function display() { global $conn, $config, $lang; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); require_once $config['basepath'] . '/include/user.inc.php'; $userclass = new user(); require_once $config['basepath'] . '/include/class/template/core.inc.php'; $page = new page_user(); require_once $config['basepath'] . '/include/blog_functions.inc.php'; $blog_functions = new blog_functions(); // Make Sure we passed the PageID $display = ''; if (!isset($_GET['ArticleID']) && intval($_GET['ArticleID']) <= 0) { $display .= "ERROR. PageID not sent"; } else { $blog_id = intval($_GET['ArticleID']); //Check if we posted a comment. if (isset($_SESSION['userID']) && $_SESSION['userID'] > 0 && isset($_POST['comment_text']) && strlen($_POST['comment_text']) > 0) { require_once $config['basepath'] . '/include/blog_editor.inc.php'; $blog_comment = $misc->make_db_safe(blog_editor::htmlEncodeText($_POST['comment_text'])); if ($config['blog_requires_moderation'] == 1) { $moderated = 0; } else { $moderated = 1; } $sql = "INSERT INTO " . $config['table_prefix'] . "blogcomments (userdb_id,blogcomments_timestamp,blogcomments_text,blogmain_id,blogcomments_moderated) VALUES\n\t\t\t\t(" . intval($_SESSION['userID']) . "," . time() . ",{$blog_comment},{$blog_id},{$moderated});"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } //$display .= '<div class="page_display">'; $sql = "SELECT blogmain_full,blogmain_id FROM " . $config['table_prefix'] . "blogmain WHERE blogmain_id=" . $blog_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $full = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogmain_full']), ENT_NOQUOTES, $config['charset']); //$full = $misc->make_db_unsafe($recordSet->fields['blogmain_full']); $full = preg_replace('/\\<hr.*?\\>/', '', $full, 1); $id = $recordSet->fields['blogmain_id']; if ($config["wysiwyg_execute_php"] == 1) { ob_start(); $full = str_replace("<!--<?php", "<?php", $full); $full = str_replace("?>-->", "?>", $full); eval('?>' . "{$full}" . '<?php '); $full = ob_get_contents(); ob_end_clean(); } //Load Template $page->load_page($config['template_path'] . '/blog_article.html'); //Start Replacing Tags $blog_title = $blog_functions->get_blog_title($id); $page->page = $page->parse_template_section($page->page, 'blog_title', $blog_title); $blog_author = $blog_functions->get_blog_author($id); $page->page = $page->parse_template_section($page->page, 'blog_author', $blog_author); $blog_comment_count = $blog_functions->get_blog_comment_count($id); $page->page = $page->parse_template_section($page->page, 'blog_comment_count', $blog_comment_count); $blog_date_posted = $blog_functions->get_blog_date($id); $page->page = $page->parse_template_section($page->page, 'blog_date_posted', $blog_date_posted); $page->page = $page->parse_template_section($page->page, 'blog_full_article', $full); // Allow Admin To Edit # if (isset($_SESSION['editblog']) && $_SESSION['admin_privs'] == 'yes' && $config["wysiwyg_show_edit"] == 1) { $admin_edit_link .= "{$config['baseurl']}/admin/index.php?action=edit_blog&id={$id}"; $page->page = $page->parse_template_section($page->page, 'admin_edit_link', $admin_edit_link); $page->page = $page->cleanup_template_block('admin_edit_link', $page->page); } else { $page->page = $page->remove_template_block('admin_edit_link', $page->page); } //Deal with COmments $sql = "SELECT blogcomments_id,userdb_id,blogcomments_timestamp,blogcomments_text FROM " . $config['table_prefix'] . "blogcomments WHERE blogmain_id = " . $id . " AND blogcomments_moderated = 1 ORDER BY blogcomments_timestamp ASC;"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $blog_comment_template = ''; while (!$recordSet->EOF) { //Load DB Values $comment_author_id = $misc->make_db_unsafe($recordSet->fields['userdb_id']); $blogcomments_id = $misc->make_db_unsafe($recordSet->fields['blogcomments_id']); $blogcomments_timestamp = $misc->make_db_unsafe($recordSet->fields['blogcomments_timestamp']); $blogcomments_text = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogcomments_text']), ENT_NOQUOTES, $config['charset']); //Load Template Block $blog_comment_template .= $page->get_template_section('blog_article_comment_item_block'); //Lookup Blog Author.. $author_type = $userclass->get_user_type($comment_author_id); if ($author_type == 'member') { $author_display = $userclass->get_user_name($comment_author_id); } else { $author_display = $userclass->get_user_last_name($comment_author_id) . ', ' . $userclass->get_user_first_name($comment_author_id); } $blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_author', $author_display); if ($config['date_format'] == 1) { $format = "m/d/Y"; } elseif ($config['date_format'] == 2) { $format = "Y/d/m"; } elseif ($config['date_format'] == 3) { $format = "d/m/Y"; } $blog_comment_date_posted = date($format, "{$blogcomments_timestamp}"); $blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_date_posted', $blog_comment_date_posted); $blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_text', $blogcomments_text); $recordSet->MoveNext(); } $page->replace_template_section('blog_article_comment_item_block', $blog_comment_template); //Render Add New Comment if ($config['url_style'] == '1') { $article_url = 'index.php?action=blog_view_article&ArticleID=' . $id; } else { $url_title = str_replace("/", "", $blog_title); $url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title)); $article_url = 'article-' . urlencode($url_title) . '-' . $id . '.html'; } $page->page = $page->parse_template_section($page->page, 'blog_comments_post_url', $article_url); //Render Page Out //$page->replace_tags(array('templated_search_form', 'featured_listings_horizontal', 'featured_listings_vertical', 'company_name', 'link_printer_friendly')); $page->replace_permission_tags(); $display .= $page->return_page(); } return $display; }
function edit_listings($only_my_listings = true) { global $conn, $lang, $config, $listingID; if ($only_my_listings == false) { $security = login::loginCheck('edit_all_listings', true); } else { $security = login::loginCheck('Agent', true); } $display = ''; if ($security === true) { require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); require_once $config['basepath'] . '/include/forms.inc.php'; $forms = new forms(); require_once $config['basepath'] . '/include/class/template/core.inc.php'; $page = new page_user(); // $display .= '<span class="section_header">'.$lang['listings_editor'].'<span><br /><br />'; if (!isset($_GET['delete'])) { $_GET['delete'] = ''; } if ($_GET['delete'] != '') { if ($_SESSION['admin_privs'] == 'yes' || $_SESSION['edit_all_listings'] == 'yes') { listing_editor::delete_listing($_GET['delete'], false); } else { listing_editor::delete_listing($_GET['delete'], true); } } if (!isset($_POST['action'])) { $_POST['action'] = ''; } if ($_POST['action'] == "update_listing") { if ($_SESSION['admin_privs'] == 'yes' || $_SESSION['edit_all_listings'] == 'yes') { $display .= listing_editor::update_listing(false); } else { $display .= listing_editor::update_listing(true); } } // end if $action == "update listing" if (!isset($_GET['edit'])) { $_GET['edit'] = ''; } if (isset($_POST['lookup_field']) && isset($_POST['lookup_value'])) { $_SESSION['edit_listing_qeb_lookup_field'] = $_POST['lookup_field']; $_SESSION['edit_listing_qeb_lookup_value'] = $_POST['lookup_value']; } if (isset($_SESSION['edit_listing_qeb_lookup_field']) && isset($_SESSION['edit_listing_qeb_lookup_value'])) { if ($_SESSION['edit_listing_qeb_lookup_field'] != 'listingsdb_id') { $_POST['lookup_field'] = $_SESSION['edit_listing_qeb_lookup_field']; $_POST['lookup_value'] = $_SESSION['edit_listing_qeb_lookup_value']; } } if (isset($_POST['filter'])) { $_SESSION['edit_listing_qeb_filter'] = $_POST['filter']; } if (isset($_SESSION['edit_listing_qeb_filter'])) { $_POST['filter'] = $_SESSION['edit_listing_qeb_filter']; } if (isset($_POST['agent_filter'])) { $_SESSION['edit_listing_qeb_agent_filter'] = $_POST['agent_filter']; } if (isset($_SESSION['edit_listing_qeb_agent_filter'])) { $_POST['agent_filter'] = $_SESSION['edit_listing_qeb_agent_filter']; } if (isset($_POST['pclass_filter'])) { $_SESSION['edit_listing_qeb_pclass_filter'] = $_POST['pclass_filter']; } if (isset($_SESSION['edit_listing_qeb_pclass_filter'])) { $_POST['pclass_filter'] = $_SESSION['edit_listing_qeb_pclass_filter']; } if (isset($_POST['lookup_field']) && isset($_POST['lookup_value']) && $_POST['lookup_field'] == 'listingsdb_id' && $_POST['lookup_value'] != '') { $_GET['edit'] = intval($_POST['lookup_value']); } if ($only_my_listings == TRUE) { unset($_POST['agent_filter']); } if ($_GET['edit'] != "") { $edit = intval($_GET['edit']); // first, grab the listings's main info if ($only_my_listings == true) { $sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_notes, userdb_id, listingsdb_last_modified, listingsdb_featured, listingsdb_active, listingsdb_mlsexport, listingsdb_expiration FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$edit}) AND (userdb_id = '{$_SESSION['userID']}')"; } else { $sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_notes, userdb_id, listingsdb_last_modified, listingsdb_featured, listingsdb_active, listingsdb_mlsexport, listingsdb_expiration FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$edit})"; } $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } if ($recordSet->RecordCount() > 0) { // collect up the main DB's various fields $listing_ID = $misc->make_db_unsafe($recordSet->fields['listingsdb_id']); $edit_title = $misc->make_db_unsafe($recordSet->fields['listingsdb_title']); $edit_notes = $misc->make_db_unsafe($recordSet->fields['listingsdb_notes']); $edit_mlsexport = $misc->make_db_unsafe($recordSet->fields['listingsdb_mlsexport']); $edit_or_owner = $recordSet->fields['userdb_id']; $last_modified = $recordSet->UserTimeStamp($recordSet->fields['listingsdb_last_modified'], 'D M j G:i:s T Y'); $edit_featured = $recordSet->fields['listingsdb_featured']; $edit_active = $recordSet->fields['listingsdb_active']; $expiration = $recordSet->UserTimeStamp($recordSet->fields['listingsdb_expiration'], $config["date_format_timestamp"]); // now, display all that stuff $display .= '<table class="form_main">'; $display .= '<tr>'; $display .= '<td colspan="3" class="row_main">'; if ($only_my_listings == true) { $display .= '<span class="section_header"><a href="index.php?action=edit_my_listings">' . $lang['listings_editor'] . '</a></span><br />'; } else { $display .= '<span class="section_header"><a href="index.php?action=edit_listings">' . $lang['listings_editor'] . '</a></span><br />'; } $display .= '<h3>' . $lang['admin_listings_editor_modify_listing'] . ' (<a href="' . $config['baseurl'] . '/index.php?action=listingview&listingID=' . $listing_ID . '" target="_preview">' . $lang['preview'] . '</a>)</h3>'; $display .= '</td>'; $display .= '</tr>'; $display .= '<tr>'; $display .= '<td valign="top" align="center" class="row_main">'; $display .= '<b>' . $lang['images'] . '</b>'; $display .= '<br />'; $display .= '<hr width="75%" />'; $display .= '<form action="index.php?action=edit_listing_images" method="post" name="edit_listing_images"><input type="hidden" name="edit" value="' . $_GET['edit'] . '" /><a href="javascript:document.edit_listing_images.submit()">' . $lang['edit_images'] . '</a></form>'; $display .= '<br />'; $sql = "SELECT listingsimages_caption, listingsimages_file_name, listingsimages_thumb_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE (listingsdb_id = {$edit}) ORDER BY listingsimages_rank"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $caption = $misc->make_db_unsafe($recordSet->fields['listingsimages_caption']); $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_file_name']); // gotta grab the image size $thumb_imagedata = GetImageSize("{$config['listings_upload_path']}/{$thumb_file_name}"); $thumb_imagewidth = $thumb_imagedata[0]; $thumb_imageheight = $thumb_imagedata[1]; $thumb_max_width = $config['thumbnail_width']; $thumb_max_height = $config['thumbnail_height']; $resize_by = $config['resize_thumb_by']; $shrinkage = 1; if ($thumb_max_width == $thumb_imagewidth || $thumb_max_height == $thumb_imageheight) { $thumb_displaywidth = $thumb_imagewidth; $thumb_displayheight = $thumb_imageheight; } else { if ($resize_by == 'width') { $shrinkage = $thumb_imagewidth / $thumb_max_width; $thumb_displaywidth = $thumb_max_width; $thumb_displayheight = round($thumb_imageheight / $shrinkage); } elseif ($resize_by == 'height') { $shrinkage = $thumb_imageheight / $thumb_max_height; $thumb_displayheight = $thumb_max_height; $thumb_displaywidth = round($thumb_imagewidth / $shrinkage); } elseif ($resize_by == 'both') { $thumb_displayheight = $thumb_max_height; $thumb_displaywidth = $thumb_max_width; } } $display .= "<a href=\"{$config['listings_view_images_path']}/{$file_name}\" target=\"_thumb\"> "; $display .= "<img src=\"{$config['listings_view_images_path']}/{$thumb_file_name}\" height=\"{$thumb_displayheight}\" width=\"{$thumb_displaywidth}\" alt=\"{$thumb_file_name}\" /></a><br /> "; $display .= "<b>{$caption}</b><br /><br />"; $recordSet->MoveNext(); } // end while $display .= '</td>'; if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevtours'] == "yes") { $display .= '<td valign="top" align="center" class="row_main">'; $display .= '<b>' . $lang['vtours'] . '</b>'; $display .= '<br />'; $display .= '<hr width="75%" />'; $display .= '<form action="index.php?action=edit_vtour_images" method="post" name="edit_vtour_images"><input type="hidden" name="edit" value="' . $edit . '" /><a href="javascript:document.edit_vtour_images.submit()">' . $lang['edit_vtours'] . '</a></form>'; $display .= '<br />'; $sql = "SELECT vtourimages_caption, vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE (listingsdb_id = '{$edit}') ORDER BY vtourimages_rank"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $caption = $misc->make_db_unsafe($recordSet->fields['vtourimages_caption']); $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']); $ext = substr(strrchr($file_name, '.'), 1); if ($ext == 'jpg') { // gotta grab the image size $imagedata = GetImageSize("{$config['vtour_upload_path']}/{$thumb_file_name}"); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $shrinkage = $config['thumbnail_width'] / $imagewidth; $displaywidth = $imagewidth * $shrinkage; $displayheight = $imageheight * $shrinkage; $display .= "<a href=\"{$config['vtour_view_images_path']}/{$file_name}\" target=\"_thumb\">"; $display .= "<img src=\"{$config['vtour_view_images_path']}/{$thumb_file_name}\" height=\"{$displayheight}\" width=\"{$displaywidth}\" alt=\"{$thumb_file_name}\" /></a><br /> "; $display .= "<strong>{$caption}</strong><br /><br />"; $recordSet->MoveNext(); } elseif ($ext == 'egg') { $display .= "<img src=\"{$config['baseurl']}/images/eggimage.gif\" alt=\"eggimage.gif\" /><br /> "; $recordSet->MoveNext(); } else { $display .= $file_name . '<br />' . $lang['unsupported_vtour'] . '<br /><br />'; $recordSet->MoveNext(); } } // end while if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") { $display .