_id . '" selected="selected">' . $class_name . '</option>';
} else {
$display .= '<option value="' . $class_id . '">' . $class_name . '</option>';
}
$recordSet2->MoveNext();
}
$display .= '</select></td></tr>';
// End property Class Display
if ($_SESSION['featureListings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$display .= '<tr><td align="right"><b>' . $lang['admin_listings_editor_featured'] . ':</b></td><td align="left">';
$display .= '<select name="featured" size="1">';
$display .= '<option value="' . $edit_featured . '">' . $lang['' . $edit_featured . ''] . '</option>';
$display .= '<option value="">-----</option>';
$display .= '<option value="yes">' . $lang['yes'] . '</option>';
$display .= '<option value="no">' . $lang['no'] . '</option>';
$display .= '</select></td></tr>';
}
// end if ($featureListings == "yes")
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['moderator'] == 'yes') {
$display .= '<tr><td align="right"><b>' . $lang['admin_listings_active'] . ':</b></td><td align="left">';
$display .= '<select name="edit_active" size="1">';
$display .= '<option value="' . $edit_active . '">' . $lang['' . $edit_active . ''] . '</option>';
$display .= '<option value="">-----</option>';
$display .= '<option value="yes">' . $lang['yes'] . '</option>';
$display .= '<option value="no">' . $lang['no'] . '</option>';
$display .= '</select></td></tr>';
if ($config['moderate_listings'] == 1 && $edit_active == 'no') {
$display .= '<tr><td align="right"><b>' . $lang['admin_send_notices'] . ':</b></td><td align="left">';
$display .= '<select name="send_notices" size="1">';
$display .= '<option value="no">' . $lang['no'] . '</option>';
$display .= '<option value="yes">' . $lang['yes'] . '</option>';
$display .= '</select>';
$display .= ' <a href="#" class="tooltip"><img src="images/info.gif" width="16" height="16" /><span>' . $lang['send_notices_tool_tip'] . '</span></a>';
$display .= '</td></tr>';
}
}
// end if ($featureListings == "yes")
if (($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_expiration'] == "yes") && $config['use_expiration'] == "1") {
$display .= '<tr><td align="right" class="row_main"><b>' . $lang['expiration'] . ':</b></td><td align="left"><input type="text" name="edit_expiration" value="' . $expiration . '" onFocus="javascript:vDateType=\'' . $config['date_format'] . '\'" onKeyUp="DateFormat(this,this.value,event,false,\'' . $config['date_format'] . '\')" onBlur="DateFormat(this,this.value,event,true,\'' . $config['date_format'] . '\')" />(' . $config['date_format_long'] . ')</td></tr>';
}
// end if ($admin_privs == "yes" and $config[use_expiration] = "yes")
if ($config["export_listings"] == 1 && $_SESSION['export_listings'] == "yes") {
$display .= '<tr><td align="right"><strong>' . $lang['admin_listings_editor_mlsexport'] . ':</strong></td><td align="left">';
$display .= '<select name="mlsexport" size="1">';
$display .= '<option value="' . $edit_mlsexport . '">' . $lang['' . $edit_mlsexport . ''] . '</option>';
$display .= '<option value="">-----</option>';
$display .= '<option value="yes">' . $lang['yes'] . '</option>';
$display .= '<option value="no">' . $lang['no'] . '</option>';
$display .= '</select>';
$display .= '</td></tr>';
} else {
$display .= '<input type="hidden" name="mlsexport" value="no" />';
}
// Display Agent selection Option to reassign listing
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_all_listings'] == "yes") {
$display .= '<tr><td align="right"><b>' . $lang['listing_editor_listing_agent'] . ':</b></td>';
$display .= '<td align="left" class="row_main"><select name="or_owner" size="1">';
// find the name of the agent listed as ID in $edit_or_owner
$sql = "SELECT userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb WHERE (userdb_id = {$edit_or_owner})";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// strip slashes so input appears correctly
$agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
$agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
$display .= "<option value=\"{$edit_or_owner}\">{$agent_last_name},{$agent_first_name}</option>";
// fill list with names of all agents
$sql = "SELECT userdb_id, userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb where userdb_is_agent = 'yes' or userdb_is_admin = 'yes' ORDER BY userdb_user_last_name,userdb_user_first_name";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
// strip slashes so input appears correctly
$agent_ID = $recordSet->fields['userdb_id'];
$agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
$agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
$display .= "<option value=\"{$agent_ID}\">{$agent_last_name},{$agent_first_name}</option>";
$recordSet->MoveNext();
}
$display .= "</select></td>";
$display .= '</tr>';
} else {
$display .= '<input type="hidden" name="or_owner" value="' . $edit_or_owner . '" />';
}
// Show Notes Field
if ($config["show_notes_field"] == 1) {
$display .= '<tr><td align="right"><b>' . $lang['admin_listings_editor_notes'] . ':</b><br /><div class="small">(' . $lang['admin_listings_editor_notes_note'] . ')</div></td><td align="left"> <textarea name="notes" rows="6" cols="40">' . $edit_notes . '</textarea></td></tr>';
} else {
$display .= '<input type="hidden" name="notes" value="' . $edit_notes . '" />';
}
// Show Listing Fields for this property class
$sql = 'SELECT class_id from ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE listingsdb_id =' . $edit;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$class_sql = '';
while (!$recordSet->EOF()) {
$class_id = $recordSet->fields['class_id'];
if (empty($class_sql)) {
$class_sql .= ' class_id = ' . $class_id;
} else {
$class_sql .= ' OR class_id = ' . $class_id;
}
$recordSet->MoveNext();
}
$class_list = '';
$sql = "SELECT DISTINCT(listingsformelements_id) FROM " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
if (empty($class_list)) {
$class_list .= $recordSet->fields['listingsformelements_id'];
} else {
$class_list .= ',' . $recordSet->fields['listingsformelements_id'];
}
$recordSet->MoveNext();
}
if ($class_list == '') {
$class_list = 0;
}
$sql = "SELECT listingsformelements_field_name, listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip FROM " . $config['table_prefix'] . "listingsformelements left join " . $config['table_prefix'] . "listingsdbelements on listingsdbelements_field_name = listingsformelements_field_name AND listingsdb_id = {$edit} WHERE listingsformelements_id IN (" . $class_list . ") ORDER BY listingsformelements_rank";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$field_name = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_name']);
if (isset($_POST[$field_name])) {
if (is_array($_POST[$field_name])) {
$field_value = "";
foreach ($_POST[$field_name] as $feature_item) {
$feature_item = $misc->make_db_unsafe($feature_item);
$field_value .= "||{$feature_item}";
}
// end while
// now remove the first two characters
$feature_insert_length = strlen($field_value);
$feature_insert_length = $feature_insert_length - 2;
$field_value = substr($field_value, 2, $feature_insert_length);
} else {
$field_value = $misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']);
}
} else {
$field_value = $misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']);
}
$field_type = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_type']);
$field_caption = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_caption']);
$default_text = $misc->make_db_unsafe($recordSet->fields['listingsformelements_default_text']);
$field_elements = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_elements']);
$required = $misc->make_db_unsafe($recordSet->fields['listingsformelements_required']);
$field_length = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_length']);
$tool_tip = $misc->make_db_unsafe($recordSet->fields['listingsformelements_tool_tip']);
// pass the data to the function
$display .= $forms->renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements, $field_length, $tool_tip);
$recordSet->MoveNext();
}
//$editid = substr($edit, 1, -1) * 1;
if ($only_my_listings == true) {
$edit_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&edit=' . $edit;
$delete_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&delete=' . $edit;
} else {
$edit_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&edit=' . $edit;
$delete_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&delete=' . $edit;
}
$display .= '<tr><td colspan="2" align="center">' . $lang[required_form_text] . '</td></tr>';
$display .= '<tr><td colspan="2" align="center"><input type="submit" value="' . $lang[update_button] . '"> <a href="' . $delete_link . '" onclick="return confirmDelete()">' . $lang[admin_listings_editor_delete_listing] . '</a></td></tr></table></form>';
$display .= '</td></tr></table>';
} else {
$display .= '<center><span class="redtext">' . $lang['admin_listings_editor_invalid_listing'] . '</span></center>';
$next_prev = '<center>' . $misc->next_prev($num_rows, $_GET['cur_page'], "", '', TRUE) . '</center>';
// put in the next/previous stuff
$display .= listing_editor::show_quick_edit_bar($next_prev, $only_my_listings);
}
} else {
// show all the listings
$sql_filter = '';
if (isset($_POST['filter'])) {
if ($_POST['filter'] == 'active') {
$sql_filter = " AND listingsdb_active = 'yes' ";
}
if ($_POST['filter'] == 'inactive') {
$sql_filter = " AND listingsdb_active = 'no' ";
}
if ($_POST['filter'] == 'expired') {
$sql_filter = " AND listingsdb_expiration < " . $conn->DBDate(time());
}
if ($_POST['filter'] == 'featured') {
$sql_filter = " AND listingsdb_featured = 'yes' ";
}
if ($_POST['filter'] == 'created_1week') {
$sql_filter = " AND listingsdb_creation_date >= " . $conn->DBDate(date('Y-m-d', strtotime('-1 week')));
}
if ($_POST['filter'] == 'created_1month') {
$sql_filter = " AND listingsdb_creation_date >= " . $conn->DBDate(date('Y-m-d', strtotime('-1 month')));
}
if ($_POST['filter'] == 'created_3month') {
$sql_filter = " AND listingsdb_creation_date >= " . $conn->DBDate(date('Y-m-d', strtotime('-3 month')));
}
}
$lookup_sql = '';
if (isset($_POST['lookup_field']) && isset($_POST['lookup_value']) && $_POST['lookup_field'] != 'listingsdb_id' && $_POST['lookup_field'] != 'listingsdb_title' && $_POST['lookup_value'] != '') {
$lookup_field = $misc->make_db_safe($_POST['lookup_field']);
$lookup_value = $misc->make_db_safe('%' . $_POST['lookup_value'] . '%');
$sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix'] . 'listingsdbelements WHERE listingsdbelements_field_name = ' . $lookup_field . ' AND listingsdbelements_field_value LIKE ' . $lookup_value;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$listing_ids = array();
while (!$recordSet->EOF) {
$listing_ids[] = $recordSet->fields['listingsdb_id'];
$recordSet->MoveNext();
}
if (count($listing_ids) > 0) {
$listing_ids = implode(',', $listing_ids);
} else {
$listing_ids = '0';
}
$lookup_sql = ' AND listingsdb_id IN (' . $listing_ids . ') ';
}
if (isset($_POST['lookup_field']) && isset($_POST['lookup_value']) && $_POST['lookup_field'] == 'listingsdb_title' && $_POST['lookup_value'] != '') {
$lookup_value = $misc->make_db_safe('%' . $_POST['lookup_value'] . '%');
$sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_title LIKE ' . $lookup_value;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$listing_ids = array();