= '<br />'; } else { $display .= '</td>'; } } // Place the Files list and edit files link on the edit listing page if we are allowed to have files. if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") { if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevtours'] == "yes") { $display .= '<br />'; } else { $display .= '<td valign="top" align="center" class="row_main">'; } $display .= '<b>' . $lang['files'] . '</b>'; $display .= '<br />'; $display .= '<hr width="75%" />'; $display .= '<form action="index.php?action=edit_listing_files" method="post" name="edit_listing_files"><input type="hidden" name="edit" value="' . $_GET['edit'] . '" /><a href="javascript:document.edit_listing_files.submit()">' . $lang['edit_files'] . '</a></form>'; $display .= '<br />'; $sql = "SELECT listingsfiles_id, listingsfiles_caption, listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE (listingsdb_id = '{$_GET['edit']}')"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $caption = $misc->make_db_unsafe($recordSet->fields['listingsfiles_caption']); $file_name = $misc->make_db_unsafe($recordSet->fields['listingsfiles_file_name']); $file_id = $misc->make_db_unsafe($recordSet->fields['listingsfiles_id']); $iconext = substr(strrchr($file_name, '.'), 1); $iconpath = $config["file_icons_path"] . '/' . $iconext . '.png'; if (file_exists($iconpath)) { $icon = $config["listings_view_file_icons_path"] . '/' . $iconext . '.png'; } else { $icon = $config["listings_view_file_icons_path"] . '/default.png'; } $file_download_url = 'index.php?action=create_download&ID=' . $edit . '&file_id=' . $file_id . '&type=listing'; $display .= '<a href="' . $config['baseurl'] . '/' . $file_download_url . '" target="_thumb">'; $display .= '<img src="' . $icon . '" height="' . $config["file_icon_height"] . '" width="' . $config["file_icon_width"] . '" alt="' . $file_name . '" /><br />'; $display .= '<strong>' . $file_name . '</strong></a><br />'; $display .= '<strong>' . $caption . '</strong><br /><br />'; $recordSet->MoveNext(); } // end while $display .= '</td>'; } $display .= '<td class="row_main">'; //START FORM VALIDATION if (isset($_POST['property_class'])) { $class_sql = ''; foreach ($_POST['property_class'] as $class_id) { if (empty($class_sql)) { $class_sql .= ' class_id = ' . $class_id; } else { $class_sql .= ' OR class_id = ' . $class_id; } $display .= '<input type="hidden" name="property_class[]" value="' . $class_id . '" />'; } $pclass_list = ''; $sql = "SELECT DISTINCT(listingsformelements_id) FROM " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql; $recordSet = $conn->execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { if (empty($pclass_list)) { $pclass_list .= $recordSet->fields['listingsformelements_id']; } else { $pclass_list .= ',' . $recordSet->fields['listingsformelements_id']; } $recordSet->Movenext(); } if ($pclass_list == '') { $pclass_list = 0; } $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required from " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_id IN (" . $pclass_list . ") ORDER BY listingsformelements_rank, listingsformelements_field_name"; } else { $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required from " . $config['table_prefix'] . "listingsformelements ORDER BY listingsformelements_rank, listingsformelements_field_name"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $display .= "\r\n<script type=\"text/javascript\" >\r\n"; $display .= "<!--\r\n"; $display .= "function validate_form()\r\n"; $display .= "{\r\n"; $display .= "var msg=\"\"\r\n"; $display .= "valid = true;\r\n"; $display .= "if ( document.update_listing.title.value == \"\" )\r\n"; $display .= "{\r\n"; $display .= "msg += '{$lang['forgot_field']} {$lang['admin_listings_editor_title']} {$lang['admin_template_editor_field']}.\\r\\n';\r\n"; $display .= "valid = false;\r\n"; $display .= "}\r\n"; while (!$recordSet->EOF) { $field_name = $recordSet->fields['listingsformelements_field_name']; $field_caption = $recordSet->fields['listingsformelements_field_caption']; $required = $recordSet->fields['listingsformelements_required']; if ($required == 'Yes') { $display .= "if ( document.update_listing.{$field_name}.value == \"\" )\r\n"; $display .= "{\r\n"; $display .= "msg += '" . html_entity_decode($lang[forgot_field]) . " {$field_caption} " . html_entity_decode($lang[admin_template_editor_field]) . ".\\r\\n';\r\n"; $display .= "valid = false;\r\n"; $display .= "}\r\n"; } $recordSet->MoveNext(); } $display .= "if (msg != \"\")\r\n"; $display .= "{\r\n"; $display .= "alert (msg);"; $display .= "}\r\n"; $display .= "return valid;\r\n"; $display .= "}\r\n"; $display .= "//-->\r\n"; $display .= "</script>\r\n"; //END FORM VALIDATION $display .= '<table>'; if ($only_my_listings == true) { $display .= '<form name="update_listing" action="index.php?action=edit_my_listings&edit=' . $_GET['edit'] . '" method="post" onsubmit="return validate_form ( );">'; } else { $display .= '<form name="update_listing" action="index.php?action=edit_listings&edit=' . $_GET['edit'] . '" method="post" onsubmit="return validate_form ( );">'; } $display .= '<input type="hidden" name="action" value="update_listing">'; $display .= '<input type="hidden" name="edit" value="' . $_GET['edit'] . '">'; $display .= '<tr>'; $display .= '<td align="right"><b>' . $lang['admin_listings_editor_title'] . ': <font color="red">*</font></b></td>'; $display .= '<td align="left"> <input type="text" name="title" value="' . $edit_title . '"></td></tr>'; // Display Property Classes $sql2 = 'SELECT class_id FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE listingsdb_id =' . $listing_ID; $recordSet2 = $conn->execute($sql2); if ($recordSet2 === false) { $misc->log_error($sql2); } $selected_class_id = array(); while (!$recordSet2->EOF) { $selected_class_id[] = $recordSet2->fields['class_id']; $recordSet2->MoveNext(); } $sql2 = 'SELECT class_id,class_name FROM ' . $config['table_prefix'] . 'class'; $recordSet2 = $conn->execute($sql2); if ($recordSet2 === false) { $misc->log_error($sql2); } $display .= '<tr><td align="right"><b>' . $lang['admin_listings_editor_property_class'] . '</b></td><td align="left">'; $display .= '<select name="pclass[]"'; if ($config["multiple_pclass_selection"] == '1') { $display .= ' multiple="multiple" size="5"'; } $display .= '>'; while (!$recordSet2->EOF) { $class_id = $recordSet2->fields['class_id']; $class_name = $misc->make_db_unsafe($recordSet2->fields['class_name']); if (in_array($class_id, $selected_class_id, true)) { $display .= '<option value="' . $class_id . '" selected="selected">' . $class_name . '</option>'; } else { $display .= '<option value="' . $class_id . '">' . $class_name . '</option>'; } $recordSet2->MoveNext(); } $display .= '</select></td></tr>'; // End property Class Display if ($_SESSION['featureListings'] == "yes" || $_SESSION['admin_privs'] == "yes") { $display .= '<tr><td align="right"><b>' . $lang['admin_listings_editor_featured'] . ':</b></td><td align="left">'; $display .= '<select name="featured" size="1">'; $display .= '<option value="' . $edit_featured . '">' . $lang['' . $edit_featured . ''] . '</option>'; $display .= '<option value="">-----</option>'; $display .= '<option value="yes">' . $lang['yes'] . '</option>'; $display .= '<option value="no">' . $lang['no'] . '</option>'; $display .= '</select></td></tr>'; } // end if ($featureListings == "yes") if ($_SESSION['admin_privs'] == "yes" || $_SESSION['moderator'] == 'yes') { $display .= '<tr><td align="right"><b>' . $lang['admin_listings_active'] . ':</b></td><td align="left">'; $display .= '<select name="edit_active" size="1">'; $display .= '<option value="' . $edit_active . '">' . $lang['' . $edit_active . ''] . '</option>'; $display .= '<option value="">-----</option>'; $display .= '<option value="yes">' . $lang['yes'] . '</option>'; $display .= '<option value="no">' . $lang['no'] . '</option>'; $display .= '</select></td></tr>'; if ($config['moderate_listings'] == 1 && $edit_active == 'no') { $display .= '<tr><td align="right"><b>' . $lang['admin_send_notices'] . ':</b></td><td align="left">'; $display .= '<select name="send_notices" size="1">'; $display .= '<option value="no">' . $lang['no'] . '</option>'; $display .= '<option value="yes">' . $lang['yes'] . '</option>'; $display .= '</select>'; $display .= ' <a href="#" class="tooltip"><img src="images/info.gif" width="16" height="16" /><span>' . $lang['send_notices_tool_tip'] . '</span></a>'; $display .= '</td></tr>'; } } // end if ($featureListings == "yes") if (($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_expiration'] == "yes") && $config['use_expiration'] == "1") { $display .= '<tr><td align="right" class="row_main"><b>' . $lang['expiration'] . ':</b></td><td align="left"><input type="text" name="edit_expiration" value="' . $expiration . '" onFocus="javascript:vDateType=\'' . $config['date_format'] . '\'" onKeyUp="DateFormat(this,this.value,event,false,\'' . $config['date_format'] . '\')" onBlur="DateFormat(this,this.value,event,true,\'' . $config['date_format'] . '\')" />(' . $config['date_format_long'] . ')</td></tr>'; } // end if ($admin_privs == "yes" and $config[use_expiration] = "yes") if ($config["export_listings"] == 1 && $_SESSION['export_listings'] == "yes") { $display .= '<tr><td align="right"><strong>' . $lang['admin_listings_editor_mlsexport'] . ':</strong></td><td align="left">'; $display .= '<select name="mlsexport" size="1">'; $display .= '<option value="' . $edit_mlsexport . '">' . $lang['' . $edit_mlsexport . ''] . '</option>'; $display .= '<option value="">-----</option>'; $display .= '<option value="yes">' . $lang['yes'] . '</option>'; $display .= '<option value="no">' . $lang['no'] . '</option>'; $display .= '</select>'; $display .= '</td></tr>'; } else { $display .= '<input type="hidden" name="mlsexport" value="no" />'; } // Display Agent selection Option to reassign listing if ($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_all_listings'] == "yes") { $display .= '<tr><td align="right"><b>' . $lang['listing_editor_listing_agent'] . ':</b></td>'; $display .= '<td align="left" class="row_main"><select name="or_owner" size="1">'; // find the name of the agent listed as ID in $edit_or_owner $sql = "SELECT userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb WHERE (userdb_id = {$edit_or_owner})"; $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // strip slashes so input appears correctly $agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']); $agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']); $display .= "<option value=\"{$edit_or_owner}\">{$agent_last_name},{$agent_first_name}</option>"; // fill list with names of all agents $sql = "SELECT userdb_id, userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb where userdb_is_agent = 'yes' or userdb_is_admin = 'yes' ORDER BY userdb_user_last_name,userdb_user_first_name"; $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { // strip slashes so input appears correctly $agent_ID = $recordSet->fields['userdb_id']; $agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']); $agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']); $display .= "<option value=\"{$agent_ID}\">{$agent_last_name},{$agent_first_name}</option>"; $recordSet->MoveNext(); } $display .= "</select></td>"; $display .= '</tr>'; } else { $display .= '<input type="hidden" name="or_owner" value="' . $edit_or_owner . '" />'; } // Show Notes Field if ($config["show_notes_field"] == 1) { $display .= '<tr><td align="right"><b>' . $lang['admin_listings_editor_notes'] . ':</b><br /><div class="small">(' . $lang['admin_listings_editor_notes_note'] . ')</div></td><td align="left"> <textarea name="notes" rows="6" cols="40">' . $edit_notes . '</textarea></td></tr>'; } else { $display .= '<input type="hidden" name="notes" value="' . $edit_notes . '" />'; } // Show Listing Fields for this property class $sql = 'SELECT class_id from ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE listingsdb_id =' . $edit; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $class_sql = ''; while (!$recordSet->EOF()) { $class_id = $recordSet->fields['class_id']; if (empty($class_sql)) { $class_sql .= ' class_id = ' . $class_id; } else { $class_sql .= ' OR class_id = ' . $class_id; } $recordSet->MoveNext(); } $class_list = ''; $sql = "SELECT DISTINCT(listingsformelements_id) FROM " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { if (empty($class_list)) { $class_list .= $recordSet->fields['listingsformelements_id']; } else { $class_list .= ',' . $recordSet->fields['listingsformelements_id']; } $recordSet->MoveNext(); } if ($class_list == '') { $class_list = 0; } $sql = "SELECT listingsformelements_field_name, listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip FROM " . $config['table_prefix'] . "listingsformelements left join " . $config['table_prefix'] . "listingsdbelements on listingsdbelements_field_name = listingsformelements_field_name AND listingsdb_id = {$edit} WHERE listingsformelements_id IN (" . $class_list . ") ORDER BY listingsformelements_rank"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $field_name = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_name']); if (isset($_POST[$field_name])) { if (is_array($_POST[$field_name])) { $field_value = ""; foreach ($_POST[$field_name] as $feature_item) { $feature_item = $misc->make_db_unsafe($feature_item); $field_value .= "||{$feature_item}"; } // end while // now remove the first two characters $feature_insert_length = strlen($field_value); $feature_insert_length = $feature_insert_length - 2; $field_value = substr($field_value, 2, $feature_insert_length); } else { $field_value = $misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']); } } else { $field_value = $misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']); } $field_type = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_type']); $field_caption = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_caption']); $default_text = $misc->make_db_unsafe($recordSet->fields['listingsformelements_default_text']); $field_elements = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_elements']); $required = $misc->make_db_unsafe($recordSet->fields['listingsformelements_required']); $field_length = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_length']); $tool_tip = $misc->make_db_unsafe($recordSet->fields['listingsformelements_tool_tip']); // pass the data to the function $display .= $forms->renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements, $field_length, $tool_tip); $recordSet->MoveNext(); } //$editid = substr($edit, 1, -1) * 1; if ($only_my_listings == true) { $edit_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&edit=' . $edit; $delete_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&delete=' . $edit; } else { $edit_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&edit=' . $edit; $delete_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&delete=' . $edit; } $display .= '<tr><td colspan="2" align="center">' . $lang[required_form_text] . '</td></tr>'; $display .= '<tr><td colspan="2" align="center"><input type="submit" value="' . $lang[update_button] . '"> <a href="' . $delete_link . '" onclick="return confirmDelete()">' . $lang[admin_listings_editor_delete_listing] . '</a></td></tr></table></form>'; $display .= '</td></tr></table>'; } else { $display .= '<center><span class="redtext">' . $lang['admin_listings_editor_invalid_listing'] . '</span></center>'; $next_prev = '<center>' . $misc->next_prev($num_rows, $_GET['cur_page'], "", '', TRUE) . '</center>'; // put in the next/previous stuff $display .= listing_editor::show_quick_edit_bar($next_prev, $only_my_listings); } } else { // show all the listings $sql_filter = ''; if (isset($_POST['filter'])) { if ($_POST['filter'] == 'active') { $sql_filter = " AND listingsdb_active = 'yes' "; } if ($_POST['filter'] == 'inactive') { $sql_filter = " AND listingsdb_active = 'no' "; } if ($_POST['filter'] == 'expired') { $sql_filter = " AND listingsdb_expiration < " . $conn->DBDate(time()); } if ($_POST['filter'] == 'featured') { $sql_filter = " AND listingsdb_featured = 'yes' "; } if ($_POST['filter'] == 'created_1week') { $sql_filter = " AND listingsdb_creation_date >= " . $conn->DBDate(date('Y-m-d', strtotime('-1 week'))); } if ($_POST['filter'] == 'created_1month') { $sql_filter = " AND listingsdb_creation_date >= " . $conn->DBDate(date('Y-m-d', strtotime('-1 month'))); } if ($_POST['filter'] == 'created_3month') { $sql_filter = " AND listingsdb_creation_date >= " . $conn->DBDate(date('Y-m-d', strtotime('-3 month'))); } } $lookup_sql = ''; if (isset($_POST['lookup_field']) && isset($_POST['lookup_value']) && $_POST['lookup_field'] != 'listingsdb_id' && $_POST['lookup_field'] != 'listingsdb_title' && $_POST['lookup_value'] != '') { $lookup_field = $misc->make_db_safe($_POST['lookup_field']); $lookup_value = $misc->make_db_safe('%' . $_POST['lookup_value'] . '%'); $sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix'] . 'listingsdbelements WHERE listingsdbelements_field_name = ' . $lookup_field . ' AND listingsdbelements_field_value LIKE ' . $lookup_value; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $listing_ids = array(); while (!$recordSet->EOF) { $listing_ids[] = $recordSet->fields['listingsdb_id']; $recordSet->MoveNext(); } if (count($listing_ids) > 0) { $listing_ids = implode(',', $listing_ids); } else { $listing_ids = '0'; } $lookup_sql = ' AND listingsdb_id IN (' . $listing_ids . ') '; } if (isset($_POST['lookup_field']) && isset($_POST['lookup_value']) && $_POST['lookup_field'] == 'listingsdb_title' && $_POST['lookup_value'] != '') { $lookup_value = $misc->make_db_safe('%' . $_POST['lookup_value'] . '%'); $sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_title LIKE ' . $lookup_value; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $listing_ids = array(); while (!$recordSet->EOF) { $listing_ids[] = $recordSet->fields['listingsdb_id']; $recordSet->MoveNext(); } if (count($listing_ids) > 0) { $listing_ids = implode(',', $listing_ids); } else { $listing_ids = '0'; } $lookup_sql = ' AND listingsdb_id IN (' . $listing_ids . ') '; } if (isset($_POST['pclass_filter']) && $_POST['pclass_filter'] != '') { $pclass_filter = $misc->make_db_safe($_POST['pclass_filter']); $sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE class_id = ' . $pclass_filter; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $listing_ids = array(); while (!$recordSet->EOF) { $listing_ids[] = $recordSet->fields['listingsdb_id']; $recordSet->MoveNext(); } if (count($listing_ids) > 0) { $listing_ids = implode(',', $listing_ids); } else { $listing_ids = '0'; } $pclass_sql = ' AND listingsdb_id IN (' . $listing_ids . ') '; } if (isset($_POST['agent_filter']) && $_POST['agent_filter'] != '') { $agent_filter = $misc->make_db_safe($_POST['agent_filter']); $sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $agent_filter; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $listing_ids = array(); while (!$recordSet->EOF) { $listing_ids[] = $recordSet->fields['listingsdb_id']; $recordSet->MoveNext(); } if (count($listing_ids) > 0) { $listing_ids = implode(',', $listing_ids); } else { $listing_ids = '0'; } $agent_sql = ' AND listingsdb_id IN (' . $listing_ids . ') '; } // grab the number of listings from the db if ($only_my_listings == true) { $sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_mlsexport, listingsdb_notes,\tlistingsdb_expiration, listingsdb_active, listingsdb_featured, listingsdb_hit_count, userdb_emailaddress FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "userdb WHERE " . $config['table_prefix'] . "listingsdb.userdb_id = " . $config['table_prefix'] . "userdb.userdb_id AND (" . $config['table_prefix'] . "userdb.userdb_id = '{$_SESSION['userID']}') {$sql_filter} {$lookup_sql} {$pclass_sql} {$agent_sql} ORDER BY listingsdb_id ASC"; } else { $sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_mlsexport, listingsdb_notes,\tlistingsdb_expiration, listingsdb_active, listingsdb_featured, listingsdb_hit_count, userdb_emailaddress FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "userdb WHERE " . $config['table_prefix'] . "listingsdb.userdb_id = " . $config['table_prefix'] . "userdb.userdb_id {$sql_filter} {$lookup_sql} {$pclass_sql} {$agent_sql} ORDER BY listingsdb_id ASC"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $num_rows = $recordSet->RecordCount(); if (!isset($_GET['cur_page'])) { $_GET['cur_page'] = 0; } $next_prev = '<center>' . $misc->next_prev($num_rows, $_GET['cur_page'], "", '', TRUE) . '</center>'; // put in the next/previous stuff $display .= listing_editor::show_quick_edit_bar($next_prev, $only_my_listings); // build the string to select a certain number of listings per page $limit_str = $_GET['cur_page'] * $config['listings_per_page']; $recordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str); if ($recordSet === false) { $misc->log_error($sql); } $count = 0; $display .= "<br /><br />"; $page->load_page($config['admin_template_path'] . '/edit_listings.html'); $page->replace_lang_template_tags(); $page->replace_tags(); $addons = $page->load_addons(); $listing_section = $page->get_template_section('listing_dataset'); while (!$recordSet->EOF) { // alternate the colors if ($count == 0) { $count = $count + 1; } else { $count = 0; } $listing .= $listing_section; // strip slashes so input appears correctly $title = $misc->make_db_unsafe($recordSet->fields['listingsdb_title']); $notes = $misc->make_db_unsafe($recordSet->fields['listingsdb_notes']); $active = $misc->make_db_unsafe($recordSet->fields['listingsdb_active']); $featured = $misc->make_db_unsafe($recordSet->fields['listingsdb_featured']); $mlsexport = $misc->make_db_unsafe($recordSet->fields['listingsdb_mlsexport']); $email = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']); $formatted_expiration = $recordSet->UserTimeStamp($recordSet->fields['listingsdb_expiration'], $config["date_format_timestamp"]); $listingID = $recordSet->fields['listingsdb_id']; $hit_count = $misc->make_db_unsafe($recordSet->fields['listingsdb_hit_count']); if ($active == 'yes') { $active = '<span class="edit_listings_' . $active . '">' . $lang['yes'] . '</span>'; } elseif ($active == 'no') { $active = '<span class="edit_listings_' . $active . '">' . $lang['no'] . '</span>'; } if ($featured == 'yes') { $featured = '<span class="edit_listings_' . $featured . '">' . $lang['yes'] . '</span>'; } elseif ($featured == 'no') { $featured = '<span class="edit_listings_' . $featured . '">' . $lang['no'] . '</span>'; } //Add filters to link if (isset($_POST['lookup_field']) && isset($_POST['lookup_value'])) { $_GET['lookup_field'] = $_POST['lookup_field']; $_GET['lookup_value'] = $_POST['lookup_value']; } if (isset($_GET['lookup_field']) && isset($_GET['lookup_value'])) { $_POST['lookup_field'] = $_GET['lookup_field']; $_POST['lookup_value'] = $_GET['lookup_value']; } if ($only_my_listings == true) { $edit_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&edit=' . $listingID; $delete_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&delete=' . $listingID; } else { $edit_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&edit=' . $listingID; $delete_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&delete=' . $listingID; } $email_link = 'mailto:' . $email; $listing = $page->replace_listing_field_tags($listingID, $listing); $listing = $page->parse_template_section($listing, 'listingid', $listingID); $listing = $page->parse_template_section($listing, 'edit_listing_link', $edit_link); $listing = $page->parse_template_section($listing, 'delete_listing_link', $delete_link); $listing = $page->parse_template_section($listing, 'email_agent_link', $email_link); $listing = $page->parse_template_section($listing, 'listing_active_status', $active); $listing = $page->parse_template_section($listing, 'listing_featured_status', $featured); $listing = $page->parse_template_section($listing, 'listing_expiration', $formatted_expiration); $listing = $page->parse_template_section($listing, 'listing_notes', $notes); $listing = $page->parse_template_section($listing, 'row_num_even_odd', $count); $listing = $page->parse_template_section($listing, 'listing_hit_count', $hit_count); $addon_fields = $page->get_addon_template_field_list($addons); $listing = $page->parse_addon_tags($listing, $addon_fields); if ($config["use_expiration"] == 0) { $listing = $page->remove_template_block('show_expiration', $listing); } else { $listing = $page->cleanup_template_block('show_expiration', $listing); } $recordSet->MoveNext(); } // end while $page->replace_template_section('listing_dataset', $listing); $page->replace_permission_tags(); $display .= $page->return_page(); } // end if $edit == "" } else { $display .= '<div class="error_text">' . $lang['access_denied'] . '</div>'; } return $display; }
function renderFeaturedListings($num_of_listings = 0, $template_name = '', $random = FALSE, $pclass = '', $latest = FALSE) { global $conn, $lang, $config, $db_type, $current_ID; //Load the Core Template class and the Misc Class require_once $config['basepath'] . '/include/class/template/core.inc.php'; $page = new page_user(); require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); //Declare an empty display variable to hold all output from function. $display = ''; //If We have a $current_ID save it $old_current_ID = ''; if ($current_ID != '') { $old_current_ID = $current_ID; } //Get the number of listing to display by default, unless user specified an override in the template file. if ($num_of_listings == 0) { $num_of_listings = $config['num_featured_listings']; } //Load a Random set of featured listings if ($db_type == 'mysql') { $rand = 'RAND()'; } else { $rand = 'RANDOM()'; } if ($latest == TRUE) { $rand = 'listingsdb_id DESC'; } if ($random == TRUE || $latest == TRUE) { $sql_rand = ''; } else { $sql_rand = "(listingsdb_featured = 'yes') AND"; } if ($config['use_expiration'] === "1") { if ($pclass != '') { $sql = "SELECT " . $config['table_prefix'] . "listingsdb.listingsdb_id, listingsdb_title FROM " . $config['table_prefix'] . "listingsdb," . $config['table_prefix_no_lang'] . "classlistingsdb WHERe {$sql_rand} (listingsdb_active = 'yes') AND (listingsdb_expiration > " . $conn->DBDate(time()) . ") AND (" . $config['table_prefix'] . "listingsdb.listingsdb_id = " . $config['table_prefix_no_lang'] . "classlistingsdb.listingsdb_id) AND class_id = " . $pclass . " ORDER BY {$rand}"; } else { $sql = "SELECT " . $config['table_prefix'] . "listingsdb.listingsdb_id, listingsdb_title FROM " . $config['table_prefix'] . "listingsdb WHERE {$sql_rand} (listingsdb_active = 'yes') AND (listingsdb_expiration > " . $conn->DBDate(time()) . ") ORDER BY {$rand}"; } } else { if ($pclass != '') { $sql = "SELECT " . $config['table_prefix'] . "listingsdb.listingsdb_id, listingsdb_title FROM " . $config['table_prefix'] . "listingsdb," . $config['table_prefix_no_lang'] . "classlistingsdb WHERE {$sql_rand} (listingsdb_active = 'yes') AND (" . $config['table_prefix'] . "listingsdb.listingsdb_id = " . $config['table_prefix_no_lang'] . "classlistingsdb.listingsdb_id) AND class_id = " . $pclass . " ORDER BY {$rand}"; } else { $sql = "SELECT " . $config['table_prefix'] . "listingsdb.listingsdb_id, listingsdb_title FROM " . $config['table_prefix'] . "listingsdb WHERE {$sql_rand} (listingsdb_active = 'yes') ORDER BY {$rand}"; } } $recordSet = $conn->SelectLimit($sql, $num_of_listings, 0); if ($recordSet === false) { $misc->log_error($sql); } //Find out how many listing were returned $returned_num_listings = $recordSet->RecordCount(); if ($returned_num_listings >= 1) { //Load the Featured Listing Template specified in the Site Config unless a template was specified in the calling template tag. if ($template_name == '') { $page->load_page($config['template_path'] . '/' . $config['featured_listing_template']); } else { if ($random == TRUE) { $page->load_page($config['template_path'] . '/random_listing_' . $template_name . '.html'); } elseif ($latest == TRUE) { $page->load_page($config['template_path'] . '/latest_listing_' . $template_name . '.html'); } else { $page->load_page($config['template_path'] . '/featured_listing_' . $template_name . '.html'); } } // Determine if the template uses rows. // First item in array is the row conent second item is the number of block per block row $featured_template_row = $page->get_template_section_row('featured_listing_block_row'); if (is_array($featured_template_row)) { $row = $featured_template_row[0]; $col_count = $featured_template_row[1]; $user_rows = true; $x = 1; //Create an empty array to hold the row conents $new_row_data = array(); } else { $user_rows = false; } $featured_template_section = ''; while (!$recordSet->EOF) { if ($user_rows == true && $x > $col_count) { //We are at then end of a row. Save the template section as a new row. $new_row_data[] = $page->replace_template_section('featured_listing_block', $featured_template_section, $row); //$new_row_data[] = $featured_template_section; $featured_template_section = $page->get_template_section('featured_listing_block'); $x = 1; } else { $featured_template_section .= $page->get_template_section('featured_listing_block'); } $listing_title = $misc->make_db_unsafe($recordSet->fields['listingsdb_title']); $current_ID = $misc->make_db_unsafe($recordSet->fields['listingsdb_id']); if ($config['url_style'] == '1') { $featured_url = 'index.php?action=listingview&listingID=' . $current_ID; } else { $url_title = str_replace("/", "", $listing_title); $url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title)); $featured_url = 'listing-' . misc::urlencode_to_sef($url_title) . '-' . $current_ID . '.html'; } $featured_template_section = $page->replace_listing_field_tags($current_ID, $featured_template_section); $featured_template_section = $page->replace_listing_field_tags($current_ID, $featured_template_section); $featured_template_section = $page->parse_template_section($featured_template_section, 'featured_url', $featured_url); $featured_template_section = $page->parse_template_section($featured_template_section, 'listingid', $current_ID); // Start {isfavorite} featured template section tag if (isset($_SESSION['userID'])) { $userID = $misc->make_db_safe($_SESSION['userID']); $sql1 = "SELECT listingsdb_id FROM " . $config['table_prefix'] . "userfavoritelistings WHERE ((listingsdb_id = {$current_ID}) AND (userdb_id={$userID}))"; $recordSet1 = $conn->Execute($sql1); if ($recordSet1 === false) { $misc->log_error($sql1); } $favorite_listingsdb_id = $misc->make_db_unsafe($recordSet1->fields['listingsdb_id']); if ($favorite_listingsdb_id !