while (!$recordSet->EOF) {
$listing_ids[] = $recordSet->fields['listingsdb_id'];
$recordSet->MoveNext();
}
if (count($listing_ids) > 0) {
$listing_ids = implode(',', $listing_ids);
} else {
$listing_ids = '0';
}
$lookup_sql = ' AND listingsdb_id IN (' . $listing_ids . ') ';
}
if (isset($_POST['pclass_filter']) && $_POST['pclass_filter'] != '') {
$pclass_filter = $misc->make_db_safe($_POST['pclass_filter']);
$sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE class_id = ' . $pclass_filter;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$listing_ids = array();
while (!$recordSet->EOF) {
$listing_ids[] = $recordSet->fields['listingsdb_id'];
$recordSet->MoveNext();
}
if (count($listing_ids) > 0) {
$listing_ids = implode(',', $listing_ids);
} else {
$listing_ids = '0';
}
$pclass_sql = ' AND listingsdb_id IN (' . $listing_ids . ') ';
}
if (isset($_POST['agent_filter']) && $_POST['agent_filter'] != '') {
$agent_filter = $misc->make_db_safe($_POST['agent_filter']);
$sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $agent_filter;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$listing_ids = array();
while (!$recordSet->EOF) {
$listing_ids[] = $recordSet->fields['listingsdb_id'];
$recordSet->MoveNext();
}
if (count($listing_ids) > 0) {
$listing_ids = implode(',', $listing_ids);
} else {
$listing_ids = '0';
}
$agent_sql = ' AND listingsdb_id IN (' . $listing_ids . ') ';
}
// grab the number of listings from the db
if ($only_my_listings == true) {
$sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_mlsexport, listingsdb_notes,\tlistingsdb_expiration, listingsdb_active, listingsdb_featured, listingsdb_hit_count, userdb_emailaddress FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "userdb WHERE " . $config['table_prefix'] . "listingsdb.userdb_id = " . $config['table_prefix'] . "userdb.userdb_id AND (" . $config['table_prefix'] . "userdb.userdb_id = '{$_SESSION['userID']}') {$sql_filter} {$lookup_sql} {$pclass_sql} {$agent_sql} ORDER BY listingsdb_id ASC";
} else {
$sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_mlsexport, listingsdb_notes,\tlistingsdb_expiration, listingsdb_active, listingsdb_featured, listingsdb_hit_count, userdb_emailaddress FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "userdb WHERE " . $config['table_prefix'] . "listingsdb.userdb_id = " . $config['table_prefix'] . "userdb.userdb_id {$sql_filter} {$lookup_sql} {$pclass_sql} {$agent_sql} ORDER BY listingsdb_id ASC";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num_rows = $recordSet->RecordCount();
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
$next_prev = '<center>' . $misc->next_prev($num_rows, $_GET['cur_page'], "", '', TRUE) . '</center>';
// put in the next/previous stuff
$display .= listing_editor::show_quick_edit_bar($next_prev, $only_my_listings);
// build the string to select a certain number of listings per page
$limit_str = $_GET['cur_page'] * $config['listings_per_page'];
$recordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str);
if ($recordSet === false) {
$misc->log_error($sql);
}
$count = 0;
$display .= "<br /><br />";
$page->load_page($config['admin_template_path'] . '/edit_listings.html');
$page->replace_lang_template_tags();
$page->replace_tags();
$addons = $page->load_addons();
$listing_section = $page->get_template_section('listing_dataset');
while (!$recordSet->EOF) {
// alternate the colors
if ($count == 0) {
$count = $count + 1;
} else {
$count = 0;
}
$listing .= $listing_section;
// strip slashes so input appears correctly
$title = $misc->make_db_unsafe($recordSet->fields['listingsdb_title']);
$notes = $misc->make_db_unsafe($recordSet->fields['listingsdb_notes']);
$active = $misc->make_db_unsafe($recordSet->fields['listingsdb_active']);
$featured = $misc->make_db_unsafe($recordSet->fields['listingsdb_featured']);
$mlsexport = $misc->make_db_unsafe($recordSet->fields['listingsdb_mlsexport']);
$email = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']);
$formatted_expiration = $recordSet->UserTimeStamp($recordSet->fields['listingsdb_expiration'], $config["date_format_timestamp"]);
$listingID = $recordSet->fields['listingsdb_id'];
$hit_count = $misc->make_db_unsafe($recordSet->fields['listingsdb_hit_count']);
if ($active == 'yes') {
$active = '<span class="edit_listings_' . $active . '">' . $lang['yes'] . '</span>';
} elseif ($active == 'no') {
$active = '<span class="edit_listings_' . $active . '">' . $lang['no'] . '</span>';
}
if ($featured == 'yes') {
$featured = '<span class="edit_listings_' . $featured . '">' . $lang['yes'] . '</span>';
} elseif ($featured == 'no') {
$featured = '<span class="edit_listings_' . $featured . '">' . $lang['no'] . '</span>';
}
//Add filters to link
if (isset($_POST['lookup_field']) && isset($_POST['lookup_value'])) {
$_GET['lookup_field'] = $_POST['lookup_field'];
$_GET['lookup_value'] = $_POST['lookup_value'];
}
if (isset($_GET['lookup_field']) && isset($_GET['lookup_value'])) {
$_POST['lookup_field'] = $_GET['lookup_field'];
$_POST['lookup_value'] = $_GET['lookup_value'];
}
if ($only_my_listings == true) {
$edit_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&edit=' . $listingID;
$delete_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&delete=' . $listingID;
} else {
$edit_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&edit=' . $listingID;
$delete_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&delete=' . $listingID;
}
$email_link = 'mailto:' . $email;
$listing = $page->replace_listing_field_tags($listingID, $listing);
$listing = $page->parse_template_section($listing, 'listingid', $listingID);
$listing = $page->parse_template_section($listing, 'edit_listing_link', $edit_link);
$listing = $page->parse_template_section($listing, 'delete_listing_link', $delete_link);
$listing = $page->parse_template_section($listing, 'email_agent_link', $email_link);
$listing = $page->parse_template_section($listing, 'listing_active_status', $active);
$listing = $page->parse_template_section($listing, 'listing_featured_status', $featured);
$listing = $page->parse_template_section($listing, 'listing_expiration', $formatted_expiration);
$listing = $page->parse_template_section($listing, 'listing_notes', $notes);
$listing = $page->parse_template_section($listing, 'row_num_even_odd', $count);
$listing = $page->parse_template_section($listing, 'listing_hit_count', $hit_count);
$addon_fields = $page->get_addon_template_field_list($addons);
$listing = $page->parse_addon_tags($listing, $addon_fields);
if ($config["use_expiration"] == 0) {
$listing = $page->remove_template_block('show_expiration', $listing);
} else {
$listing = $page->cleanup_template_block('show_expiration', $listing);
}
$recordSet->MoveNext();
}
// end while
$page->replace_template_section('listing_dataset', $listing);
$page->replace_permission_tags();
$display .= $page->return_page();
}
// end if $edit == ""
} else {
$display .= '<div class="error_text">' . $lang['access_denied'] . '</div>';
}
return $display;
}
/**
* user::view_user()
*
* @param $type
* @return
*/
function view_users()
{
global $conn, $config, $lang, $agent_id;
require_once $config['basepath'] . '/include/misc.inc.php';
require_once $config['basepath'] . '/include/images.inc.php';
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$misc = new misc();
$display = '';
$user_section = '';
$page = new page_user();
$page->load_page($config['template_path'] . '/view_users_default.html');
//Get User Count
$sql = "SELECT count(userdb_id) as user_count FROM " . $config['table_prefix'] . "userdb where userdb_is_agent = 'yes' and userdb_active = 'yes' order by userdb_rank,userdb_user_name";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num_rows = $recordSet->fields['user_count'];
if ($config["show_admin_on_agent_list"] == 0) {
$options = "userdb_is_agent = 'yes'";
} else {
$options = "(userdb_is_agent = 'yes' or userdb_is_admin = 'yes')";
}
$sql = "SELECT userdb_user_name, userdb_user_first_name, userdb_user_last_name, userdb_id FROM " . $config['table_prefix'] . "userdb where " . $options . " and userdb_active = 'yes' order by userdb_rank,userdb_user_name";
//Handle Pagnation
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
$limit_str = intval($_GET['cur_page']) * $config['users_per_page'];
$some_num = intval($_GET['cur_page']) + 1;
$next_prev = $misc->next_prev($num_rows, intval($_GET['cur_page']), $guidestring);
// put in the next/previous stuff
$recordSet = $conn->SelectLimit($sql, $config['users_per_page'], $limit_str);
//$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
$last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
$agent_id = $misc->make_db_unsafe($recordSet->fields['userdb_id']);
$agent_link = user::get_agent_link($recordSet->fields['userdb_id']);
$agent_contact_link = user::contact_agent_link($agent_id);
$agent_fields = user::renderUserInfo($agent_id);
$user_section .= $page->get_template_section('user_block');
$user_section = $page->parse_template_section($user_section, 'agent_first_name', $first_name);
$user_section = $page->parse_template_section($user_section, 'agent_last_name', $last_name);
$user_section = $page->parse_template_section($user_section, 'agent_id', $agent_id);
$user_section = $page->parse_template_section($user_section, 'agent_contact_link', $agent_contact_link);
$user_section = $page->parse_template_section($user_section, 'agent_fields', $agent_fields);
$user_section = $page->parse_template_section($user_section, 'agent_link', $agent_link);
// Insert Agent Image
$sql2 = "SELECT userimages_thumb_file_name FROM " . $config['table_prefix'] . "userimages WHERE userdb_id = {$agent_id} ORDER BY userimages_rank";
$recordSet2 = $conn->Execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
$num_images = $recordSet2->RecordCount();
if ($num_images == 0) {
if ($config['show_no_photo'] == 1) {
$agent_image = '<img src="images/nophoto.gif" alt="' . $lang['no_photo'] . '" />';
$raw_agent_image = 'images/nophoto.gif';
$user_section = $page->cleanup_template_block('agent_image_thumb_1', $user_section);
} else {
$agent_image = '';
$raw_agent_image = '';
}
$user_section = $page->parse_template_section($user_section, 'agent_image_thumb_1', $agent_image);
$user_section = $page->parse_template_section($user_section, 'raw_agent_image_thumb_1', $raw_agent_image);
$user_section = $page->remove_template_block('agent_image_thumb_[1-9]', $user_section);
}
$x = 1;
while (!$recordSet2->EOF) {
$thumb_file_name = $misc->make_db_unsafe($recordSet2->fields['userimages_thumb_file_name']);
if ($thumb_file_name != "") {
// gotta grab the image size
$imagedata = GetImageSize("{$config['user_upload_path']}/{$thumb_file_name}");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
$shrinkage = $config['thumbnail_width'] / $imagewidth;
$displaywidth = $imagewidth * $shrinkage;
$displayheight = $imageheight * $shrinkage;
$agent_image = '<img src="' . $config['user_view_images_path'] . '/' . $thumb_file_name . '" height="' . $displayheight . '" width="' . $displaywidth . '" alt="' . $thumb_file_name . '" />';
$raw_agent_image = $config['user_view_images_path'] . '/' . $thumb_file_name;
}
// end if ($thumb_file_name != "")
// We have the image so insert it into the section.