== $current_ID) { $isfavorite = "no"; $featured_template_section = $page->parse_template_section($featured_template_section, 'isfavorite', $isfavorite); } else { $isfavorite = "yes"; $featured_template_section = $page->parse_template_section($featured_template_section, 'isfavorite', $isfavorite); } } // End {isfavorite} featured template section tag // Setup Image Tags $sql2 = "SELECT listingsimages_thumb_file_name,listingsimages_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE (listingsdb_id = {$current_ID}) ORDER BY listingsimages_rank"; $recordSet2 = $conn->SelectLimit($sql2, 1, 0); if ($recordSet2 === false) { $misc->log_error($sql2); } if ($recordSet2->RecordCount() > 0) { $thumb_file_name = $misc->make_db_unsafe($recordSet2->fields['listingsimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet2->fields['listingsimages_file_name']); if ($thumb_file_name != "" && file_exists("{$config['listings_upload_path']}/{$thumb_file_name}")) { // gotta grab the thumbnail image size $imagedata = GetImageSize("{$config['listings_upload_path']}/{$thumb_file_name}"); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $shrinkage = $config['thumbnail_width'] / $imagewidth; $featured_thumb_width = $imagewidth * $shrinkage; $featured_thumb_height = $imageheight * $shrinkage; $featured_thumb_src = $config['listings_view_images_path'] . '/' . $thumb_file_name; // gotta grab the thumbnail image size $imagedata = GetImageSize("{$config['listings_upload_path']}/{$file_name}"); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $featured_width = $imagewidth; $featured_height = $imageheight; $featured_src = $config['listings_view_images_path'] . '/' . $file_name; } } else { if ($config['show_no_photo'] == 1) { $imagedata = GetImageSize("images/nophoto.gif"); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $shrinkage = $config['thumbnail_width'] / $imagewidth; $featured_thumb_width = $imagewidth * $shrinkage; $featured_thumb_height = $imageheight * $shrinkage; $featured_thumb_src = "images/nophoto.gif"; $featured_width = $featured_thumb_width; $featured_height = $featured_thumb_height; $featured_src = "images/nophoto.gif"; } else { $featured_thumb_width = ''; $featured_thumb_height = ''; $featured_thumb_src = ''; $featured_width = ''; $featured_height = ''; $featured_src = ''; } } if (!empty($featured_thumb_src)) { $featured_template_section = $page->parse_template_section($featured_template_section, 'featured_thumb_src', $featured_thumb_src); $featured_template_section = $page->parse_template_section($featured_template_section, 'featured_thumb_height', $featured_thumb_height); $featured_template_section = $page->parse_template_section($featured_template_section, 'featured_thumb_width', $featured_thumb_width); $featured_template_section = $page->cleanup_template_block('featured_img', $featured_template_section); } else { $featured_template_section = $page->remove_template_block('featured_img', $featured_template_section); } if (!empty($featured_src)) { $featured_template_section = $page->parse_template_section($featured_template_section, 'featured_large_src', $featured_src); $featured_template_section = $page->parse_template_section($featured_template_section, 'featured_large_height', $featured_height); $featured_template_section = $page->parse_template_section($featured_template_section, 'featured_large_width', $featured_width); $featured_template_section = $page->cleanup_template_block('featured_img_large', $featured_template_section); } else { $featured_template_section = $page->remove_template_block('featured_img_large', $featured_template_section); } $recordSet->MoveNext(); if ($user_rows == true) { $x++; } } if ($user_rows == true) { $featured_template_section = $page->cleanup_template_block('featured_listing', $featured_template_section); $new_row_data[] = $page->replace_template_section('featured_listing_block', $featured_template_section, $row); $replace_row = ''; foreach ($new_row_data as $rows) { $replace_row .= $rows; } $page->replace_template_section_row('featured_listing_block_row', $replace_row); } else { $page->replace_template_section('featured_listing_block', $featured_template_section); } $page->replace_permission_tags(); $page->auto_replace_tags(); $display .= $page->return_page(); } $current_ID = ''; if ($old_current_ID != '') { $current_ID = $old_current_ID; } return $display; }
function view_user() { global $conn, $lang, $config, $user; require_once $config['basepath'] . '/include/misc.inc.php'; require_once $config['basepath'] . '/include/images.inc.php'; $display = ''; $user = intval($_GET['user']); if ($user != "") { $misc = new misc(); $sql = "SELECT userdb_is_agent, userdb_is_admin FROM " . $config['table_prefix'] . "userdb WHERE userdb_id = " . $user . ""; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // get main listings data while (!$recordSet->EOF) { $is_agent = $misc->make_db_unsafe($recordSet->fields['userdb_is_agent']); $is_admin = $misc->make_db_unsafe($recordSet->fields['userdb_is_admin']); $recordSet->MoveNext(); } // end while if ($is_agent == 'yes' || $is_admin == true && $config["show_listedby_admin"] == 1) { require_once dirname(__FILE__) . '/class/template/core.inc.php'; $page = new page_user(); require_once dirname(__FILE__) . '/images.inc.php'; $image_handler = new image_handler(); require_once dirname(__FILE__) . '/files.inc.php'; $file_handler = new file_handler(); $page->load_page($config['template_path'] . '/' . $config['agent_template']); //Replace Tags $page->page = str_replace('{user_last_name}', $this->get_user_last_name($user), $page->page); $page->page = str_replace('{user_first_name}', $this->get_user_first_name($user), $page->page); $page->page = str_replace('{user_images_thumbnails}', $image_handler->renderUserImages($user), $page->page); $page->page = str_replace('{user_display_info}', $this->renderUserInfo($user), $page->page); $page->page = str_replace('{user_contact_link}', $this->contact_agent_link($user), $page->page); $page->page = str_replace('{user_vcard_link}', $this->vcard_agent_link($user), $page->page); $page->page = str_replace('{user_listings_list}', $this->userListings($user), $page->page); $page->page = str_replace('{user_hit_count}', $this->userHitcount($user), $page->page); $page->page = str_replace('{user_id}', $user, $page->page); $page->page = str_replace('{user_listings_link}', $this->userListingsLink($user), $page->page); $page->page = str_replace('{files_user_horizontal}', $file_handler->render_templated_files($user, 'user', 'horizontal'), $page->page); $page->page = str_replace('{files_user_vertical}', $file_handler->render_templated_files($user, 'user', 'vertical'), $page->page); $page->page = str_replace('{user_files_select}', $file_handler->render_files_select($user, 'user'), $page->page); // Handle Caption Only $page->page = preg_replace_callback('/{user_field_([^{}]*?)_caption}/', create_function('$matches', 'global $config,$user,$lang;require_once($config[\'basepath\'].\'/include/user.inc.php\'); return user::renderSingleListingItem($user, $matches[1],\'caption\');'), $page->page); // Hanle VlaueOnly $page->page = preg_replace_callback('/{user_field_([^{}]*?)_value}/', create_function('$matches', 'global $config,$user,$lang;require_once($config[\'basepath\'].\'/include/user.inc.php\'); return user::renderSingleListingItem($user, $matches[1],\'value\');'), $page->page); // Handle Raw Value $page->page = preg_replace_callback('/{user_field_([^{}]*?)_rawvalue}/', create_function('$matches', 'global $config,$user,$lang;require_once($config[\'basepath\'].\'/include/user.inc.php\'); return user::renderSingleListingItem($user, $matches[1],\'rawvalue\');'), $page->page); // Handle Both Caption and Value $page->page = preg_replace_callback('/{user_field_([^{}]*?)}/', create_function('$matches', 'global $config,$user,$lang;require_once($config[\'basepath\'].\'/include/user.inc.php\'); return user::renderSingleListingItem($user, $matches[1]);'), $page->page); // Insert Agent Image $sql2 = "SELECT userimages_thumb_file_name FROM " . $config['table_prefix'] . "userimages WHERE userdb_id = {$user} ORDER BY userimages_rank"; $recordSet2 = $conn->Execute($sql2); if ($recordSet2 === false) { $misc->log_error($sql2); } $num_images = $recordSet2->RecordCount(); if ($num_images == 0) { if ($config['show_no_photo'] == 1) { $agent_image = '<img src="images/nophoto.gif" alt="' . $lang['no_photo'] . '" />'; $raw_agent_image = 'images/nophoto.gif'; } else { $agent_image = ''; $raw_agent_image = ''; } $page->page = $page->parse_template_section($page->page, 'agent_image_thumb_1', $agent_image); $page->page = $page->parse_template_section($page->page, 'raw_agent_image_thumb_1', $raw_agent_image); } $x = 1; while (!$recordSet2->EOF) { $thumb_file_name = $misc->make_db_unsafe($recordSet2->fields['userimages_thumb_file_name']); if ($thumb_file_name != "") { // gotta grab the image size $imagedata = GetImageSize("{$config['user_upload_path']}/{$thumb_file_name}"); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $shrinkage = $config['thumbnail_width'] / $imagewidth; $displaywidth = $imagewidth * $shrinkage; $displayheight = $imageheight * $shrinkage; $agent_image = '<img src="' . $config['user_view_images_path'] . '/' . $thumb_file_name . '" height="' . $displayheight . '" width="' . $displaywidth . '" alt="' . $thumb_file_name . '" />'; $raw_agent_image = $config['user_view_images_path'] . '/' . $thumb_file_name; } // end if ($thumb_file_name != "") // We have the image so insert it into the section. $page->page = $page->parse_template_section($page->page, 'agent_image_thumb_' . $x, $agent_image); $page->page = $page->parse_template_section($page->page, 'raw_agent_image_thumb_' . $x, $raw_agent_image); $x++; $recordSet2->MoveNext(); } // end while $page->page = preg_replace('{agent_image_thumb_(.*?)}', '', $page->page); $page->page = preg_replace('{raw_agent_image_thumb_(.*?)}', '', $page->page); $display = $page->page; } else { $display = $lang['user_manager_invalid_user_id']; } } return $display; }
/** * **************************************************************************\ * Open-Realty - search_results Function * * -------------------------------------------- * * This is the search_results function. The listing_browse page is called is* * also now a funciton called search_results_old * * \************************************************************************** */ function search_results($return_ids_only = false) { $DEBUG_SQL = FALSE; global $config, $conn, $lang, $current_ID, $db_type; require_once $config['basepath'] . '/include/misc.inc.php'; require_once $config['basepath'] . '/include/class/template/core.inc.php'; $misc = new misc(); $page = new page(); // Load any addons $addons = $page->load_addons(); $guidestring = ""; $guidestring_with_sort = ""; // Save GET // Deal with & still being in the URL foreach ($_GET as $k => $v) { if (strpos($k, 'amp;') !== false) { $new_k = str_replace('amp;', '', $k); $_GET[$new_k] = $v; unset($_GET[$k]); } } //Deal with googlebot double encoding URLS. foreach ($_GET as $k => $v) { if (strpos($k, '%5B%5D') !== false) { $new_k = str_replace('%5B%5D', '', $k); $_GET[$new_k][] = $v; unset($_GET[$k]); } } foreach ($_GET as $k => $v) { if ($v != '' && $k != 'listingID' && $k != 'cur_page' && $k != 'action' && $k != 'PHPSESSID' && $k != 'sortby' && $k != 'sorttype' && $k != 'printer_friendly' && $k != 'template') { if (is_array($v)) { foreach ($v as $vitem) { $guidestring .= '&' . urlencode("{$k}") . '[]=' . urlencode("{$vitem}"); } } else { $guidestring .= '&' . urlencode("{$k}") . '=' . urlencode("{$v}"); } } } $display = ''; // Now we get the GET and build our WHERE CLAUSE $searchresultSQL = ''; // Set ImageONly to False $imageonly = false; $vtoursonly = false; $tablelist = array(); $tablelist_fullname = array(); $postalcode_dist_lat = ''; $postalcode_dist_long = ''; $postalcode_dist_dist = ''; $latlong_dist_lat = ''; $latlong_dist_long = ''; $latlong_dist_dist = ''; $city_dist_lat = ''; $city_dist_long = ''; $city_dist_dist = ''; foreach ($_GET as $k => $v) { if ($k == "sortby") { $guidestring_with_sort = "{$k}={$v}"; } elseif ($k == "sorttype") { $guidestring_with_sort = "{$k}={$v}&"; } elseif ($k == 'PageID') { $searchresultSQL .= ''; } elseif ($k == "user_ID") { if ($v != '' && $v != 'Any Agent') { if (is_array($v)) { $sstring = ''; foreach ($v as $u) { $u = $misc->make_db_safe($u); if (empty($sstring)) { $sstring .= $config['table_prefix'] . 'listingsdb.userdb_id = ' . $u; } else { $sstring .= ' OR ' . $config['table_prefix'] . 'listingsdb.userdb_id = ' . $u; } } if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $searchresultSQL .= '(' . $sstring . ')'; } else { $sql_v = $misc->make_db_safe($v); if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $searchresultSQL .= '(' . $config['table_prefix'] . 'listingsdb.userdb_id = ' . $sql_v . ')'; } } } elseif ($k == "featuredOnly") { // $guidestring .= "&$k=$v"; if ($v == "yes") { if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $searchresultSQL = $searchresultSQL . '(' . $config['table_prefix'] . 'listingsdb.listingsdb_featured = \'yes\')'; } } elseif ($k == 'pclass') { $class_sql = ''; foreach ($v as $class) { // Ignore non numberic values if (is_numeric($class)) { if (!empty($class_sql)) { $class_sql .= ' OR '; } $class_sql .= $config['table_prefix_no_lang'] . "classlistingsdb.class_id = {$class}"; } } if (!empty($class_sql)) { if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $searchresultSQL = $searchresultSQL . '(' . $class_sql . ') AND ' . $config['table_prefix_no_lang'] . 'classlistingsdb.listingsdb_id = ' . $config['table_prefix'] . 'listingsdb.listingsdb_id'; $tablelist_fullname[] = $config['table_prefix_no_lang'] . "classlistingsdb"; } } elseif ($k == "listing_id") { $listing_id = explode(',', $v); $i = 0; if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } foreach ($listing_id as $id) { $id = $misc->make_db_safe($id); if ($i == 0) { $searchresultSQL .= '((' . $config['table_prefix'] . 'listingsdb.listingsdb_id = ' . $id . ')'; } else { $searchresultSQL .= ' OR (' . $config['table_prefix'] . 'listingsdb.listingsdb_id = ' . $id . ')'; } $i++; } $searchresultSQL .= ')'; } elseif ($k == "imagesOnly") { // Grab only listings with images if that is what we need. if ($v == "yes") { $imageonly = true; } } elseif ($k == "vtoursOnly") { // Grab only listings with images if that is what we need. if ($v == "yes") { $vtoursonly = true; } } elseif ($k == 'listing_last_modified_equal') { if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $safe_v = $conn->DBTimeStamp($v); $searchresultSQL .= " listingsdb_last_modified = {$safe_v}"; //listingsdb_last_modified } elseif ($k == 'listing_last_modified_greater') { if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $safe_v = $conn->DBTimeStamp($v); $searchresultSQL .= " listingsdb_last_modified > {$safe_v}"; //listingsdb_last_modified } elseif ($k == 'listing_last_modified_less') { if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $safe_v = $conn->DBTimeStamp($v); $searchresultSQL .= " listingsdb_last_modified < {$safe_v}"; //listingsdb_last_modified } elseif ($k == 'latlong_dist_lat' || $k == 'latlong_dist_long' || $k == 'latlong_dist_dist' && $v != '') { switch ($k) { case 'latlong_dist_lat': $latlong_dist_lat = $v; break; case 'latlong_dist_long': $latlong_dist_long = $v; break; case 'latlong_dist_dist': $latlong_dist_dist = $v; break; } } elseif ($k == 'postalcode_dist_code' && $v != '') { $postalcode = $misc->make_db_safe($v); $sql = 'SELECT zipdist_latitude, zipdist_longitude FROM ' . $config['table_prefix_no_lang'] . 'zipdist WHERE zipdist_zipcode =' . $postalcode; $postalcode_recordSet = $conn->Execute($sql); if ($postalcode_recordSet === false) { $misc->log_error($sql); } $postalcode_dist_lat = $misc->make_db_unsafe($postalcode_recordSet->fields['zipdist_latitude']); $postalcode_dist_long = $misc->make_db_unsafe($postalcode_recordSet->fields['zipdist_longitude']); } elseif ($k == 'postalcode_dist_dist' && $v != '') { $postalcode_dist_dist = $v; } elseif ($k == 'city_dist_code' && $v != '') { $city = $misc->make_db_safe($v); $sql = 'SELECT zipdist_latitude, zipdist_longitude FROM ' . $config['table_prefix_no_lang'] . 'zipdist WHERE zipdist_cityname =' . $city; $city_recordSet = $conn->Execute($sql); if ($city_recordSet === false) { $misc->log_error($sql); } $city_dist_lat = $misc->make_db_unsafe($city_recordSet->fields['zipdist_latitude']); $city_dist_long = $misc->make_db_unsafe($city_recordSet->fields['zipdist_longitude']); } elseif ($k == 'city_dist_dist' && $v != '') { $city_dist_dist = $v; } elseif ($v != '' && $k != 'listingID' && $k != 'postalcode_dist_code' && $k != 'postalcode_dist_dist' && $k != 'city_dist_code' && $k != 'city_dist_dist' && $k != 'latlong_dist_lat' && $k != 'latlong_dist_long' && $k != 'latlong_dist_dist' && $k != 'cur_page' && $k != 'action' && $k != 'PHPSESSID' && $k != 'sortby' && $k != 'sorttype' && $k != 'printer_friendly' && $k != 'template' && $k != 'pclass' && $k != 'listing_last_modified_less' && $k != 'listing_last_modified_equal' && $k != 'listing_last_modified_greater') { if (!is_array($v)) { if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } //Handle NULL/NOTNULL Searches if (substr($k, -5) == '-NULL' && $v == '1') { $subk = substr($k, 0, -5); $searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND (`{$subk}`.listingsdbelements_field_value IS NULL OR `{$subk}`.listingsdbelements_field_value = ''))"; if (!in_array($subk, $tablelist)) { $tablelist[] = $subk; } } elseif (substr($k, -8) == '-NOTNULL' && $v == '1') { $subk = substr($k, 0, -8); $searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND (`{$subk}`.listingsdbelements_field_value IS NOT NULL AND `{$subk}`.listingsdbelements_field_value <> ''))"; if (!in_array($subk, $tablelist)) { $tablelist[] = $subk; } } elseif (substr($k, -4) == '-max') { $subk = substr($k, 0, -4); if ($db_type == 'mysql') { $searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND CAST(`{$subk}`.listingsdbelements_field_value as signed) <= '{$v}')"; } else { $searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND CAST(`{$subk}`.listingsdbelements_field_value as int4) <= '{$v}')"; } if (!in_array($subk, $tablelist)) { $tablelist[] = $subk; } } else { if (substr($k, -4) == '-min') { $subk = substr($k, 0, -4); if ($db_type == 'mysql') { $searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND CAST(`{$subk}`.listingsdbelements_field_value as signed) >= '{$v}')"; } else { $searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND CAST(`{$subk}`.listingsdbelements_field_value as int4) >= '{$v}')"; } if (!in_array($subk, $tablelist)) { $tablelist[] = $subk; } } elseif (substr($k, -8) == '-maxdate') { if ($config['date_format'] == 1) { $format = "%m/%d/%Y"; } elseif ($config['date_format'] == 2) { $format = "%Y/%d/%m"; } elseif ($config['date_format'] == 3) { $format = "%d/%m/%Y"; } $v = $misc->parseDate($v, $format); $subk = urldecode(substr($k, 0, -8)); $searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND `{$subk}`.listingsdbelements_field_value <= '{$v}')"; if (!in_array($subk, $tablelist)) { $tablelist[] = $subk; } } else { if (substr($k, -8) == '-mindate') { if ($config['date_format'] == 1) { $format = "%m/%d/%Y"; } elseif ($config['date_format'] == 2) { $format = "%Y/%d/%m"; } elseif ($config['date_format'] == 3) { $format = "%d/%m/%Y"; } $v = $misc->parseDate($v, $format); $subk = urldecode(substr($k, 0, -8)); $searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND `{$subk}`.listingsdbelements_field_value >= '{$v}')"; if (!in_array($subk, $tablelist)) { $tablelist[] = $subk; } } else { if (substr($k, -5) == '-date') { if ($config['date_format'] == 1) { $format = "%m/%d/%Y"; } elseif ($config['date_format'] == 2) { $format = "%Y/%d/%m"; } elseif ($config['date_format'] == 3) { $format = "%d/%m/%Y"; } $v = $misc->parseDate($v, $format); $subk = urldecode(substr($k, 0, -5)); $searchresultSQL .= "(`{$subk}`.listingsdbelements_field_name = '{$subk}' AND `{$subk}`.listingsdbelements_field_value = '{$v}')"; if (!in_array($subk, $tablelist)) { $tablelist[] = $subk; } } elseif ($k == 'searchtext') { $safe_v = addslashes($v); $searchresultSQL .= "((`{$k}`.listingsdbelements_field_value like '%{$safe_v}%') OR (listingsdb_title like '%{$safe_v}%'))"; $tablelist[] = $k; } else { $safe_v = $misc->make_db_safe($v); $searchresultSQL .= "(`{$k}`.listingsdbelements_field_name = '{$k}' AND `{$k}`.listingsdbelements_field_value = {$safe_v})"; $tablelist[] = $k; } } } } } else { // Make Sure Array is not empty $use = false; $comma_separated = implode(" ", $v); if (trim($comma_separated) != '') { $use = true; if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } } if ($use === true) { if (substr($k, -3) == '_or') { $k = substr($k, 0, strlen($k) - 3); $safe_k = addslashes($k); $searchresultSQL .= "(`{$safe_k}`.listingsdbelements_field_name = '{$safe_k}' AND ("; $vitem_count = 0; foreach ($v as $vitem) { $safe_vitem = addslashes($vitem); if ($vitem != '') { if ($vitem_count != 0) { $searchresultSQL .= " OR `{$safe_k}`.listingsdbelements_field_value LIKE '%{$safe_vitem}%'"; } else { $searchresultSQL .= " `{$safe_k}`.listingsdbelements_field_value LIKE '%{$safe_vitem}%'"; } $vitem_count++; } } $searchresultSQL .= "))"; $tablelist[] = $safe_k; } else { $safe_k = addslashes($k); $searchresultSQL .= "(`{$safe_k}`.listingsdbelements_field_name = '{$safe_k}' AND ("; $vitem_count = 0; foreach ($v as $vitem) { $safe_vitem = addslashes($vitem); if ($vitem != '') { if ($vitem_count != 0) { $searchresultSQL .= " AND `{$safe_k}`.listingsdbelements_field_value LIKE '%{$safe_vitem}%'"; } else { $searchresultSQL .= " `{$safe_k}`.listingsdbelements_field_value LIKE '%{$safe_vitem}%'"; } $vitem_count++; } } $searchresultSQL .= "))"; $tablelist[] = $safe_k; } } } } } if ($postalcode_dist_lat != '' && $postalcode_dist_long != '' && $postalcode_dist_dist != '') { $sql = "SELECT zipdist_zipcode FROM {$config['table_prefix_no_lang']}zipdist WHERE (POW((69.1*(zipdist_longitude-\"{$postalcode_dist_long}\")*cos({$postalcode_dist_lat}/57.3)),\"2\")+POW((69.1*(zipdist_latitude-\"{$postalcode_dist_lat}\")),\"2\"))<({$postalcode_dist_dist}*{$postalcode_dist_dist}) "; $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } $zipcodes = array(); while (!$recordSet->EOF) { $zipcodes[] = $recordSet->fields['zipdist_zipcode']; $recordSet->MoveNext(); } $pc_field_name = $config["map_zip"]; // Build Search Query // Make Sure Array is not empty $use = false; $comma_separated = implode(" ", $zipcodes); if (trim($comma_separated) != '') { $use = true; if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } } if ($use === true) { $searchresultSQL .= "(`{$pc_field_name}`.listingsdbelements_field_name = '{$pc_field_name}' AND ("; $vitem_count = 0; foreach ($zipcodes as $vitem) { $safe_vitem = addslashes($vitem); if ($vitem != '') { if ($vitem_count != 0) { $searchresultSQL .= " OR `{$pc_field_name}`.listingsdbelements_field_value = '{$save_vitem}'"; } else { $searchresultSQL .= " `{$pc_field_name}`.listingsdbelements_field_value = '{$safe_vitem}'"; } $vitem_count++; } } $searchresultSQL .= "))"; $tablelist[] = $pc_field_name; } } if ($city_dist_lat != '' && $city_dist_long != '' && $city_dist_dist != '') { $sql = "SELECT zipdist_zipcode FROM {$config['table_prefix_no_lang']}zipdist WHERE (POW((69.1*(zipdist_longitude-\"{$city_dist_long}\")*cos({$city_dist_lat}/57.3)),\"2\")+POW((69.1*(zipdist_latitude-\"{$city_dist_lat}\")),\"2\"))<({$city_dist_dist}*{$city_dist_dist}) "; $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } $zipcodes = array(); while (!$recordSet->EOF) { $zipcodes[] = $recordSet->fields['zipdist_zipcode']; $recordSet->MoveNext(); } $pc_field_name = $config["map_zip"]; // Build Search Query // Make Sure Array is not empty $use = false; $comma_separated = implode(" ", $zipcodes); if (trim($comma_separated) != '') { $use = true; if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } } if ($use === true) { $searchresultSQL .= "(`{$pc_field_name}`.listingsdbelements_field_name = '{$pc_field_name}' AND ("; $vitem_count = 0; foreach ($zipcodes as $vitem) { $safe_vitem = addslashes($vitem); if ($vitem != '') { if ($vitem_count != 0) { $searchresultSQL .= " OR `{$pc_field_name}`.listingsdbelements_field_value = '{$safe_vitem}'"; } else { $searchresultSQL .= " `{$pc_field_name}`.listingsdbelements_field_value = '{$safe_vitem}'"; } $vitem_count++; } } $searchresultSQL .= "))"; $tablelist[] = $pc_field_name; } } //Lat Long Distance if ($latlong_dist_lat != '' && $latlong_dist_long != '' && $latlong_dist_dist != '') { /* max_lon = lon1 + arcsin(sin(D/R)/cos(lat1)) min_lon = lon1 - arcsin(sin(D/R)/cos(lat1)) max_lat = lat1 + (180/pi)(D/R) min_lat = lat1 - (180/pi)(D/R) */ //$max_long = $latlong_dist_long + asin(sin($latlong_dist_dist/3956)/cos($latlong_dist_lat)); //$min_long = $latlong_dist_long - asin(sin($latlong_dist_dist/3956)/cos($latlong_dist_lat)); //$max_lat = $latlong_dist_lat + (180/pi())*($latlong_dist_dist/3956); //$min_lat = $latlong_dist_lat - (180/pi())*($latlong_dist_dist/3956); /* Latitude: Apparently a degree of latitude expressed in miles does vary slighty by latitude (http://www.ncgia.ucsb.edu/education/curricula/giscc/units/u014/tables/table01.html) but for our purposes, I suggest we use 1 degree latitude = 69 miles. Longitude: This is more tricky one since it varies by latitude (http://www.ncgia.ucsb.edu/education/curricula/giscc/units/u014/tables/table02.html). The simplest formula seems to be: 1 degree longitude expressed in miles = cos (latitude) * 69.17 miles */ //Get Correct Milage for ong based on lat. $cos_long = 69.17; if ($latlong_dist_lat >= 10) { $cos_long = 68.13; } if ($latlong_dist_lat >= 20) { $cos_long = 65.03; } if ($latlong_dist_lat >= 30) { $cos_long = 59.95; } if ($latlong_dist_lat >= 40) { $cos_long = 53.06; } if ($latlong_dist_lat >= 50) { $cos_long = 44.55; } if ($latlong_dist_lat >= 60) { $cos_long = 34.67; } if ($latlong_dist_lat >= 70) { $cos_long = 23.73; } if ($latlong_dist_lat >= 80) { $cos_long = 12.05; } if ($latlong_dist_lat >= 90) { $cos_long = 0; } $max_long = $latlong_dist_long + $latlong_dist_dist / (cos(deg2rad($latlong_dist_lat)) * $cos_long); $min_long = $latlong_dist_long - $latlong_dist_dist / (cos(deg2rad($latlong_dist_lat)) * $cos_long); $max_lat = $latlong_dist_lat + $latlong_dist_dist / 69; $min_lat = $latlong_dist_lat - $latlong_dist_dist / 69; // if ($max_lat < $min_lat) { $max_lat2 = $min_lat; $min_lat = $max_lat; $max_lat = $max_lat2; } if ($max_long < $min_long) { $max_long2 = $min_long; $min_long = $max_long; $max_long = $max_long2; } // Lat and Long Fields $sql = "SELECT listingsformelements_field_name FROM " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_field_type = 'lat'"; $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } $lat_field = $recordSet->fields['listingsformelements_field_name']; $sql = "SELECT listingsformelements_field_name FROM " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_field_type = 'long'"; $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } $long_field = $recordSet->fields['listingsformelements_field_name']; if ($lat_field != '' & $long_field != '') { $tablelist[] = $lat_field; $tablelist[] = $long_field; if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $searchresultSQL .= "(`{$lat_field}`.listingsdbelements_field_name = '{$lat_field}' AND `{$lat_field}`.listingsdbelements_field_value+0 <= '{$max_lat}')"; if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $searchresultSQL .= "(`{$lat_field}`.listingsdbelements_field_name = '{$lat_field}' AND `{$lat_field}`.listingsdbelements_field_value+0 >= '{$min_lat}')"; if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $searchresultSQL .= "(`{$long_field}`.listingsdbelements_field_name = '{$long_field}' AND `{$long_field}`.listingsdbelements_field_value+0 <= '{$max_long}')"; if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $searchresultSQL .= "(`{$long_field}`.listingsdbelements_field_name = '{$long_field}' AND `{$long_field}`.listingsdbelements_field_value+0 >= '{$min_long}')"; } } // Handle Sorting // sort the listings // this is the main SQL that grabs the listings // basic sort by title.. $group_order_text = ''; $sortby = ''; $sorttype = ''; if ($config["special_sortby"] != 'none') { $sortby = $config["special_sortby"] . ','; $sorttype = $config["special_sorttype"] . ','; } if (!isset($_GET['sortby'])) { $_GET['sortby'] = $config["sortby"]; } if (!isset($_GET['sorttype'])) { $_GET['sorttype'] = $config["sorttype"]; } $sortby .= $_GET['sortby']; $sorttype .= $_GET['sorttype']; $sql_sort_type = ''; $sortby_array = explode(',', $sortby); $sorttype_array = explode(',', $sorttype); $sort_text = ''; $order_text = ''; $group_order_text = ''; $tablelist_nosort = $tablelist; $sort_count = count($sortby_array); for ($x = 0; $x < $sort_count; $x++) { //make sure user input is sanitized before adding to query string $sortby_array[$x] = $misc->sanitize($sortby_array[$x]); $sorttype_array[$x] = $misc->sanitize($sorttype_array[$x], 4); //limit length to 4 characters as sorttype can only be ASC or DESC if ($sorttype_array[$x] != 'ASC' && $sorttype_array[$x] != 'DESC') { $sorttype_array[$x] = ''; } if ($sortby_array[$x] == 'listingsdb_id') { if ($x == 0) { $order_text .= 'ORDER BY listingsdb_id ' . $sorttype_array[$x]; } else { $order_text .= ',listingsdb_id ' . $sorttype_array[$x]; } } elseif ($sortby_array[$x] == 'listingsdb_title') { if ($x == 0) { $order_text .= 'ORDER BY listingsdb_title ' . $sorttype_array[$x]; } else { $order_text .