$user_section = $page->parse_template_section($user_section, 'agent_image_thumb_' . $x, $agent_image);
$user_section = $page->parse_template_section($user_section, 'raw_agent_image_thumb_' . $x, $raw_agent_image);
$user_section = $page->cleanup_template_block('agent_image_thumb_' . $x, $user_section);
$x++;
$recordSet2->MoveNext();
}
// end while
$user_section = preg_replace('{agent_image_thumb_(.*?)}', '', $user_section);
$user_section = preg_replace('{raw_agent_image_thumb_(.*?)}', '', $user_section);
$user_section = $page->remove_template_block('agent_image_thumb_[1-9]', $user_section);
$recordSet->MoveNext();
}
$page->replace_template_section('user_block', $user_section);
$page->page = str_replace('{next_prev}', $next_prev, $page->page);
return $page->page;
}
/**
* **************************************************************************\
* Open-Realty - search_results Function *
* -------------------------------------------- *
* This is the search_results function. The listing_browse page is called is*
* also now a funciton called search_results_old *
* \**************************************************************************
*/
function search_results($return_ids_only = false)
{
$DEBUG_SQL = FALSE;
global $config, $conn, $lang, $current_ID, $db_type;
require_once $config['basepath'] . '/include/misc.inc.php';
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$misc = new misc();
$page = new page();
// Load any addons
$addons = $page->load_addons();
$guidestring = "";
$guidestring_with_sort = "";
// Save GET
// Deal with & still being in the URL
foreach ($_GET as $k => $v) {
if (strpos($k, 'amp;') !== false) {
$new_k = str_replace('amp;', '', $k);
$_GET[$new_k] = $v;
unset($_GET[$k]);
}
}
//Deal with googlebot double encoding URLS.
foreach ($_GET as $k => $v) {
if (strpos($k, '%5B%5D') !== false) {
$new_k = str_replace('%5B%5D', '', $k);
$_GET[$new_k][] = $v;
unset($_GET[$k]);
}
}
foreach ($_GET as $k => $v) {
if ($v != '' && $k != 'listingID' && $k != 'cur_page' && $k != 'action' && $k != 'PHPSESSID' && $k != 'sortby' && $k != 'sorttype' && $k != 'printer_friendly' && $k != 'template') {
if (is_array($v)) {
foreach ($v as $vitem) {
$guidestring .= '&' . urlencode("{$k}") . '[]=' . urlencode("{$vitem}");
}
} else {
$guidestring .= '&' . urlencode("{$k}") . '=' . urlencode("{$v}");
}
}
}
$display = '';
// Now we get the GET and build our WHERE CLAUSE
$searchresultSQL = '';
// Set ImageONly to False
$imageonly = false;
$vtoursonly = false;
$tablelist = array();
$tablelist_fullname = array();
$postalcode_dist_lat = '';
$postalcode_dist_long = '';
$postalcode_dist_dist = '';
$latlong_dist_lat = '';
$latlong_dist_long = '';
$latlong_dist_dist = '';
$city_dist_lat = '';
$city_dist_long = '';
$city_dist_dist = '';
foreach ($_GET as $k => $v) {
if ($k == "sortby") {
$guidestring_with_sort = "{$k}={$v}";
} elseif ($k == "sorttype") {
$guidestring_with_sort = "{$k}={$v}&";
} elseif ($k == 'PageID') {
$searchresultSQL .= '';
} elseif ($k == "user_ID") {
if ($v != '' && $v != 'Any Agent') {
if (is_array($v)) {
$sstring = '';
foreach ($v as $u) {
$u = $misc->make_db_safe($u);
if (empty($sstring)) {
$sstring .= $config['table_prefix'] . 'listingsdb.userdb_id = ' . $u;
} else {
$sstring .= ' OR ' . $config['table_prefix'] . 'listingsdb.userdb_id = ' . $u;
}
}
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL .= '(' . $sstring . ')';
} else {
$sql_v = $misc->make_db_safe($v);
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL .= '(' . $config['table_prefix'] . 'listingsdb.userdb_id = ' . $sql_v . ')';
}
}
} elseif ($k == "featuredOnly") {
// $guidestring .= "&$k=$v";
if ($v == "yes") {
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL = $searchresultSQL . '(' . $config['table_prefix'] . 'listingsdb.listingsdb_featured = \'yes\')';
}
} elseif ($k == 'pclass') {
$class_sql = '';
foreach ($v as $class) {
// Ignore non numberic values
if (is_numeric($class)) {
if (!empty($class_sql)) {
$class_sql .= ' OR ';
}
$class_sql .= $config['table_prefix_no_lang'] . "classlistingsdb.class_id = {$class}";
}
}
if (!empty($class_sql)) {
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL = $searchresultSQL . '(' . $class_sql . ') AND ' . $config['table_prefix_no_lang'] . 'classlistingsdb.listingsdb_id = ' . $config['table_prefix'] . 'listingsdb.listingsdb_id';
$tablelist_fullname[] = $config['table_prefix_no_lang'] . "classlistingsdb";
}
} elseif ($k == "listing_id") {
$listing_id = explode(',', $v);
$i = 0;
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
foreach ($listing_id as $id) {
$id = $misc->make_db_safe($id);
if ($i == 0) {
$searchresultSQL .= '((' . $config['table_prefix'] . 'listingsdb.listingsdb_id = ' . $id . ')';
} else {
$searchresultSQL .= ' OR (' . $config['table_prefix'] . 'listingsdb.listingsdb_id = ' . $id . ')';
}
$i++;
}
$searchresultSQL .= ')';
} elseif ($k == "imagesOnly") {
// Grab only listings with images if that is what we need.
if ($v == "yes") {
$imageonly = true;
}
} elseif ($k == "vtoursOnly") {
// Grab only listings with images if that is what we need.
if ($v == "yes") {
$vtoursonly = true;
}
} elseif ($k == 'listing_last_modified_equal') {
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$safe_v = $conn->DBTimeStamp($v);
$searchresultSQL .= " listingsdb_last_modified = {$safe_v}";
//listingsdb_last_modified
} elseif ($k == 'listing_last_modified_greater') {
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$safe_v = $conn->DBTimeStamp($v);
$searchresultSQL .= " listingsdb_last_modified > {$safe_v}";
//listingsdb_last_modified
} elseif ($k == 'listing_last_modified_less') {
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$safe_v = $conn->DBTimeStamp($v);
$searchresultSQL .= " listingsdb_last_modified < {$safe_v}";
//listingsdb_last_modified
} elseif ($k == 'latlong_dist_lat' || $k == 'latlong_dist_long' || $k == 'latlong_dist_dist' && $v != '') {
switch ($k) {
case 'latlong_dist_lat':
$latlong_dist_lat = $v;
break;
case 'latlong_dist_long':
$latlong_dist_long = $v;
break;
case 'latlong_dist_dist':
$latlong_dist_dist = $v;
break;
}
} elseif ($k == 'postalcode_dist_code' && $v != '') {
$postalcode = $misc->make_db_safe($v);
$sql = 'SELECT zipdist_latitude, zipdist_longitude FROM ' . $config['table_prefix_no_lang'] . 'zipdist WHERE zipdist_zipcode =' . $postalcode;
$postalcode_recordSet = $conn->Execute($sql);
if ($postalcode_recordSet === false) {
$misc->log_error($sql);
}
$postalcode_dist_lat = $misc->make_db_unsafe($postalcode_recordSet->fields['zipdist_latitude']);
$postalcode_dist_long = $misc->make_db_unsafe($postalcode_recordSet->fields['zipdist_longitude']);
} elseif ($k == 'postalcode_dist_dist' && $v != '') {
$postalcode_dist_dist = $v;
} elseif ($k == 'city_dist_code' && $v != '') {
$city = $misc->make_db_safe($v);
$sql = 'SELECT zipdist_latitude, zipdist_longitude FROM ' . $config['table_prefix_no_lang'] . 'zipdist WHERE zipdist_cityname =' . $city;
$city_recordSet = $conn->Execute($sql);
if ($city_recordSet === false) {
$misc->log_error($sql);
}
$city_dist_lat = $misc->make_db_unsafe($city_recordSet->fields['zipdist_latitude']);
$city_dist_long = $misc->make_db_unsafe($city_recordSet->fields['zipdist_longitude']);
} elseif ($k == 'city_dist_dist' && $v != '') {
$city_dist_dist = $v;
} elseif ($v != '' && $k != 'listingID' && $k != 'postalcode_dist_code' && $k != 'postalcode_dist_dist' && $k != 'city_dist_code' && $k != 'city_dist_dist' && $k != 'latlong_dist_lat' && $k != 'latlong_dist_long' && $k != 'latlong_dist_dist' && $k != 'cur_page' && $k != 'action' && $k != 'PHPSESSID' && $k != 'sortby' && $k != 'sorttype' && $k != 'printer_friendly' && $k != 'template' && $k != 'pclass' && $k != 'listing_last_modified_less' && $k != 'listing_last_modified_equal' && $k != 'listing_last_modified_greater') {
if (!is_array($v)) {
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
//Handle NULL/NOTNULL Searches
if (substr($k, -5) == '-NULL' && $v == '1') {
$subk = substr($k, 0, -5);
$searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND (`{$subk}`.listingsdbelements_field_value IS NULL OR `{$subk}`.listingsdbelements_field_value = ''))";