= ',listingsdb_title ' . $sorttype_array[$x]; } } elseif ($sortby_array[$x] == 'random') { if ($x == 0) { $order_text .= 'ORDER BY rand() ' . $sorttype_array[$x]; } else { $order_text .= ',rand() ' . $sorttype_array[$x]; } } elseif ($sortby_array[$x] == 'listingsdb_featured') { if ($x == 0) { $order_text .= 'ORDER BY listingsdb_featured ' . $sorttype_array[$x]; } else { $order_text .= ',listingsdb_featured ' . $sorttype_array[$x]; } } elseif ($sortby_array[$x] == 'listingsdb_last_modified') { if ($x == 0) { $order_text .= 'ORDER BY listingsdb_last_modified ' . $sorttype_array[$x]; } else { $order_text .= ',listingsdb_last_modified ' . $sorttype_array[$x]; } } elseif ($sortby_array[$x] == 'pclass') { if ($searchresultSQL != '') { $searchresultSQL .= ' AND '; } $searchresultSQL .= $config['table_prefix_no_lang'] . 'classlistingsdb.listingsdb_id = ' . $config['table_prefix'] . 'listingsdb.listingsdb_id AND ' . $config['table_prefix_no_lang'] . 'classlistingsdb.class_id = ' . $config['table_prefix'] . 'class.class_id '; $tablelist_fullname[] = $config['table_prefix_no_lang'] . "classlistingsdb"; $tablelist_fullname[] = $config['table_prefix'] . 'class'; if ($x == 0) { $order_text .= 'ORDER BY ' . $config['table_prefix'] . 'class.class_name ' . $sorttype_array[$x]; } else { $order_text .= ',' . $config['table_prefix'] . 'class.class_name ' . $sorttype_array[$x]; } } else { // Check if field is a number or price field and cast the order. $sort_by_field = $misc->make_db_extra_safe($sortby_array[$x]); $sql_sort_type = 'SELECT listingsformelements_field_type FROM ' . $config['table_prefix'] . 'listingsformelements WHERE listingsformelements_field_name = ' . $sort_by_field; $recordSet_sort_type = $conn->Execute($sql_sort_type); if (!$recordSet_sort_type) { $misc->log_error($sql_sort_type); } $field_type = $recordSet_sort_type->fields['listingsformelements_field_type']; if ($field_type == 'price' || $field_type == 'number' || $field_type == 'decimal') { $tablelist[] = 'sort' . $x; $sort_text .= 'AND (sort' . $x . '.listingsdbelements_field_name = ' . $sort_by_field . ') '; global $db_type; if ($db_type == 'mysql') { if ($x == 0) { $order_text .= ' ORDER BY CAST(sort' . $x . '.listingsdbelements_field_value as signed) ' . $sorttype_array[$x]; $group_order_text .= ',sort' . $x . '.listingsdbelements_field_value'; } else { $order_text .= ',CAST(sort' . $x . '.listingsdbelements_field_value as signed) ' . $sorttype_array[$x]; $group_order_text .= ',sort' . $x . '.listingsdbelements_field_value'; } } else { if ($x == 0) { $order_text .= ' ORDER BY CAST(sort' . $x . '.listingsdbelements_field_value as int4) ' . $sorttype_array[$x]; $group_order_text .= ',sort' . $x . '.listingsdbelements_field_value'; } else { $order_text .= ',CAST(sort' . $x . '.listingsdbelements_field_value as int4) ' . $sorttype_array[$x]; $group_order_text .= ',sort' . $x . '.listingsdbelements_field_value'; } } } else { $tablelist[] = 'sort' . $x; $sort_text .= 'AND (sort' . $x . '.listingsdbelements_field_name = ' . $sort_by_field . ') '; if ($x == 0) { $order_text .= ' ORDER BY sort' . $x . '.listingsdbelements_field_value ' . $sorttype_array[$x]; } else { $order_text .= ', sort' . $x . '.listingsdbelements_field_value ' . $sorttype_array[$x]; } $group_order_text .= ',sort' . $x . '.listingsdbelements_field_value'; } } } $group_order_text = $group_order_text . ' ' . $order_text; if ($imageonly == true || $vtoursonly == true) { $order_text = "GROUP BY " . $config['table_prefix'] . "listingsdb.listingsdb_id, " . $config['table_prefix'] . "listingsdb.listingsdb_title " . $group_order_text; } if ($DEBUG_SQL) { echo '<strong>Sort Type SQL:</strong> ' . $sql_sort_type . '<br />'; echo '<strong>Sort Text:</strong> ' . $sort_text . '<br />'; echo '<strong>Order Text:</strong> ' . $order_text . '<br />'; } $guidestring_with_sort = $guidestring_with_sort . $guidestring; // End of Sort $arrayLength = count($tablelist); if ($DEBUG_SQL) { echo '<strong>Table List Array Length:</strong> ' . $arrayLength . '<br />'; } $string_table_list = ''; for ($i = 0; $i < $arrayLength; $i++) { $string_table_list .= ' ,' . $config['table_prefix'] . 'listingsdbelements `' . $tablelist[$i] . '`'; } $arrayLength = count($tablelist_nosort); $string_table_list_no_sort = ''; for ($i = 0; $i < $arrayLength; $i++) { $string_table_list_no_sort .= ' ,' . $config['table_prefix'] . 'listingsdbelements `' . $tablelist[$i] . '`'; } $arrayLength = count($tablelist_fullname); if ($DEBUG_SQL) { echo '<strong>Table List Array Length:</strong> ' . $arrayLength . '<br />'; } for ($i = 0; $i < $arrayLength; $i++) { $string_table_list .= ' ,' . $tablelist_fullname[$i]; $string_table_list_no_sort .= ' ,' . $tablelist_fullname[$i]; } if ($DEBUG_SQL) { echo '<strong>Table List String:</strong> ' . $string_table_list . '<br />'; } $arrayLength = count($tablelist); $string_where_clause = ''; for ($i = 0; $i < $arrayLength; $i++) { $string_where_clause .= ' AND (' . $config['table_prefix'] . 'listingsdb.listingsdb_id = `' . $tablelist[$i] . '`.listingsdb_id)'; } $arrayLength = count($tablelist_nosort); $string_where_clause_nosort = ''; for ($i = 0; $i < $arrayLength; $i++) { $string_where_clause_nosort .= ' AND (' . $config['table_prefix'] . 'listingsdb.listingsdb_id = `' . $tablelist[$i] . '`.listingsdb_id)'; } if ($imageonly) { $searchSQL = "SELECT distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id), " . $config['table_prefix'] . "listingsdb.userdb_id, " . $config['table_prefix'] . "listingsdb.listingsdb_title FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "listingsimages " . $string_table_list . " WHERE (listingsdb_active = 'yes') " . $string_where_clause . " AND (" . $config['table_prefix'] . "listingsimages.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id) "; $searchSQLCount = "SELECT COUNT(distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id)) as total_listings FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "listingsimages " . $string_table_list_no_sort . " WHERE (listingsdb_active = 'yes') " . $string_where_clause_nosort . " AND (" . $config['table_prefix'] . "listingsimages.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id) "; } elseif ($vtoursonly) { $searchSQL = "SELECT distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id), " . $config['table_prefix'] . "listingsdb.userdb_id, " . $config['table_prefix'] . "listingsdb.listingsdb_title FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "vtourimages " . $string_table_list . " WHERE (listingsdb_active = 'yes') " . $string_where_clause . " AND (" . $config['table_prefix'] . "vtourimages.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id) "; $searchSQLCount = "SELECT COUNT(distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id)) as total_listings FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "vtourimages " . $string_table_list_no_sort . " WHERE (listingsdb_active = 'yes') " . $string_where_clause_nosort . " AND (" . $config['table_prefix'] . "vtourimages.listingsdb_id = " . $config['table_prefix'] . "listingsdb.listingsdb_id) "; } else { $searchSQL = "SELECT distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id), " . $config['table_prefix'] . "listingsdb.userdb_id, " . $config['table_prefix'] . "listingsdb.listingsdb_title FROM " . $config['table_prefix'] . "listingsdb " . $string_table_list . " WHERE (listingsdb_active = 'yes') " . $string_where_clause; $searchSQLCount = "SELECT COUNT(distinct(" . $config['table_prefix'] . "listingsdb.listingsdb_id)) as total_listings FROM " . $config['table_prefix'] . "listingsdb " . $string_table_list_no_sort . " WHERE (listingsdb_active = 'yes') " . $string_where_clause_nosort; } if ($searchresultSQL != '') { $searchSQL .= " AND " . $searchresultSQL; $searchSQLCount .= " AND " . $searchresultSQL; } if ($config['use_expiration'] == 1) { $searchSQL .= " AND (listingsdb_expiration > " . $conn->DBDate(time()) . ")"; $searchSQLCount .= " AND (listingsdb_expiration > " . $conn->DBDate(time()) . ")"; } $sql = $searchSQL . " {$sort_text} {$order_text}"; $searchSQLCount = $searchSQLCount; // We now have a complete SQL Query. Now grab the results $recordSet = $conn->Execute($searchSQLCount); if ($DEBUG_SQL) { echo '<strong>Listing Count:</strong> ' . $searchSQLCount . '<br />'; } if (!$recordSet) { $misc->log_error($searchSQLCount); } // We have the results so now we need to stack them in arrays to use with the search_result.html template file // Load the templste require_once $config['basepath'] . '/include/class/template/core.inc.php'; $page = new page_user(); if (count($_GET['pclass']) == 1 && file_exists($config['template_path'] . '/search_results_class_' . $_GET['pclass'][0] . '.html')) { $page->load_page($config['template_path'] . '/search_results_class_' . $_GET['pclass'][0] . '.html'); } else { $page->load_page($config['template_path'] . '/' . $config['search_result_template']); } // Get header section $header_section = $page->get_template_section('search_result_header'); $search_result = ''; // Ok we have the header section now get the result section $search_result_section = $page->get_template_section('search_result_dataset'); // Get the number of rows(records) we have. // $num_rows = $recordSet->RecordCount(); $num_rows = $recordSet->fields['total_listings']; if ($return_ids_only === true) { // If we are returning IDs only for the notify listing then get the id and move on. $id = array(); $resultRecordSet = $conn->Execute($sql); if (!$resultRecordSet) { $misc->log_error($sql); } if ($DEBUG_SQL) { echo '<strong>Search SQL:</strong> ' . $sql . '<br />'; } while (!$resultRecordSet->EOF) { $id[] = $resultRecordSet->fields['listingsdb_id']; $resultRecordSet->MoveNext(); } // while return $id; } elseif ($return_ids_only === 'perpage') { $id = array(); if (!isset($_GET['cur_page'])) { $_GET['cur_page'] = 0; } $limit_str = intval($_GET['cur_page']) * $config['listings_per_page']; $resultRecordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str); if (!$resultRecordSet) { $misc->log_error($sql); } if ($DEBUG_SQL) { echo '<strong>Search SQL:</strong> ' . $sql . '<br />'; } while (!$resultRecordSet->EOF) { $id[] = $resultRecordSet->fields['listingsdb_id']; $resultRecordSet->MoveNext(); } // while return $id; } else { if ($num_rows > 0) { if (!isset($_GET['cur_page'])) { $_GET['cur_page'] = 0; } // build the string to select a certain number of listings per page $limit_str = intval($_GET['cur_page']) * $config['listings_per_page']; $num_records = $config['listings_per_page']; $some_num = intval($_GET['cur_page']) + 1; $this_page_max = $some_num * $config['listings_per_page']; // Check if we're setting a maximum number of search results if ($config["max_search_results"] > 0) { // Check if we've reached the max number of listings setting. if ($this_page_max > $config["max_search_results"]) { $num_records = $this_page_max - $config["max_search_results"]; } // Failsafe check in case the max search results was set lower than the listings per page setting. if ($config["max_search_results"] < $config['listings_per_page']) { $num_records = $config["max_search_results"]; } // Adjust the $num_rows for the next_prev function to show at the max the max results setting if ($num_rows > $config["max_search_results"]) { $num_rows = $config["max_search_results"]; } } if ($config['show_next_prev_listing_page'] == 1) { // ************added for next prev navigation*********** $newurl = ''; foreach ($_GET as $k => $v) { if ($v && $k != 'cur_page' && $k != 'PHPSESSID' && $k != 'action') { if (is_array($v)) { foreach ($v as $vitem) { $newurl .= '&' . urlencode("{$k}") . '[]=' . urlencode("{$vitem}"); } } else { $newurl .= '&' . urlencode("{$k}") . '=' . urlencode("{$v}"); } } } $rtest = $conn->Execute($sql); if (!$rtest) { $misc->log_error($sql); } $_SESSION['results'] = array(); $_SESSION['titles'] = array(); while (!$rtest->EOF) { $ID = $rtest->fields['listingsdb_id']; $url_title = $rtest->fields['listingsdb_title']; $url_title = str_replace("/", "", $url_title); $url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title)); $url_title = str_replace(" ", "+", $url_title); $_SESSION['results'][] = $ID; $_SESSION['titles'][] = $url_title; $rtest->MoveNext(); } $_SESSION['cur_page'] = intval($_GET['cur_page']); $_SESSION['searchstring'] = $newurl; $_SESSION['count'] = $num_rows; // ************added for next prev navigation*********** } // Store the next_prev code as a variable to place in the template $next_prev = $misc->next_prev($num_rows, intval($_GET['cur_page']), $guidestring_with_sort); $next_prev_bottom = $misc->next_prev($num_rows, intval($_GET['cur_page']), $guidestring_with_sort, 'bottom'); $resultRecordSet = $conn->SelectLimit($sql, $num_records, $limit_str); if (!$resultRecordSet) { $misc->log_error($sql); } if ($DEBUG_SQL) { echo '<strong>Search SQL:</strong> ' . $sql . '<br />'; } // Get the the fields marked as browseable. $sql = "SELECT listingsformelements_id, listingsformelements_field_caption, listingsformelements_field_name, listingsformelements_display_priv, listingsformelements_search_result_rank FROM " . $config['table_prefix'] . "listingsformelements WHERE (listingsformelements_display_on_browse = 'Yes') AND (listingsformelements_field_type <> 'textarea') ORDER BY listingsformelements_search_result_rank"; $recordSet = $conn->Execute($sql); $num_columns = $recordSet->RecordCount(); // Get header_title $field_caption = $lang['title']; $field_name = "listingsdb_title"; $sorttypestring = ''; $sort_type_count = 0; foreach ($sortby_array as $sortby) { if ($sortby == $field_name) { if (!isset($sorttype_array[$sort_type_count]) || $sorttype_array[$sort_type_count] == 'DESC') { $reverse_sort = 'ASC'; } else { $reverse_sort = 'DESC'; } $sorttypestring = 'sorttype=' . $reverse_sort; } $sort_type_count++; } if ($sorttypestring == '') { $sorttypestring = "sorttype=ASC"; } // This is header_title it is the lang variable for title $header_title = '<a href="index.php?action=searchresults&sortby=' . $field_name . '&' . $sorttypestring . $guidestring . '">' . $field_caption . '</a>'; $header_title_no_sort = $field_caption; // Get header_title $field_caption = $lang['header_pclass']; $field_name = "pclass"; $sorttypestring = ''; $sort_type_count = 0; foreach ($sortby_array as $sortby) { if ($sortby == $field_name) { if (!isset($sorttype_array[$sort_type_count]) || $sorttype_array[$sort_type_count] == 'DESC') { $reverse_sort = 'ASC'; } else { $reverse_sort = 'DESC'; } $sorttypestring = 'sorttype=' . $reverse_sort; } $sort_type_count++; } if ($sorttypestring == '') { $sorttypestring = "sorttype=ASC"; } // This is header_title it is the lang variable for title $header_pclass = '<a href="index.php?action=searchresults&sortby=' . $field_name . '&' . $sorttypestring . $guidestring . '">' . $field_caption . '</a>'; $header_pclass_no_sort = $field_caption; $field = array(); $field_no_sort = array(); while (!