if (!in_array($subk, $tablelist)) {
$tablelist[] = $subk;
}
} elseif (substr($k, -8) == '-NOTNULL' && $v == '1') {
$subk = substr($k, 0, -8);
$searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND (`{$subk}`.listingsdbelements_field_value IS NOT NULL AND `{$subk}`.listingsdbelements_field_value <> ''))";
if (!in_array($subk, $tablelist)) {
$tablelist[] = $subk;
}
} elseif (substr($k, -4) == '-max') {
$subk = substr($k, 0, -4);
if ($db_type == 'mysql') {
$searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND CAST(`{$subk}`.listingsdbelements_field_value as signed) <= '{$v}')";
} else {
$searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND CAST(`{$subk}`.listingsdbelements_field_value as int4) <= '{$v}')";
}
if (!in_array($subk, $tablelist)) {
$tablelist[] = $subk;
}
} else {
if (substr($k, -4) == '-min') {
$subk = substr($k, 0, -4);
if ($db_type == 'mysql') {
$searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND CAST(`{$subk}`.listingsdbelements_field_value as signed) >= '{$v}')";
} else {
$searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND CAST(`{$subk}`.listingsdbelements_field_value as int4) >= '{$v}')";
}
if (!in_array($subk, $tablelist)) {
$tablelist[] = $subk;
}
} elseif (substr($k, -8) == '-maxdate') {
if ($config['date_format'] == 1) {
$format = "%m/%d/%Y";
} elseif ($config['date_format'] == 2) {
$format = "%Y/%d/%m";
} elseif ($config['date_format'] == 3) {
$format = "%d/%m/%Y";
}
$v = $misc->parseDate($v, $format);
$subk = urldecode(substr($k, 0, -8));
$searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND `{$subk}`.listingsdbelements_field_value <= '{$v}')";
if (!in_array($subk, $tablelist)) {
$tablelist[] = $subk;
}
} else {
if (substr($k, -8) == '-mindate') {
if ($config['date_format'] == 1) {
$format = "%m/%d/%Y";
} elseif ($config['date_format'] == 2) {
$format = "%Y/%d/%m";
} elseif ($config['date_format'] == 3) {
$format = "%d/%m/%Y";
}
$v = $misc->parseDate($v, $format);
$subk = urldecode(substr($k, 0, -8));
$searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND `{$subk}`.listingsdbelements_field_value >= '{$v}')";
if (!in_array($subk, $tablelist)) {
$tablelist[] = $subk;
}
} else {
if (substr($k, -5) == '-date') {
if ($config['date_format'] == 1) {
$format = "%m/%d/%Y";
} elseif ($config['date_format'] == 2) {
$format = "%Y/%d/%m";
} elseif ($config['date_format'] == 3) {
$format = "%d/%m/%Y";
}
$v = $misc->parseDate($v, $format);
$subk = urldecode(substr($k, 0, -5));
$searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND `{$subk}`.listingsdbelements_field_value = '{$v}')";
if (!in_array($subk, $tablelist)) {
$tablelist[] = $subk;
}
} elseif ($k == 'searchtext') {
$safe_v = addslashes($v);
$searchresultSQL .= "((`{$k}`.listingsdbelements_field_value like '%{$safe_v}%') OR (listingsdb_title like '%{$safe_v}%'))";
$tablelist[] = $k;
} else {
$safe_v = $misc->make_db_safe($v);
$searchresultSQL .= "(`{$k}`.listingsdbelements_field_name = '{$k}' AND `{$k}`.listingsdbelements_field_value = {$safe_v})";
$tablelist[] = $k;
}
}
}
}
} else {
// Make Sure Array is not empty
$use = false;
$comma_separated = implode(" ", $v);
if (trim($comma_separated) != '') {
$use = true;
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
}
if ($use === true) {
if (substr($k, -3) == '_or') {
$k = substr($k, 0, strlen($k) - 3);
$safe_k = addslashes($k);
$searchresultSQL .= "(`{$safe_k}`.listingsdbelements_field_name = '{$safe_k}' AND (";
$vitem_count = 0;
foreach ($v as $vitem) {
$safe_vitem = addslashes($vitem);
if ($vitem != '') {
if ($vitem_count != 0) {
$searchresultSQL .= " OR `{$safe_k}`.listingsdbelements_field_value LIKE '%{$safe_vitem}%'";
} else {
$searchresultSQL .= " `{$safe_k}`.listingsdbelements_field_value LIKE '%{$safe_vitem}%'";
}
$vitem_count++;
}
}
$searchresultSQL .= "))";
$tablelist[] = $safe_k;
} else {
$safe_k = addslashes($k);
$searchresultSQL .= "(`{$safe_k}`.listingsdbelements_field_name = '{$safe_k}' AND (";
$vitem_count = 0;
foreach ($v as $vitem) {
$safe_vitem = addslashes($vitem);
if ($vitem != '') {
if ($vitem_count != 0) {
$searchresultSQL .= " AND `{$safe_k}`.listingsdbelements_field_value LIKE '%{$safe_vitem}%'";
} else {
$searchresultSQL .= " `{$safe_k}`.listingsdbelements_field_value LIKE '%{$safe_vitem}%'";
}
$vitem_count++;
}
}
$searchresultSQL .= "))";
$tablelist[] = $safe_k;
}
}
}
}
}
if ($postalcode_dist_lat != '' && $postalcode_dist_long != '' && $postalcode_dist_dist != '') {
$sql = "SELECT zipdist_zipcode FROM {$config['table_prefix_no_lang']}zipdist WHERE (POW((69.1*(zipdist_longitude-\"{$postalcode_dist_long}\")*cos({$postalcode_dist_lat}/57.3)),\"2\")+POW((69.1*(zipdist_latitude-\"{$postalcode_dist_lat}\")),\"2\"))<({$postalcode_dist_dist}*{$postalcode_dist_dist}) ";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$zipcodes = array();
while (!$recordSet->EOF) {
$zipcodes[] = $recordSet->fields['zipdist_zipcode'];
$recordSet->MoveNext();
}
$pc_field_name = $config["map_zip"];
// Build Search Query
// Make Sure Array is not empty
$use = false;
$comma_separated = implode(" ", $zipcodes);
if (trim($comma_separated) != '') {
$use = true;
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
}
if ($use === true) {
$searchresultSQL .= "(`{$pc_field_name}`.listingsdbelements_field_name = '{$pc_field_name}' AND (";
$vitem_count = 0;
foreach ($zipcodes as $vitem) {
$safe_vitem = addslashes($vitem);
if ($vitem != '') {
if ($vitem_count != 0) {
$searchresultSQL .= " OR `{$pc_field_name}`.listingsdbelements_field_value = '{$save_vitem}'";
} else {
$searchresultSQL .= " `{$pc_field_name}`.listingsdbelements_field_value = '{$safe_vitem}'";
}
$vitem_count++;
}
}
$searchresultSQL .= "))";
$tablelist[] = $pc_field_name;
}
}
if ($city_dist_lat != '' && $city_dist_long != '' && $city_dist_dist != '') {
$sql = "SELECT zipdist_zipcode FROM {$config['table_prefix_no_lang']}zipdist WHERE (POW((69.1*(zipdist_longitude-\"{$city_dist_long}\")*cos({$city_dist_lat}/57.3)),\"2\")+POW((69.1*(zipdist_latitude-\"{$city_dist_lat}\")),\"2\"))<({$city_dist_dist}*{$city_dist_dist}) ";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$zipcodes = array();
while (!$recordSet->EOF) {
$zipcodes[] = $recordSet->fields['zipdist_zipcode'];
$recordSet->MoveNext();
}
$pc_field_name = $config["map_zip"];
// Build Search Query
// Make Sure Array is not empty
$use = false;
$comma_separated = implode(" ", $zipcodes);
if (trim($comma_separated) != '') {
$use = true;
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
}
if ($use === true) {
$searchresultSQL .= "(`{$pc_field_name}`.listingsdbelements_field_name = '{$pc_field_name}' AND (";
$vitem_count = 0;
foreach ($zipcodes as $vitem) {
$safe_vitem = addslashes($vitem);
if ($vitem != '') {
if ($vitem_count != 0) {
$searchresultSQL .= " OR `{$pc_field_name}`.listingsdbelements_field_value = '{$safe_vitem}'";
} else {
$searchresultSQL .= " `{$pc_field_name}`.listingsdbelements_field_value = '{$safe_vitem}'";
}
$vitem_count++;
}
}
$searchresultSQL .= "))";
$tablelist[] = $pc_field_name;
}
}
//Lat Long Distance
if ($latlong_dist_lat != '' && $latlong_dist_long != '' && $latlong_dist_dist != '') {
/*
max_lon = lon1 + arcsin(sin(D/R)/cos(lat1))
min_lon = lon1 - arcsin(sin(D/R)/cos(lat1))
max_lat = lat1 + (180/pi)(D/R)
min_lat = lat1 - (180/pi)(D/R)
*/
//$max_long = $latlong_dist_long + asin(sin($latlong_dist_dist/3956)/cos($latlong_dist_lat));
//$min_long = $latlong_dist_long - asin(sin($latlong_dist_dist/3956)/cos($latlong_dist_lat));
//$max_lat = $latlong_dist_lat + (180/pi())*($latlong_dist_dist/3956);
//$min_lat = $latlong_dist_lat - (180/pi())*($latlong_dist_dist/3956);
/*
Latitude:
Apparently a degree of latitude expressed in miles does
vary slighty by latitude
(http://www.ncgia.ucsb.edu/education/curricula/giscc/units/u014/tables/table01.html)
but for our purposes, I suggest we use 1 degree latitude
= 69 miles.
Longitude:
This is more tricky one since it varies by latitude
(http://www.ncgia.ucsb.edu/education/curricula/giscc/units/u014/tables/table02.html).
The
simplest formula seems to be:
1 degree longitude expressed in miles = cos (latitude) *
69.17 miles
*/
//Get Correct Milage for ong based on lat.