$recordSet->EOF) { $x = $misc->make_db_unsafe($recordSet->fields['listingsformelements_search_result_rank']); // Check for Translations if needed if (!isset($_SESSION["users_lang"])) { $field_caption = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_caption']); } else { $listingsformelements_id = $recordSet->fields['listingsformelements_id']; $lang_sql = "SELECT listingsformelements_field_caption FROM " . $config['lang_table_prefix'] . "listingsformelements WHERE listingsformelements_id = {$listingsformelements_id}"; $lang_recordSet = $conn->Execute($lang_sql); if (!$lang_recordSet) { $misc->log_error($lang_sql); } if ($DEBUG_SQL) { echo '<strong>ML: Field Caption SQL:</strong> ' . $lang_sql . '<br />'; } $field_caption = $misc->masearch_result_datasetke_db_unsafe($lang_recordSet->fields['listingsformelements_field_caption']); } $field_name = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_name']); $display_priv = $misc->make_db_unsafe($recordSet->fields['listingsformelements_display_priv']); $display_status = false; if ($display_priv == 1) { $display_status = login::loginCheck('Member', true); } elseif ($display_priv == 2) { $display_status = login::loginCheck('Agent', true); } else { $display_status = true; } if ($display_status === true) { $sorttypestring = ''; $sort_type_count = 0; foreach ($sortby_array as $sortby) { if ($sortby == $field_name) { if (!isset($sorttype_array[$sort_type_count]) || $sorttype_array[$sort_type_count] == 'DESC') { $reverse_sort = 'ASC'; } else { $reverse_sort = 'DESC'; } $sorttypestring = 'sorttype=' . $reverse_sort; } $sort_type_count++; } if ($sorttypestring == '') { $sorttypestring = "sorttype=ASC"; } $field[$x] = '<a href="index.php?action=searchresults&sortby=' . $field_name . '&' . $sorttypestring . $guidestring . '">' . $field_caption . '</a>'; $field_no_sort[$x] = $field_caption; } $recordSet->MoveNext(); } // end while // We have all the header information so we can now parse that section $header_section = $page->parse_template_section($header_section, 'header_title', $header_title); $header_section = $page->parse_template_section($header_section, 'header_title_no_sort', $header_title_no_sort); $header_section = $page->parse_template_section($header_section, 'header_pclass', $header_pclass); $header_section = $page->parse_template_section($header_section, 'header_pclass_no_sort', $header_pclass_no_sort); foreach ($field as $x => $f) { $header_section = $page->parse_template_section($header_section, 'header_' . $x, $f); } foreach ($field_no_sort as $x => $f) { $header_section = $page->parse_template_section($header_section, 'header_' . $x . '_no_sort', $f); } // We have the title now we need the image $num_columns = $num_columns + 1; // add one for the image $count = 0; while (!$resultRecordSet->EOF) { // Start a new section for each listing. $search_result .= $search_result_section; // alternate the colors if ($count == 0) { $count = $count + 1; } else { $count = 0; } $Title = $misc->make_db_unsafe($resultRecordSet->fields['listingsdb_title']); $current_ID = $resultRecordSet->fields['listingsdb_id']; $or_owner = $resultRecordSet->fields['userdb_id']; if ($config['url_style'] == '1') { $url = '<a href="index.php?action=listingview&listingID=' . $current_ID . '">'; } else { $url_title = str_replace("/", "", $Title); $url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title)); $url = '<a href="listing-' . misc::urlencode_to_sef($url_title) . '-' . $current_ID . '.html">'; } $field_title = $url . $Title . '</a>'; // Insert the title as we grabbed it earlier $search_result = $page->parse_template_section($search_result, 'field_title', $field_title); $search_result = $page->parse_template_section($search_result, 'listingid', $current_ID); $search_result = $page->replace_listing_field_tags($current_ID, $search_result); //get distance for postal code distance searches if (isset($_GET['postalcode_dist_dist'])) { $sql3 = "SELECT listingsdbelements_field_value FROM " . $config['table_prefix'] . "listingsdbelements WHERE ((listingsdb_id = {$current_ID}) AND (listingsdbelements_field_name = '" . $config['map_zip'] . "'))"; $recordSet3 = $conn->Execute($sql3); $sql4 = 'SELECT zipdist_latitude, zipdist_longitude FROM ' . $config['table_prefix_no_lang'] . 'zipdist WHERE zipdist_zipcode =' . $recordSet3->fields['listingsdbelements_field_value']; $recordSet4 = $conn->Execute($sql4); $postalcode_distance = round($this->calculate_mileage($postalcode_dist_lat, $recordSet4->fields['zipdist_latitude'], $postalcode_dist_long, $recordSet4->fields['zipdist_longitude']), 2) . ' ' . $lang['postalcode_miles_away']; $search_result = $page->parse_template_section($search_result, 'postalcode_search_distance', $postalcode_distance); } // grab the rest of the listing's data $sql2 = "SELECT listingsdbelements_field_name, listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_display_priv, listingsformelements_search_result_rank FROM " . $config['table_prefix'] . "listingsdbelements, " . $config['table_prefix'] . "listingsformelements WHERE ((listingsdb_id = {$current_ID}) AND (listingsformelements_display_on_browse = 'Yes') " . "AND (listingsdbelements_field_name = listingsformelements_field_name)) ORDER BY listingsformelements_search_result_rank"; $recordSet2 = $conn->Execute($sql2); if ($DEBUG_SQL) { echo '<strong>Listing Data:</strong> ' . $sql2 . '<br />'; } if (!$recordSet2) { $misc->log_error($sql2); } $field = array(); $textarea = array(); while (!$recordSet2->EOF) { $field_name = $misc->make_db_unsafe($recordSet2->fields['listingsdbelements_field_name']); $field_value = $misc->make_db_unsafe($recordSet2->fields['listingsdbelements_field_value']); $field_type = $misc->make_db_unsafe($recordSet2->fields['listingsformelements_field_type']); $display_priv = $misc->make_db_unsafe($recordSet2->fields['listingsformelements_display_priv']); $x = $misc->make_db_unsafe($recordSet2->fields['listingsformelements_search_result_rank']); $display_status = false; if ($display_priv == 1) { $display_status = login::loginCheck('Member', true); } elseif ($display_priv == 2) { $display_status = login::loginCheck('Agent', true); } else { $display_status = true; } if ($display_status === true) { switch ($field_type) { case 'textarea': if ($config['add_linefeeds'] === "1") { $textarea[$x] = nl2br($field_value); } else { $textarea[$x] = $field_value; } break; case "select-multiple": case "option": case "checkbox": // handle field types with multiple options $feature_index_list = explode("||", $field_value); $field[$x] = ''; foreach ($feature_index_list as $feature_list_item) { $field[$x] .= $feature_list_item; $field[$x] .= $config['feature_list_separator']; } break; case "price": $sql3 = "SELECT listingsdbelements_field_value FROM " . $config['table_prefix'] . "listingsdbelements WHERE ((listingsdb_id = {$current_ID}) AND (listingsdbelements_field_name = 'status'))"; $recordSet3 = $conn->Execute($sql3); if (!$recordSet3) { $misc->log_error($sql3); } if ($DEBUG_SQL) { echo '<strong>Status Lookup for price field:</strong> ' . $sql3 . '<br />'; } $status = $misc->make_db_unsafe($recordSet3->fields['listingsdbelements_field_value']); $recordSet3->Close(); if ($field_value == "" && $config["zero_price"] == "1") { $money_amount = $misc->international_num_format($field_value, $config['number_decimals_price_fields']); if ($status == 'Sold') { $field[$x] = "<span style=\"text-decoration: line-through\">"; $field[$x] .= "</span><br /><span style=\"color:red;\"><strong>{$lang['mark_as_sold']}</strong></span>"; } elseif ($status == 'Pending') { $field[$x] .= "<br /><span style=\"color:green;\"><strong>{$lang['mark_as_pending']}</strong></span>"; } else { $field[$x] = $lang['call_for_price']; } } else { $money_amount = $misc->international_num_format($field_value, $config['number_decimals_price_fields']); if ($status == 'Sold') { $field[$x] = "<span style=\"text-decoration: line-through\">"; $field[$x] .= $misc->money_formats($money_amount); $field[$x] .= "</span><br /><span style=\"color:red;\"><strong>{$lang['mark_as_sold']}</strong></span>"; } elseif ($status == 'Pending') { $field[$x] = $misc->money_formats($money_amount); $field[$x] .= "<br /><span style=\"color:green;\"><strong>{$lang['mark_as_pending']}</strong></span>"; } else { $field[$x] = $misc->money_formats($money_amount); } } // end else break; case "select": if ($field_name == "Mi_business") { $sql4 = "SELECT listingsdbelements_field_value FROM " . $config['table_prefix'] . "listingsdbelements WHERE ((listingsdb_id = {$current_ID}) AND (listingsdbelements_field_name = 'Mi_business'))"; $recordSet4 = $conn->Execute($sql4); if (!$recordSet4) { $misc->log_error($sql4); } else { $requiredMigration = $misc->make_db_unsafe($recordSet4->fields['listingsdbelements_field_value']); $recordSet4->Close(); if ($requiredMigration == 'Yes') { $field[$x] = '<strong style="color:red">Business Migration Ready 能用作投资移民申请</strong>'; } else { $field[$x] = ''; } } } else { $field[$x] = "{$field_value}"; } break; case "number": $field[$x] = $misc->international_num_format($field_value, $config['number_decimals_number_fields']); break; case "url": $field[$x] = "<a href=\"{$field_value}\" target=\"_blank\">{$field_value}</a>"; break; case "email": $field[$x] = "<a href=\"mailto:{$field_value}\">{$field_value}</a>"; break; case "date": if ($config['date_format'] == 1) { $format = "m/d/Y"; } elseif ($config['date_format'] == 2) { $format = "Y/d/m"; } elseif ($config['date_format'] == 3) { $format = "d/m/Y"; } if ($field_value > 0) { $field_value = date($format, "{$field_value}"); } $field[$x] = "{$field_value}"; break; default: $field[$x] = "{$field_value}"; break; } // end switch } $recordSet2->MoveNext(); } // end while foreach ($field as $x => $f) { $search_result = $page->parse_template_section($search_result, 'field_' . $x, $f); } //Form URLS for TextArea if ($config['url_style'] == '1') { $preview = '... <a href="index.php?action=listingview&listingID=' . $current_ID . '">' . $lang['more_info'] . '</a>'; } else { $url_title = str_replace("/", "", $Title); $url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title)); $preview = '... <a href="listing-' . misc::urlencode_to_sef($url_title) . '-' . $current_ID . '.html">' . $lang['more_info'] . '</a>'; } foreach ($textarea as $x => $f) { // Normal Textarea $search_result = $page->parse_template_section($search_result, 'textarea_' . $x, $f); // Short textarea of first number of characters defined in site config with link to the listing $p = substr(strip_tags($f), 0, $config['textarea_short_chars']); $p = substr($p, 0, strrpos($p, ' ')); $search_result = $page->parse_template_section($search_result, 'textarea_' . $x . '_short', $p . '' . $preview); } //Cleanup Textareas $search_result = preg_replace('/{textarea_(.*?)_short}/', $preview, $search_result); $search_result = preg_replace('/{textarea_(.*?)}/', '', $search_result); // Show Vtour indicator Image if vtour exists require_once $config['basepath'] . '/include/vtour.inc.php'; $vtour_link = vtours::rendervtourlink($current_ID, true); $search_result = $page->parse_template_section($search_result, 'vtour_button', $vtour_link); // Show Creation Date require_once $config['basepath'] . '/include/listing.inc.php'; $get_creation_date = listing_pages::get_creation_date($current_ID); $search_result = $page->parse_template_section($search_result, 'get_creation_date', $get_creation_date); // Show Featured require_once $config['basepath'] . '/include/listing.inc.php'; $get_featured = listing_pages::get_featured($current_ID, 'no'); $search_result = $page->parse_template_section($search_result, 'get_featured', $get_featured); // Show Featured Raw require_once $config['basepath'] . '/include/listing.inc.php'; $get_featured_raw = listing_pages::get_featured($current_ID, 'yes'); $search_result = $page->parse_template_section($search_result, 'get_featured_raw', $get_featured_raw); // Show Modified Date require_once $config['basepath'] . '/include/listing.inc.php'; $get_modified_date = listing_pages::get_modified_date($current_ID); $search_result = $page->parse_template_section($search_result, 'get_modified_date', $get_modified_date); // Start {isfavorite} search result template section tag if (isset($_SESSION['userID'])) { $userID = $misc->make_db_safe($_SESSION['userID']); $sql1 = "SELECT listingsdb_id FROM " . $config['table_prefix'] . "userfavoritelistings WHERE ((listingsdb_id = {$current_ID}) AND (userdb_id={$userID}))"; $recordSet1 = $conn->Execute($sql1); if ($recordSet1 === false) { $misc->log_error($sql1); } $favorite_listingsdb_id = $misc->make_db_unsafe($recordSet1->fields['listingsdb_id']); if ($favorite_listingsdb_id !== $current_ID) { $isfavorite = "no"; $search_result = $page->parse_template_section($search_result, 'isfavorite', $isfavorite); } else { $isfavorite = "yes"; $search_result = $page->parse_template_section($search_result, 'isfavorite', $isfavorite); } } // End {isfavorite} search result template section tag // Show Delete From Favorites Link if needed $delete_from_fav = ''; if (isset($_SESSION['userID'])) { $userID = $misc->make_db_safe($_SESSION['userID']); $sql = "SELECT listingsdb_id FROM " . $config['table_prefix'] . "userfavoritelistings WHERE ((listingsdb_id = {$current_ID}) AND (userdb_id={$userID}))"; $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } if ($DEBUG_SQL) { echo '<strong>Delete Favorite Lookup:</strong> ' . $sql . '<br />'; } $num_rows = $recordSet->RecordCount(); if ($num_rows > 0) { $delete_from_fav = '<a href="index.php?action=delete_favorites&listingID=' . $current_ID . '" onclick="return confirmDelete()">' . $lang['delete_from_favorites'] . '</a>'; } } // Instert link into section $search_result = $page->parse_template_section($search_result, 'delete_from_favorite', $delete_from_fav); //Show Add To Favorites $link_add_favorites = ''; if (isset($_SESSION['userID'])) { $userID = $misc->make_db_safe($_SESSION['userID']); $sql = "SELECT listingsdb_id FROM " . $config['table_prefix'] . "userfavoritelistings WHERE ((listingsdb_id = {$current_ID}) AND (userdb_id={$userID}))"; $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } if ($DEBUG_SQL) { echo '<strong>Add Favorite Lookup:</strong> ' . $sql . '<br />'; } $num_rows = $recordSet->RecordCount(); if ($num_rows == 0) { $link_add_favorites = listing_pages::create_add_favorite_link(); } } else { $link_add_favorites = listing_pages::create_add_favorite_link(); } // Instert link into section $search_result = $page->parse_template_section($search_result, 'link_add_favorites', $link_add_favorites); // Insert row number $search_result = $page->parse_template_section($search_result, 'row_num_even_odd', $count); $resultRecordSet->MoveNext(); // Replace Edit Listing links require_once $config['basepath'] . '/include/listing.inc.php'; $edit_link = listing_pages::edit_listing_link(); $search_result = $page->parse_template_section($search_result, 'link_edit_listing', $edit_link); $edit_link = listing_pages::edit_listing_link('yes'); $search_result = $page->parse_template_section($search_result, 'link_edit_listing_url', $edit_link); // Replace addon fields. $addon_fields = $page->get_addon_template_field_list($addons); $search_result = $page->parse_addon_tags($search_result, $addon_fields); $search_result = $page->cleanup_fields($search_result); $search_result = $page->cleanup_images($search_result); } // end while $page->replace_template_section('search_result_header', $header_section); $page->replace_template_section('search_result_dataset', $search_result); $page->replace_permission_tags(); $page->cleanup_template_sections($next_prev, $next_prev_bottom); $display = $page->return_page(); } else { if (!isset($_GET['cur_page'])) { $_GET['cur_page'] = 0; } // This search has no results. Display an error message and the search page again. $display .= search_page::create_searchpage(false, true); } return $display; } }