$cos_long = 69.17;
if ($latlong_dist_lat >= 10) {
$cos_long = 68.13;
}
if ($latlong_dist_lat >= 20) {
$cos_long = 65.03;
}
if ($latlong_dist_lat >= 30) {
$cos_long = 59.95;
}
if ($latlong_dist_lat >= 40) {
$cos_long = 53.06;
}
if ($latlong_dist_lat >= 50) {
$cos_long = 44.55;
}
if ($latlong_dist_lat >= 60) {
$cos_long = 34.67;
}
if ($latlong_dist_lat >= 70) {
$cos_long = 23.73;
}
if ($latlong_dist_lat >= 80) {
$cos_long = 12.05;
}
if ($latlong_dist_lat >= 90) {
$cos_long = 0;
}
$max_long = $latlong_dist_long + $latlong_dist_dist / (cos(deg2rad($latlong_dist_lat)) * $cos_long);
$min_long = $latlong_dist_long - $latlong_dist_dist / (cos(deg2rad($latlong_dist_lat)) * $cos_long);
$max_lat = $latlong_dist_lat + $latlong_dist_dist / 69;
$min_lat = $latlong_dist_lat - $latlong_dist_dist / 69;
//
if ($max_lat < $min_lat) {
$max_lat2 = $min_lat;
$min_lat = $max_lat;
$max_lat = $max_lat2;
}
if ($max_long < $min_long) {
$max_long2 = $min_long;
$min_long = $max_long;
$max_long = $max_long2;
}
// Lat and Long Fields
$sql = "SELECT listingsformelements_field_name FROM " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_field_type = 'lat'";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$lat_field = $recordSet->fields['listingsformelements_field_name'];
$sql = "SELECT listingsformelements_field_name FROM " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_field_type = 'long'";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
$long_field = $recordSet->fields['listingsformelements_field_name'];
if ($lat_field != '' & $long_field != '') {
$tablelist[] = $lat_field;
$tablelist[] = $long_field;
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL .= "(`{$lat_field}`.listingsdbelements_field_name = '{$lat_field}' AND `{$lat_field}`.listingsdbelements_field_value+0 <= '{$max_lat}')";
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL .= "(`{$lat_field}`.listingsdbelements_field_name = '{$lat_field}' AND `{$lat_field}`.listingsdbelements_field_value+0 >= '{$min_lat}')";
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL .= "(`{$long_field}`.listingsdbelements_field_name = '{$long_field}' AND `{$long_field}`.listingsdbelements_field_value+0 <= '{$max_long}')";
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL .= "(`{$long_field}`.listingsdbelements_field_name = '{$long_field}' AND `{$long_field}`.listingsdbelements_field_value+0 >= '{$min_long}')";
}
}
// Handle Sorting
// sort the listings
// this is the main SQL that grabs the listings
// basic sort by title..
$group_order_text = '';
$sortby = '';
$sorttype = '';
if ($config["special_sortby"] != 'none') {
$sortby = $config["special_sortby"] . ',';
$sorttype = $config["special_sorttype"] . ',';
}
if (!isset($_GET['sortby'])) {
$_GET['sortby'] = $config["sortby"];
}
if (!isset($_GET['sorttype'])) {
$_GET['sorttype'] = $config["sorttype"];
}
$sortby .= $_GET['sortby'];
$sorttype .= $_GET['sorttype'];
$sql_sort_type = '';
$sortby_array = explode(',', $sortby);
$sorttype_array = explode(',', $sorttype);
$sort_text = '';
$order_text = '';
$group_order_text = '';
$tablelist_nosort = $tablelist;
$sort_count = count($sortby_array);
for ($x = 0; $x < $sort_count; $x++) {
//make sure user input is sanitized before adding to query string
$sortby_array[$x] = $misc->sanitize($sortby_array[$x]);
$sorttype_array[$x] = $misc->sanitize($sorttype_array[$x], 4);
//limit length to 4 characters as sorttype can only be ASC or DESC
if ($sorttype_array[$x] != 'ASC' && $sorttype_array[$x] != 'DESC') {
$sorttype_array[$x] = '';
}
if ($sortby_array[$x] == 'listingsdb_id') {
if ($x == 0) {
$order_text .= 'ORDER BY listingsdb_id ' . $sorttype_array[$x];
} else {
$order_text .= ',listingsdb_id ' . $sorttype_array[$x];
}
} elseif ($sortby_array[$x] == 'listingsdb_title') {
if ($x == 0) {
$order_text .= 'ORDER BY listingsdb_title ' . $sorttype_array[$x];
} else {
$order_text .= ',listingsdb_title ' . $sorttype_array[$x];
}
} elseif ($sortby_array[$x] == 'random') {
if ($x == 0) {
$order_text .= 'ORDER BY rand() ' . $sorttype_array[$x];
} else {
$order_text .= ',rand() ' . $sorttype_array[$x];
}
} elseif ($sortby_array[$x] == 'listingsdb_featured') {
if ($x == 0) {
$order_text .= 'ORDER BY listingsdb_featured ' . $sorttype_array[$x];
} else {
$order_text .= ',listingsdb_featured ' . $sorttype_array[$x];
}
} elseif ($sortby_array[$x] == 'listingsdb_last_modified') {
if ($x == 0) {
$order_text .= 'ORDER BY listingsdb_last_modified ' . $sorttype_array[$x];
} else {
$order_text .= ',listingsdb_last_modified ' . $sorttype_array[$x];
}
} elseif ($sortby_array[$x] == 'pclass') {
if ($searchresultSQL != '') {
$searchresultSQL .= ' AND ';
}
$searchresultSQL .= $config['table_prefix_no_lang'] . 'classlistingsdb.listingsdb_id = ' . $config['table_prefix'] . 'listingsdb.listingsdb_id AND ' . $config['table_prefix_no_lang'] . 'classlistingsdb.class_id = ' . $config['table_prefix'] . 'class.class_id ';
$tablelist_fullname[] = $config['table_prefix_no_lang'] . "classlistingsdb";
$tablelist_fullname[] = $config['table_prefix'] . 'class';
if ($x == 0) {
$order_text .= 'ORDER BY ' . $config['table_prefix'] . 'class.class_name ' . $sorttype_array[$x];
} else {
$order_text .= ',' . $config['table_prefix'] . 'class.class_name ' . $sorttype_array[$x];
}
} else {
// Check if field is a number or price field and cast the order.
$sort_by_field = $misc->make_db_extra_safe($sortby_array[$x]);
$sql_sort_type = 'SELECT listingsformelements_field_type FROM ' . $config['table_prefix'] . 'listingsformelements WHERE listingsformelements_field_name = ' . $sort_by_field;
$recordSet_sort_type = $conn->Execute($sql_sort_type);
if (!$recordSet_sort_type) {
$misc->log_error($sql_sort_type);
}
$field_type = $recordSet_sort_type->fields['listingsformelements_field_type'];
if ($field_type == 'price' || $field_type == 'number' || $field_type == 'decimal') {
$tablelist[] = 'sort' . $x;
$sort_text .= 'AND (sort' . $x . '.listingsdbelements_field_name = ' . $sort_by_field . ') ';
global $db_type;
if ($db_type == 'mysql') {
if ($x == 0) {
$order_text .= ' ORDER BY CAST(sort' . $x . '.listingsdbelements_field_value as signed) ' . $sorttype_array[$x];
$group_order_text .= ',sort' . $x . '.listingsdbelements_field_value';
} else {
$order_text .= ',CAST(sort' . $x . '.listingsdbelements_field_value as signed) ' . $sorttype_array[$x];
$group_order_text .= ',sort' . $x . '.listingsdbelements_field_value';
}
} else {
if ($x == 0) {
$order_text .= ' ORDER BY CAST(sort' . $x . '.listingsdbelements_field_value as int4) ' . $sorttype_array[$x];
$group_order_text .= ',sort' . $x . '.listingsdbelements_field_value';
} else {
$order_text .= ',CAST(sort' . $x . '.listingsdbelements_field_value as int4) ' . $sorttype_array[$x];
$group_order_text .= ',sort' . $x . '.listingsdbelements_field_value';
}
}
} else {
$tablelist[] = 'sort' . $x;
$sort_text .= 'AND (sort' . $x . '.listingsdbelements_field_name = ' . $sort_by_field . ') ';
if ($x == 0) {
$order_text .= ' ORDER BY sort' . $x . '.listingsdbelements_field_value ' . $sorttype_array[$x];
} else {
$order_text .= ', sort' . $x . '.listingsdbelements_field_value ' . $sorttype_array[$x];
}
$group_order_text .= ',sort' . $x . '.listingsdbelements_field_value';
}
}
}
$group_order_text = $group_order_text . ' ' . $order_text;
if ($imageonly == true || $vtoursonly == true) {
$order_text = "GROUP BY " . $config['table_prefix'] . "listingsdb.listingsdb_id, " . $config['table_prefix'] . "listingsdb.listingsdb_title " . $group_order_text;
}
if ($DEBUG_SQL) {
echo '<strong>Sort Type SQL:</strong> ' . $sql_sort_type . '<br />';
echo '<strong>Sort Text:</strong> ' . $sort_text . '<br />';
echo '<strong>Order Text:</strong> ' . $order_text . '<br />';
}
$guidestring_with_sort = $guidestring_with_sort . $guidestring;
// End of Sort
$arrayLength = count($tablelist);
if ($DEBUG_SQL) {
echo '<strong>Table List Array Length:</strong> ' . $arrayLength . '<br />';
}
$string_table_list = '';
for ($i = 0; $i < $arrayLength; $i++) {
$string_table_list .= ' ,' . $config['table_prefix'] . 'listingsdbelements `' . $tablelist[$i] . '`';
}
$arrayLength = count($tablelist_nosort);
$string_table_list_no_sort = '';
for ($i = 0; $i < $arrayLength; $i++) {
$string_table_list_no_sort .= ' ,' . $config['table_prefix'] . 'listingsdbelements `' . $tablelist[$i] . '`';
}
$arrayLength = count($tablelist_fullname);
if ($DEBUG_SQL) {
echo '<strong>Table List Array Length:</strong> ' . $arrayLength . '<br />';
}
for ($i = 0; $i < $arrayLength; $i++) {
$string_table_list .= ' ,' . $tablelist_fullname[$i];
$string_table_list_no_sort .= ' ,' . $tablelist_fullname[$i];
}
if ($DEBUG_SQL) {
echo '<strong>Table List String:</strong> ' . $string_table_list . '<br />';
}
$arrayLength = count($tablelist);
$string_where_clause = '';
for ($i = 0; $i < $arrayLength; $i++) {
$string_where_clause .= ' AND (' . $config['table_prefix'] . 'listingsdb.listingsdb_id = `' . $tablelist[$i] . '`.listingsdb_id)';
}
$arrayLength = count($tablelist_nosort);
$string_where_clause_nosort = '';
for ($i = 0; $i < $arrayLength; $i++) {
$string_where_clause_nosort .= ' AND (' . $config['table_prefix'] . 'listingsdb.listingsdb_id = `' . $tablelist[$i] . '`.listingsdb_id)';
}
if ($imageonly) {
$searchSQL = "SELECT distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id), " . $config['table_prefix'] . "listingsdb.userdb_id, " . $config['table_prefix'] . "listingsdb.listingsdb_title FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "listingsimages " . $string_table_list . " WHERE (listingsdb_active = 'yes') " . $string_where_clause . " AND (" . $config['table_prefix'] . "listingsimages.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id) ";
$searchSQLCount = "SELECT COUNT(distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id)) as total_listings FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "listingsimages " . $string_table_list_no_sort . " WHERE (listingsdb_active = 'yes') " . $string_where_clause_nosort . " AND (" . $config['table_prefix'] . "listingsimages.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id) ";
} elseif ($vtoursonly) {
$searchSQL = "SELECT distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id), " . $config['table_prefix'] . "listingsdb.userdb_id, " . $config['table_prefix'] . "listingsdb.listingsdb_title FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "vtourimages " . $string_table_list . " WHERE (listingsdb_active = 'yes') " . $string_where_clause . " AND (" . $config['table_prefix'] . "vtourimages.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id) ";
$searchSQLCount = "SELECT COUNT(distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id)) as total_listings FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "vtourimages " . $string_table_list_no_sort . " WHERE (listingsdb_active = 'yes') " . $string_where_clause_nosort . " AND (" . $config['table_prefix'] . "vtourimages.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id) ";
} else {
$searchSQL = "SELECT distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id), " . $config['table_prefix'] . "listingsdb.userdb_id, " . $config['table_prefix'] . "listingsdb.listingsdb_title FROM " . $config['table_prefix'] . "listingsdb " . $string_table_list . " WHERE (listingsdb_active = 'yes') " . $string_where_clause;
$searchSQLCount = "SELECT COUNT(distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id)) as total_listings FROM " . $config['table_prefix'] . "listingsdb " . $string_table_list_no_sort . " WHERE (listingsdb_active = 'yes') " . $string_where_clause_nosort;
}
if ($searchresultSQL != '') {
$searchSQL .= " AND " . $searchresultSQL;
$searchSQLCount .= " AND " . $searchresultSQL;
}
if ($config['use_expiration'] == 1) {
$searchSQL .= " AND (listingsdb_expiration > " . $conn->DBDate(time()) . ")";
$searchSQLCount .= " AND (listingsdb_expiration > " . $conn->DBDate(time()) . ")";
}
$sql = $searchSQL . " {$sort_text} {$order_text}";
$searchSQLCount = $searchSQLCount;
// We now have a complete SQL Query. Now grab the results
$recordSet = $conn->Execute($searchSQLCount);
if ($DEBUG_SQL) {
echo '<strong>Listing Count:</strong> ' . $searchSQLCount . '<br />';
}
if (!$recordSet) {
$misc->log_error($searchSQLCount);
}
// We have the results so now we need to stack them in arrays to use with the search_result.html template file
// Load the templste
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$page = new page_user();
if (count($_GET['pclass']) == 1 && file_exists($config['template_path'] . '/search_results_class_' . $_GET['pclass'][0] . '.html')) {
$page->load_page($config['template_path'] . '/search_results_class_' . $_GET['pclass'][0] . '.html');
} else {
$page->load_page($config['template_path'] . '/' . $config['search_result_template']);
}
// Get header section
$header_section = $page->get_template_section('search_result_header');
$search_result = '';
// Ok we have the header section now get the result section
$search_result_section = $page->get_template_section('search_result_dataset');
// Get the number of rows(records) we have.
// $num_rows = $recordSet->RecordCount();
$num_rows = $recordSet->fields['total_listings'];
if ($return_ids_only === true) {
// If we are returning IDs only for the notify listing then get the id and move on.
$id = array();
$resultRecordSet = $conn->Execute($sql);
if (!$resultRecordSet) {
$misc->log_error($sql);
}
if ($DEBUG_SQL) {
echo '<strong>Search SQL:</strong> ' . $sql . '<br />';
}
while (!$resultRecordSet->EOF) {
$id[] = $resultRecordSet->fields['listingsdb_id'];
$resultRecordSet->MoveNext();
}
// while
return $id;
} elseif ($return_ids_only === 'perpage') {
$id = array();
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
$limit_str = intval($_GET['cur_page']) * $config['listings_per_page'];
$resultRecordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str);
if (!$resultRecordSet) {
$misc->log_error($sql);
}
if ($DEBUG_SQL) {
echo '<strong>Search SQL:</strong> ' . $sql . '<br />';
}
while (!$resultRecordSet->EOF) {
$id[] = $resultRecordSet->fields['listingsdb_id'];
$resultRecordSet->MoveNext();
}
// while
return $id;
} else {
if ($num_rows > 0) {
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
// build the string to select a certain number of listings per page
$limit_str = intval($_GET['cur_page']) * $config['listings_per_page'];
$num_records = $config['listings_per_page'];
$some_num = intval($_GET['cur_page']) + 1;
$this_page_max = $some_num * $config['listings_per_page'];
// Check if we're setting a maximum number of search results
if ($config["max_search_results"] > 0) {
// Check if we've reached the max number of listings setting.
if ($this_page_max > $config["max_search_results"]) {
$num_records = $this_page_max - $config["max_search_results"];
}
// Failsafe check in case the max search results was set lower than the listings per page setting.
if ($config["max_search_results"] < $config['listings_per_page']) {
$num_records = $config["max_search_results"];
}
// Adjust the $num_rows for the next_prev function to show at the max the max results setting
if ($num_rows > $config["max_search_results"]) {
$num_rows = $config["max_search_results"];
}
}
if ($config['show_next_prev_listing_page'] == 1) {
// ************added for next prev navigation***********
$newurl = '';
foreach ($_GET as $k => $v) {
if ($v && $k != 'cur_page' && $k != 'PHPSESSID' && $k != 'action') {
if (is_array($v)) {
foreach ($v as $vitem) {
$newurl .= '&' . urlencode("{$k}") . '[]=' . urlencode("{$vitem}");
}
} else {
$newurl .= '&' . urlencode("{$k}") . '=' . urlencode("{$v}");
}
}
}
$rtest = $conn->Execute($sql);
if (!$rtest) {
$misc->log_error($sql);
}
$_SESSION['results'] = array();
$_SESSION['titles'] = array();
while (!$rtest->EOF) {
$ID = $rtest->fields['listingsdb_id'];
$url_title = $rtest->fields['listingsdb_title'];
$url_title = str_replace("/", "", $url_title);
$url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title));
$url_title = str_replace(" ", "+", $url_title);
$_SESSION['results'][] = $ID;
$_SESSION['titles'][] = $url_title;
$rtest->MoveNext();
}
$_SESSION['cur_page'] = intval($_GET['cur_page']);
$_SESSION['searchstring'] = $newurl;
$_SESSION['count'] = $num_rows;
// ************added for next prev navigation***********
}
// Store the next_prev code as a variable to place in the template
$next_prev = $misc->next_prev($num_rows, intval($_GET['cur_page']), $guidestring_with_sort);
$next_prev_bottom = $misc->next_prev($num_rows, intval($_GET['cur_page']), $guidestring_with_sort, 'bottom');
$resultRecordSet = $conn->SelectLimit($sql, $num_records, $limit_str);
if (!$resultRecordSet) {
$misc->log_error($sql);
}
if ($DEBUG_SQL) {
echo '<strong>Search SQL:</strong> ' . $sql . '<br />';
}
// Get the the fields marked as browseable.
$sql = "SELECT listingsformelements_id, listingsformelements_field_caption, listingsformelements_field_name, listingsformelements_display_priv, listingsformelements_search_result_rank FROM " . $config['table_prefix'] . "listingsformelements WHERE (listingsformelements_display_on_browse = 'Yes') AND (listingsformelements_field_type <> 'textarea') ORDER BY listingsformelements_search_result_rank";
$recordSet = $conn->Execute($sql);
$num_columns = $recordSet->RecordCount();
// Get header_title
$field_caption = $lang['title'];
$field_name = "listingsdb_title";
$sorttypestring = '';
$sort_type_count = 0;
foreach ($sortby_array as $sortby) {
if ($sortby == $field_name) {
if (!isset($sorttype_array[$sort_type_count]) || $sorttype_array[$sort_type_count] == 'DESC') {
$reverse_sort = 'ASC';
} else {
$reverse_sort = 'DESC';
}
$sorttypestring = 'sorttype=' . $reverse_sort;
}
$sort_type_count++;
}
if ($sorttypestring == '') {
$sorttypestring = "sorttype=ASC";
}
// This is header_title it is the lang variable for title
$header_title = '<a href="index.php?action=searchresults&sortby=' . $field_name . '&' . $sorttypestring . $guidestring . '">' . $field_caption . '</a>';
$header_title_no_sort = $field_caption;
// Get header_title
$field_caption = $lang['header_pclass'];
$field_name = "pclass";
$sorttypestring = '';
$sort_type_count = 0;
foreach ($sortby_array as $sortby) {
if ($sortby == $field_name) {
if (!isset($sorttype_array[$sort_type_count]) || $sorttype_array[$sort_type_count] == 'DESC') {
$reverse_sort = 'ASC';
} else {
$reverse_sort = 'DESC';
}
$sorttypestring = 'sorttype=' . $reverse_sort;
}
$sort_type_count++;
}
if ($sorttypestring == '') {
$sorttypestring = "sorttype=ASC";
}
// This is header_title it is the lang variable for title
$header_pclass = '<a href="index.php?action=searchresults&sortby=' . $field_name . '&' . $sorttypestring . $guidestring . '">' . $field_caption . '</a>';
$header_pclass_no_sort = $field_caption;
$field = array();
$field_no_sort = array();
while (!$recordSet->EOF) {
$x = $misc->make_db_unsafe($recordSet->fields['listingsformelements_search_result_rank']);
// Check for Translations if needed
if (!isset($_SESSION["users_lang"])) {
$field_caption = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_caption']);
} else {
$listingsformelements_id = $recordSet->fields['listingsformelements_id'];
$lang_sql = "SELECT listingsformelements_field_caption FROM " . $config['lang_table_prefix'] . "listingsformelements WHERE listingsformelements_id = {$listingsformelements_id}";
$lang_recordSet = $conn->Execute($lang_sql);
if (!$lang_recordSet) {
$misc->log_error($lang_sql);
}
if ($DEBUG_SQL) {
echo '<strong>ML: Field Caption SQL:</strong> ' . $lang_sql . '<br />';
}
$field_caption = $misc->masearch_result_datasetke_db_unsafe($lang_recordSet->fields['listingsformelements_field_caption']);
}
$field_name = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_name']);
$display_priv = $misc->make_db_unsafe($recordSet->fields['listingsformelements_display_priv']);
$display_status = false;
if ($display_priv == 1) {
$display_status = login::loginCheck('Member', true);
} elseif ($display_priv == 2) {
$display_status = login::loginCheck('Agent', true);
} else {
$display_status = true;
}
if ($display_status === true) {
$sorttypestring = '';
$sort_type_count = 0;
foreach ($sortby_array as $sortby) {
if ($sortby == $field_name) {
if (!isset($sorttype_array[$sort_type_count]) || $sorttype_array[$sort_type_count] == 'DESC') {
$reverse_sort = 'ASC';
} else {
$reverse_sort = 'DESC';
}
$sorttypestring = 'sorttype=' . $reverse_sort;
}
$sort_type_count++;
}
if ($sorttypestring == '') {
$sorttypestring = "sorttype=ASC";
}
$field[$x] = '<a href="index.php?action=searchresults&sortby=' . $field_name . '&' . $sorttypestring . $guidestring . '">' . $field_caption . '</a>';
$field_no_sort[$x] = $field_caption;
}
$recordSet->MoveNext();
}
// end while
// We have all the header information so we can now parse that section
$header_section = $page->parse_template_section($header_section, 'header_title', $header_title);
$header_section = $page->parse_template_section($header_section, 'header_title_no_sort', $header_title_no_sort);
$header_section = $page->parse_template_section($header_section, 'header_pclass', $header_pclass);
$header_section = $page->parse_template_section($header_section, 'header_pclass_no_sort', $header_pclass_no_sort);
foreach ($field as $x => $f) {
$header_section = $page->parse_template_section($header_section, 'header_' . $x, $f);
}
foreach ($field_no_sort as $x => $f) {
$header_section = $page->parse_template_section($header_section, 'header_' . $x . '_no_sort', $f);
}
// We have the title now we need the image
$num_columns = $num_columns + 1;
// add one for the image
$count = 0;
while (!$resultRecordSet->EOF) {
// Start a new section for each listing.
$search_result .= $search_result_section;
// alternate the colors
if ($count == 0) {
$count = $count + 1;
} else {
$count = 0;
}
$Title = $misc->make_db_unsafe($resultRecordSet->fields['listingsdb_title']);
$current_ID = $resultRecordSet->fields['listingsdb_id'];
$or_owner = $resultRecordSet->fields['userdb_id'];
if ($config['url_style'] == '1') {
$url = '<a href="index.php?action=listingview&listingID=' . $current_ID . '">';
} else {
$url_title = str_replace("/", "", $Title);
$url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title));
$url = '<a href="listing-' . misc::urlencode_to_sef($url_title) . '-' . $current_ID . '.html">';
}
$field_title = $url . $Title . '</a>';
// Insert the title as we grabbed it earlier
$search_result = $page->parse_template_section($search_result, 'field_title', $field_title);
$search_result = $page->parse_template_section($search_result, 'listingid', $current_ID);
$search_result = $page->replace_listing_field_tags($current_ID, $search_result);
//get distance for postal code distance searches
if (isset($_GET['postalcode_dist_dist'])) {
$sql3 = "SELECT listingsdbelements_field_value FROM " . $config['table_prefix'] . "listingsdbelements WHERE ((listingsdb_id = {$current_ID}) AND (listingsdbelements_field_name = '" . $config['map_zip'] . "'))";
$recordSet3 = $conn->Execute($sql3);
$sql4 = 'SELECT zipdist_latitude, zipdist_longitude FROM ' . $config['table_prefix_no_lang'] . 'zipdist WHERE zipdist_zipcode =' . $recordSet3->fields['listingsdbelements_field_value'];
$recordSet4 = $conn->Execute($sql4);
$postalcode_distance = round($this->calculate_mileage($postalcode_dist_lat, $recordSet4->fields['zipdist_latitude'], $postalcode_dist_long, $recordSet4->fields['zipdist_longitude']), 2) . ' ' . $lang['postalcode_miles_away'];
$search_result = $page->parse_template_section($search_result, 'postalcode_search_distance', $postalcode_distance);
}
// grab the rest of the listing's data
$sql2 = "SELECT listingsdbelements_field_name, listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_display_priv, listingsformelements_search_result_rank FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsformelements WHERE ((listingsdb_id = {$current_ID}) AND (listingsformelements_display_on_browse = 'Yes') " . "AND (listingsdbelements_field_name = listingsformelements_field_name)) ORDER BY listingsformelements_search_result_rank";
$recordSet2 = $conn->Execute($sql2);
if ($DEBUG_SQL) {
echo '<strong>Listing Data:</strong> ' . $sql2 . '<br />';
}
if (!$recordSet2) {
$misc->log_error($sql2);
}
$field = array();
$textarea = array();
while (!$recordSet2->EOF) {
$field_name = $misc->make_db_unsafe($recordSet2->fields['listingsdbelements_field_name']);
$field_value = $misc->make_db_unsafe($recordSet2->fields['listingsdbelements_field_value']);
$field_type = $misc->make_db_unsafe($recordSet2->fields['listingsformelements_field_type']);
$display_priv = $misc->make_db_unsafe($recordSet2->fields['listingsformelements_display_priv']);
$x = $misc->make_db_unsafe($recordSet2->fields['listingsformelements_search_result_rank']);
$display_status = false;
if ($display_priv == 1) {
$display_status = login::loginCheck('Member', true);
} elseif ($display_priv == 2) {
$display_status = login::loginCheck('Agent', true);
} else {
$display_status = true;
}
if ($display_status === true) {
switch ($field_type) {
case 'textarea':
if ($config['add_linefeeds'] === "1") {
$textarea[$x] = nl2br($field_value);
} else {
$textarea[$x] = $field_value;
}
break;
case "select-multiple":
case "option":
case "checkbox":
// handle field types with multiple options
$feature_index_list = explode("||", $field_value);
$field[$x] = '';
foreach ($feature_index_list as $feature_list_item) {
$field[$x] .= $feature_list_item;
$field[$x] .= $config['feature_list_separator'];
}
break;
case "price":
$sql3 = "SELECT listingsdbelements_field_value FROM " . $config['table_prefix'] . "listingsdbelements WHERE ((listingsdb_id = {$current_ID}) AND (listingsdbelements_field_name = 'status'))";
$recordSet3 = $conn->Execute($sql3);
if (!$recordSet3) {
$misc->log_error($sql3);
}
if ($DEBUG_SQL) {
echo '<strong>Status Lookup for price field:</strong> ' . $sql3 . '<br />';
}
$status = $misc->make_db_unsafe($recordSet3->fields['listingsdbelements_field_value']);
$recordSet3->Close();
if ($field_value == "" && $config["zero_price"] == "1") {
$money_amount = $misc->international_num_format($field_value, $config['number_decimals_price_fields']);
if ($status == 'Sold') {
$field[$x] = "<span style=\"text-decoration: line-through\">";
$field[$x] .= "</span><br /><span style=\"color:red;\"><strong>{$lang['mark_as_sold']}</strong></span>";
} elseif ($status == 'Pending') {
$field[$x] .= "<br /><span style=\"color:green;\"><strong>{$lang['mark_as_pending']}</strong></span>";
} else {
$field[$x] = $lang['call_for_price'];
}
} else {
$money_amount = $misc->international_num_format($field_value, $config['number_decimals_price_fields']);
if ($status == 'Sold') {
$field[$x] = "<span style=\"text-decoration: line-through\">";
$field[$x] .= $misc->money_formats($money_amount);
$field[$x] .= "</span><br /><span style=\"color:red;\"><strong>{$lang['mark_as_sold']}</strong></span>";
} elseif ($status == 'Pending') {
$field[$x] = $misc->money_formats($money_amount);
$field[$x] .= "<br /><span style=\"color:green;\"><strong>{$lang['mark_as_pending']}</strong></span>";
} else {
$field[$x] = $misc->money_formats($money_amount);
}
}
// end else
break;
case "select":
if ($field_name == "Mi_business") {
$sql4 = "SELECT listingsdbelements_field_value FROM " . $config['table_prefix'] . "listingsdbelements WHERE ((listingsdb_id = {$current_ID}) AND (listingsdbelements_field_name = 'Mi_business'))";
$recordSet4 = $conn->Execute($sql4);
if (!$recordSet4) {
$misc->log_error($sql4);
} else {
$requiredMigration = $misc->make_db_unsafe($recordSet4->fields['listingsdbelements_field_value']);
$recordSet4->Close();
if ($requiredMigration == 'Yes') {
$field[$x] = '<strong style="color:red">Business Migration Ready 能用作投资移民申请</strong>';
} else {
$field[$x] = '';
}
}
} else {
$field[$x] = "{$field_value}";
}
break;
case "number":
$field[$x] = $misc->international_num_format($field_value, $config['number_decimals_number_fields']);
break;
case "url":
$field[$x] = "<a href=\"{$field_value}\" target=\"_blank\">{$field_value}</a>";
break;
case "email":
$field[$x] = "<a href=\"mailto:{$field_value}\">{$field_value}</a>";
break;
case "date":
if ($config['date_format'] == 1) {
$format = "m/d/Y";
} elseif ($config['date_format'] == 2) {
$format = "Y/d/m";
} elseif ($config['date_format'] == 3) {
$format = "d/m/Y";
}
if ($field_value > 0) {
$field_value = date($format, "{$field_value}");
}
$field[$x] = "{$field_value}";
break;
default:
$field[$x] = "{$field_value}";
break;
}
// end switch
}
$recordSet2->MoveNext();
}
// end while
foreach ($field as $x => $f) {
$search_result = $page->parse_template_section($search_result, 'field_' . $x, $f);
}
//Form URLS for TextArea
if ($config['url_style'] == '1') {
$preview = '... <a href="index.php?action=listingview&listingID=' . $current_ID . '">' . $lang['more_info'] . '</a>';
} else {
$url_title = str_replace("/", "", $Title);
$url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title));
$preview = '... <a href="listing-' . misc::urlencode_to_sef($url_title) . '-' . $current_ID . '.html">' . $lang['more_info'] . '</a>';
}
foreach ($textarea as $x => $f) {
// Normal Textarea
$search_result = $page->parse_template_section($search_result, 'textarea_' . $x, $f);
// Short textarea of first number of characters defined in site config with link to the listing
$p = substr(strip_tags($f), 0, $config['textarea_short_chars']);
$p = substr($p, 0, strrpos($p, ' '));
$search_result = $page->parse_template_section($search_result, 'textarea_' . $x . '_short', $p . '' . $preview);
}
//Cleanup Textareas
$search_result = preg_replace('/{textarea_(.*?)_short}/', $preview, $search_result);
$search_result = preg_replace('/{textarea_(.*?)}/', '', $search_result);
// Show Vtour indicator Image if vtour exists
require_once $config['basepath'] . '/include/vtour.inc.php';
$vtour_link = vtours::rendervtourlink($current_ID, true);
$search_result = $page->parse_template_section($search_result, 'vtour_button', $vtour_link);
// Show Creation Date
require_once $config['basepath'] . '/include/listing.inc.php';
$get_creation_date = listing_pages::get_creation_date($current_ID);
$search_result = $page->parse_template_section($search_result, 'get_creation_date', $get_creation_date);
// Show Featured
require_once $config['basepath'] . '/include/listing.inc.php';
$get_featured = listing_pages::get_featured($current_ID, 'no');
$search_result = $page->parse_template_section($search_result, 'get_featured', $get_featured);
// Show Featured Raw
require_once $config['basepath'] . '/include/listing.inc.php';
$get_featured_raw = listing_pages::get_featured($current_ID, 'yes');
$search_result = $page->parse_template_section($search_result, 'get_featured_raw', $get_featured_raw);
// Show Modified Date
require_once $config['basepath'] . '/include/listing.inc.php';
$get_modified_date = listing_pages::get_modified_date($current_ID);
$search_result = $page->parse_template_section($search_result, 'get_modified_date', $get_modified_date);
// Start {isfavorite} search result template section tag
if (isset($_SESSION['userID'])) {
$userID = $misc->make_db_safe($_SESSION['userID']);
$sql1 = "SELECT listingsdb_id FROM " . $config['table_prefix'] . "userfavoritelistings WHERE ((listingsdb_id = {$current_ID}) AND (userdb_id={$userID}))";
$recordSet1 = $conn->Execute($sql1);
if ($recordSet1 === false) {
$misc->log_error($sql1);
}
$favorite_listingsdb_id = $misc->make_db_unsafe($recordSet1->fields['listingsdb_id']);
if ($favorite_listingsdb_id !== $current_ID) {
$isfavorite = "no";
$search_result = $page->parse_template_section($search_result, 'isfavorite', $isfavorite);
} else {
$isfavorite = "yes";
$search_result = $page->parse_template_section($search_result, 'isfavorite', $isfavorite);
}
}
// End {isfavorite} search result template section tag
// Show Delete From Favorites Link if needed
$delete_from_fav = '';
if (isset($_SESSION['userID'])) {
$userID = $misc->make_db_safe($_SESSION['userID']);
$sql = "SELECT listingsdb_id FROM " . $config['table_prefix'] . "userfavoritelistings WHERE ((listingsdb_id = {$current_ID}) AND (userdb_id={$userID}))";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
if ($DEBUG_SQL) {
echo '<strong>Delete Favorite Lookup:</strong> ' . $sql . '<br />';
}
$num_rows = $recordSet->RecordCount();
if ($num_rows > 0) {
$delete_from_fav = '<a href="index.php?action=delete_favorites&listingID=' . $current_ID . '" onclick="return confirmDelete()">' . $lang['delete_from_favorites'] . '</a>';
}
}
// Instert link into section
$search_result = $page->parse_template_section($search_result, 'delete_from_favorite', $delete_from_fav);
//Show Add To Favorites
$link_add_favorites = '';
if (isset($_SESSION['userID'])) {
$userID = $misc->make_db_safe($_SESSION['userID']);
$sql = "SELECT listingsdb_id FROM " . $config['table_prefix'] . "userfavoritelistings WHERE ((listingsdb_id = {$current_ID}) AND (userdb_id={$userID}))";
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
if ($DEBUG_SQL) {
echo '<strong>Add Favorite Lookup:</strong> ' . $sql . '<br />';
}
$num_rows = $recordSet->RecordCount();
if ($num_rows == 0) {
$link_add_favorites = listing_pages::create_add_favorite_link();
}
} else {
$link_add_favorites = listing_pages::create_add_favorite_link();
}
// Instert link into section
$search_result = $page->parse_template_section($search_result, 'link_add_favorites', $link_add_favorites);
// Insert row number
$search_result = $page->parse_template_section($search_result, 'row_num_even_odd', $count);
$resultRecordSet->MoveNext();
// Replace Edit Listing links
require_once $config['basepath'] . '/include/listing.inc.php';
$edit_link = listing_pages::edit_listing_link();
$search_result = $page->parse_template_section($search_result, 'link_edit_listing', $edit_link);
$edit_link = listing_pages::edit_listing_link('yes');
$search_result = $page->parse_template_section($search_result, 'link_edit_listing_url', $edit_link);
// Replace addon fields.
$addon_fields = $page->get_addon_template_field_list($addons);
$search_result = $page->parse_addon_tags($search_result, $addon_fields);
$search_result = $page->cleanup_fields($search_result);
$search_result = $page->cleanup_images($search_result);
}
// end while
$page->replace_template_section('search_result_header', $header_section);
$page->replace_template_section('search_result_dataset', $search_result);
$page->replace_permission_tags();
$page->cleanup_template_sections($next_prev, $next_prev_bottom);
$display = $page->return_page();
} else {
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
// This search has no results. Display an error message and the search page again.
$display .= search_page::create_searchpage(false, true);
}
return $display;
}
}
function edit_post_comments()
{
global $conn, $lang, $config;
$security = login::loginCheck('can_access_blog_manager', true);
$display = '';
$blog_user_type = intval($_SESSION['blog_user_type']);
if ($security === true) {
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
//Load the Core Template
require_once $config['basepath'] . '/include/class/template/core.inc.php';
$page = new page_user();
require_once $config['basepath'] . '/include/user.inc.php';
$userclass = new user();
require_once $config['basepath'] . '/include/blog_functions.inc.php';
$blog_functions = new blog_functions();
//Load TEmplate File
$page->load_page($config['admin_template_path'] . '/blog_edit_comments.html');
// Do we need to save?
if (isset($_GET['id'])) {
$post_id = intval($_GET['id']);
//Get Blog Post Information
$blog_title = $blog_functions->get_blog_title($post_id);
$page->page = $page->parse_template_section($page->page, 'blog_title', $blog_title);
$blog_author = $blog_functions->get_blog_author($post_id);
$page->page = $page->parse_template_section($page->page, 'blog_author', $blog_author);
$blog_date_posted = $blog_functions->get_blog_date($post_id);
$page->page = $page->parse_template_section($page->page, 'blog_date_posted', $blog_date_posted);
//Handle any deletions and comment approvals before we load the comments
if (isset($_GET['caction']) && $_GET['caction'] == 'delete') {
if (isset($_GET['cid'])) {
$cid = intval($_GET['cid']);
//Do permission checks.
if ($blog_user_type < 4) {
//Throw Error
$display .= '<div class="error_message">' . $lang['blog_permission_denied'] . '</div><br />';
unset($_GET['caction']);
$display .= $this->edit_post_comments();
return $display;
}
//Delete
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'blogcomments WHERE blogcomments_id = ' . $cid . ' AND blogmain_id = ' . $post_id;
//Load Record Set
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
}
}
if (isset($_GET['caction']) && $_GET['caction'] == 'approve') {
if (isset($_GET['cid'])) {
$cid = intval($_GET['cid']);
//Do permission checks.
if ($blog_user_type < 4) {
//Throw Error
$display .= '<div class="error_message">' . $lang['blog_permission_denied'] . '</div><br />';
unset($_GET['caction']);
$display .= $this->edit_post_comments();
return $display;
}
//Delete
$sql = 'UPDATE ' . $config['table_prefix'] . 'blogcomments SET blogcomments_moderated = 1 WHERE blogcomments_id = ' . $cid . ' AND blogmain_id = ' . $post_id;
//Load Record Set
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
}
}
//Ok Load the comments.
$sql = 'SELECT * FROM ' . $config['table_prefix'] . 'blogcomments WHERE blogmain_id = ' . $post_id . ' ORDER BY blogcomments_timestamp ASC';
//Load Record Set
$recordSet = $conn->Execute($sql);
if (!$recordSet) {
$misc->log_error($sql);
}
//Handle Next prev
$num_rows = $recordSet->RecordCount();
if (!isset($_GET['cur_page'])) {
$_GET['cur_page'] = 0;
}
$limit_str = $_GET['cur_page'] * $config['listings_per_page'];
$recordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str);
if ($recordSet === false) {
$misc->log_error($sql);
}
$blog_comment_template = '';
while (!$recordSet->EOF) {
//Load DB Values
$comment_author_id = $misc->make_db_unsafe($recordSet->fields['userdb_id']);
$blogcomments_id = $misc->make_db_unsafe($recordSet->fields['blogcomments_id']);
$blogcomments_moderated = $misc->make_db_unsafe($recordSet->fields['blogcomments_moderated']);
$blogcomments_timestamp = $misc->make_db_unsafe($recordSet->fields['blogcomments_timestamp']);
$blogcomments_text = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogcomments_text']), ENT_NOQUOTES, $config['charset']);
//Load Template Block
$blog_comment_template .= $page->get_template_section('blog_article_comment_item_block');
//Lookup Blog Author..
$author_type = $userclass->get_user_type($comment_author_id);
if ($author_type == 'member') {
$author_display = $userclass->get_user_name($comment_author_id);
} else {
$author_display = $userclass->get_user_last_name($comment_author_id) . ', ' . $userclass->get_user_first_name($comment_author_id);
}
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_author', $author_display);
if ($config['date_format'] == 1) {
$format = "m/d/Y";
} elseif ($config['date_format'] == 2) {
$format = "Y/d/m";
} elseif ($config['date_format'] == 3) {
$format = "d/m/Y";
}
$blog_comment_date_posted = date($format, "{$blogcomments_timestamp}");
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_date_posted', $blog_comment_date_posted);
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_text', $blogcomments_text);
//Add Delete COmment Link
//{blog_comment_delete_url}
$blog_comment_delete_url = 'index.php?action=edit_blog_post_comments&id=' . $post_id . '&caction=delete&cid=' . $blogcomments_id;
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_delete_url', $blog_comment_delete_url);
$blog_comment_approve_url = 'index.php?action=edit_blog_post_comments&id=' . $post_id . '&caction=approve&cid=' . $blogcomments_id;
$blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_approve_url', $blog_comment_approve_url);
//Do Security Checks
if ($blog_user_type < 4) {
$blog_comment_template = $page->remove_template_block('blog_article_comment_approve', $blog_comment_template);
$blog_comment_template = $page->remove_template_block('blog_article_comment_delete', $blog_comment_template);
}
//Handle Moderation
if ($blogcomments_moderated == 1) {
$blog_comment_template = $page->remove_template_block('blog_article_comment_approve', $blog_comment_template);
} else {
$blog_comment_template = $page->cleanup_template_block('blog_article_comment_approve', $blog_comment_template);
}
$recordSet->MoveNext();
}
$page->replace_template_section('blog_article_comment_item_block', $blog_comment_template);
$next_prev = $misc->next_prev($num_rows, $_GET['cur_page'], "", 'blog', TRUE);
$page->replace_tag('next_prev', $next_prev);
$page->replace_permission_tags();
$page->auto_replace_tags('', true);
$display .= $page->return_page();
}
}
return $display;
}