function render_templated_files($ID, $type, $template) { global $conn, $lang, $config, $db_type; //Load the Core Template class and the Misc Class require_once $config['basepath'] . '/include/class/template/core.inc.php'; $page = new page_user(); require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $folderid = $ID; $ID = $misc->make_db_extra_safe($ID); //Declare an empty display variable to hold all output from function. $display = ''; if ($type == 'listing') { $file_upload_path = $config['listings_file_upload_path']; $file_view_path = $config['listings_view_file_path']; $sqltype = 'listings'; } else { $file_upload_path = $config['users_file_upload_path']; $file_view_path = $config['users_view_file_path']; $sqltype = 'user'; } $sql = "SELECT " . $type . "sfiles_id, " . $type . "sfiles_caption, " . $type . "sfiles_description, " . $type . "sfiles_file_name FROM " . $config['table_prefix'] . "" . $type . "sfiles WHERE (" . $sqltype . "db_id = {$ID}) ORDER BY " . $type . "sfiles_rank"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $num_files = $recordSet->RecordCount(); if ($num_files >= 1) { //Load the File Template specified by the calling tag unless a template was specified in the calling template tag. $page->load_page($config['template_path'] . '/files_' . $type . '_' . $template . '.html'); // Determine if the template uses rows. // First item in array is the row conent second item is the number of block per block row $file_template_row = $page->get_template_section_row('file_block_row'); if (is_array($file_template_row)) { $row = $file_template_row[0]; $col_count = $file_template_row[1]; $uses_rows = true; $x = 1; //Create an empty array to hold the row contents $new_row_data = array(); } else { $uses_rows = false; } $file_template_section = ''; while (!$recordSet->EOF) { if ($uses_rows == true && $x > $col_count) { //We are at then end of a row. Save the template section as a new row. $new_row_data[] = $page->replace_template_section('file_block', $file_template_section, $row); //$new_row_data[] = $file_template_section; $file_template_section = $page->get_template_section('file_block'); $x = 1; } else { $file_template_section .= $page->get_template_section('file_block'); } $file_caption = $misc->make_db_unsafe($recordSet->fields[$type . 'sfiles_caption']); $file_filename = $misc->make_db_unsafe($recordSet->fields[$type . 'sfiles_file_name']); $file_id = $misc->make_db_unsafe($recordSet->fields[$type . 'sfiles_id']); $file_url = $file_view_path . '/' . $folderid . '/' . $file_filename; $file_download_url = 'index.php?action=create_download&ID=' . $folderid . '&file_id=' . $file_id . '&type=' . $type; $file_description = urldecode($misc->make_db_unsafe($recordSet->fields[$type . 'sfiles_description'])); $file_icon_height = $config["file_icon_height"]; $file_icon_width = $config["file_icon_width"]; if ($file_filename != "" && file_exists("{$file_upload_path}/{$folderid}/{$file_filename}")) { $ext = substr(strrchr($file_filename, '.'), 1); $filesize = filesize($file_upload_path . '/' . $folderid . '/' . $file_filename); if ($caption != '') { $alt = $caption; } else { $alt = $thumb_file_name; } $iconpath = $config["file_icons_path"] . '/' . $ext . '.png'; if (file_exists($iconpath)) { $file_icon = $config["listings_view_file_icons_path"] . '/' . $ext . '.png'; } else { $file_icon = $config["listings_view_file_icons_path"] . '/default.png'; } $file_filesize = $this->bytesize($filesize); } $file_template_section = $page->parse_template_section($file_template_section, 'file_url', $file_url); $file_template_section = $page->parse_template_section($file_template_section, 'file_download_url', $file_download_url); $file_template_section = $page->parse_template_section($file_template_section, 'file_filename', $file_filename); $file_template_section = $page->parse_template_section($file_template_section, 'file_caption', $file_caption); $file_template_section = $page->parse_template_section($file_template_section, 'file_description', $file_description); $file_template_section = $page->parse_template_section($file_template_section, 'file_icon', $file_icon); $file_template_section = $page->parse_template_section($file_template_section, 'file_icon_height', $file_icon_height); $file_template_section = $page->parse_template_section($file_template_section, 'file_icon_width', $file_icon_width); $file_template_section = $page->parse_template_section($file_template_section, 'file_filesize', $file_filesize); $recordSet->MoveNext(); if ($uses_rows == true) { $x++; } } //END while (!$recordSet->EOF) if ($uses_rows == true) { $file_template_section = $page->cleanup_template_block('file', $file_template_section); $new_row_data[] = $page->replace_template_section('file_block', $file_template_section, $row); $replace_row = ''; foreach ($new_row_data as $rows) { $replace_row .= $rows; } $page->replace_template_section_row('file_block_row', $replace_row); } else { $page->replace_template_section('file_block', $file_template_section); } $page->replace_permission_tags(); $display .= $page->return_page(); } return $display; }
function renderNotifyListings($listingIDArray, $search_title, $user_name, $email) { global $conn, $lang, $config, $db_type, $current_ID; //Load the Core Template class and the Misc Class require_once $config['basepath'] . '/include/class/template/core.inc.php'; $page = new page_user(); require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); require_once $config['basepath'] . '/include/listing.inc.php'; $listingclass = new listing_pages(); //Declare an empty display variable to hold all output from function. $display = ''; //If We have a $current_ID save it $old_current_ID = ''; if ($current_ID != '') { $old_current_ID = $current_ID; } //Load the Notify Listing Template specified in the Site Config $page->load_page($config['template_path'] . '/' . $config['notify_listings_template']); // Determine if the template uses rows. // First item in array is the row conent second item is the number of block per block row $notify_template_row = $page->get_template_section_row('notify_listing_block_row'); if (is_array($notify_template_row)) { $row = $notify_template_row[0]; $col_count = $notify_template_row[1]; $user_rows = true; $x = 1; //Create an empty array to hold the row conents $new_row_data = array(); } else { $user_rows = false; } $notify_template_section = ''; foreach ($listingIDArray as $current_ID) { if ($user_rows == true && $x > $col_count) { //We are at then end of a row. Save the template section as a new row. $new_row_data[] = $page->replace_template_section('notify_listing_block', $notify_template_section, $row); //$new_row_data[] = $notify_template_section; $notify_template_section = $page->get_template_section('notify_listing_block'); $x = 1; } else { $notify_template_section .= $page->get_template_section('notify_listing_block'); } $listing_title = $listingclass->get_title($current_ID); if ($config['url_style'] == '1') { $notify_url = $config['baseurl'] . '/index.php?action=listingview&listingID=' . $current_ID; // ##### } else { $url_title = str_replace("/", "", $listing_title); $url_title = strtolower(str_replace(" ", $config['seo_url_seperator'], $url_title)); $notify_url = $config['baseurl'] . '/listing-' . misc::urlencode_to_sef($url_title) . '-' . $current_ID . '.html'; // ##### } $notify_template_section = $page->replace_listing_field_tags($current_ID, $notify_template_section); $notify_template_section = $page->replace_listing_field_tags($current_ID, $notify_template_section); $notify_template_section = $page->parse_template_section($notify_template_section, 'notify_url', $notify_url); $notify_template_section = $page->parse_template_section($notify_template_section, 'listingid', $current_ID); // Setup Image Tags $sql2 = "SELECT listingsimages_thumb_file_name,listingsimages_file_name\n\t\t\t\t\tFROM " . $config['table_prefix'] . "listingsimages\n\t\t\t\t\tWHERE (listingsdb_id = {$current_ID})\n\t\t\t\t\tORDER BY listingsimages_rank"; $recordSet2 = $conn->SelectLimit($sql2, 1, 0); if ($recordSet2 === false) { $misc->log_error($sql2); } if ($recordSet2->RecordCount() > 0) { $thumb_file_name = $misc->make_db_unsafe($recordSet2->fields['listingsimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet2->fields['listingsimages_file_name']); if ($thumb_file_name != "" && file_exists("{$config['listings_upload_path']}/{$thumb_file_name}")) { // gotta grab the thumbnail image size $imagedata = GetImageSize("{$config['listings_upload_path']}/{$thumb_file_name}"); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $shrinkage = $config['thumbnail_width'] / $imagewidth; $notify_thumb_width = $imagewidth * $shrinkage; $notify_thumb_height = $imageheight * $shrinkage; $notify_thumb_src = $config['listings_view_images_path'] . '/' . $thumb_file_name; // gotta grab the thumbnail image size $imagedata = GetImageSize("{$config['listings_upload_path']}/{$file_name}"); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $notify_width = $imagewidth; $notify_height = $imageheight; $notify_src = $config['listings_view_images_path'] . '/' . $file_name; } } else { if ($config['show_no_photo'] == 1) { $imagedata = GetImageSize($config['basepath'] . "/images/nophoto.gif"); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $shrinkage = $config['thumbnail_width'] / $imagewidth; $notify_thumb_width = $imagewidth * $shrinkage; $notify_thumb_height = $imageheight * $shrinkage; $notify_thumb_src = $config['baseurl'] . '/images/nophoto.gif'; $notify_width = $notify_thumb_width; $notify_height = $notify_thumb_height; $notify_src = $config['baseurl'] . '/images/nophoto.gif'; } else { $notify_thumb_width = ''; $notify_thumb_height = ''; $notify_thumb_src = ''; $notify_width = ''; $notify_height = ''; $notify_src = ''; } } if (!empty($notify_thumb_src)) { $notify_template_section = $page->parse_template_section($notify_template_section, 'notify_thumb_src', $notify_thumb_src); $notify_template_section = $page->parse_template_section($notify_template_section, 'notify_thumb_height', $notify_thumb_height); $notify_template_section = $page->parse_template_section($notify_template_section, 'notify_thumb_width', $notify_thumb_width); $notify_template_section = $page->cleanup_template_block('notify_img', $notify_template_section); } else { $notify_template_section = $page->remove_template_block('notify_img', $notify_template_section); } if (!empty($notify_src)) { $notify_template_section = $page->parse_template_section($notify_template_section, 'notify_large_src', $notify_src); $notify_template_section = $page->parse_template_section($notify_template_section, 'notify_large_height', $notify_height); $notify_template_section = $page->parse_template_section($notify_template_section, 'notify_large_width', $notify_width); $notify_template_section = $page->cleanup_template_block('notify_img_large', $notify_template_section); } else { $notify_template_section = $page->remove_template_block('notify_img_large', $notify_template_section); } if ($user_rows == true) { $x++; } } if ($user_rows == true) { $notify_template_section = $page->cleanup_template_block('notify_listing', $notify_template_section); $new_row_data[] = $page->replace_template_section('notify_listing_block', $notify_template_section, $row); $replace_row = ''; foreach ($new_row_data as $rows) { $replace_row .= $rows; } $page->replace_template_section_row('notify_listing_block_row', $replace_row); } else { $page->replace_template_section('notify_listing_block', $notify_template_section); } $page->replace_permission_tags(); $page->replace_urls(); $page->auto_replace_tags(); $page->replace_lang_template_tags(); $display .= $page->return_page(); $current_ID = ''; if ($old_current_ID != '') { $current_ID = $old_current_ID; } return $display; }
function edit_post_comments() { global $conn, $lang, $config; $security = login::loginCheck('can_access_blog_manager', true); $display = ''; $blog_user_type = intval($_SESSION['blog_user_type']); if ($security === true) { require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); //Load the Core Template require_once $config['basepath'] . '/include/class/template/core.inc.php'; $page = new page_user(); require_once $config['basepath'] . '/include/user.inc.php'; $userclass = new user(); require_once $config['basepath'] . '/include/blog_functions.inc.php'; $blog_functions = new blog_functions(); //Load TEmplate File $page->load_page($config['admin_template_path'] . '/blog_edit_comments.html'); // Do we need to save? if (isset($_GET['id'])) { $post_id = intval($_GET['id']); //Get Blog Post Information $blog_title = $blog_functions->get_blog_title($post_id); $page->page = $page->parse_template_section($page->page, 'blog_title', $blog_title); $blog_author = $blog_functions->get_blog_author($post_id); $page->page = $page->parse_template_section($page->page, 'blog_author', $blog_author); $blog_date_posted = $blog_functions->get_blog_date($post_id); $page->page = $page->parse_template_section($page->page, 'blog_date_posted', $blog_date_posted); //Handle any deletions and comment approvals before we load the comments if (isset($_GET['caction']) && $_GET['caction'] == 'delete') { if (isset($_GET['cid'])) { $cid = intval($_GET['cid']); //Do permission checks. if ($blog_user_type < 4) { //Throw Error $display .= '<div class="error_message">' . $lang['blog_permission_denied'] . '</div><br />'; unset($_GET['caction']); $display .= $this->edit_post_comments(); return $display; } //Delete $sql = 'DELETE FROM ' . $config['table_prefix'] . 'blogcomments WHERE blogcomments_id = ' . $cid . ' AND blogmain_id = ' . $post_id; //Load Record Set $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } } } if (isset($_GET['caction']) && $_GET['caction'] == 'approve') { if (isset($_GET['cid'])) { $cid = intval($_GET['cid']); //Do permission checks. if ($blog_user_type < 4) { //Throw Error $display .= '<div class="error_message">' . $lang['blog_permission_denied'] . '</div><br />'; unset($_GET['caction']); $display .= $this->edit_post_comments(); return $display; } //Delete $sql = 'UPDATE ' . $config['table_prefix'] . 'blogcomments SET blogcomments_moderated = 1 WHERE blogcomments_id = ' . $cid . ' AND blogmain_id = ' . $post_id; //Load Record Set $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } } } //Ok Load the comments. $sql = 'SELECT * FROM ' . $config['table_prefix'] . 'blogcomments WHERE blogmain_id = ' . $post_id . ' ORDER BY blogcomments_timestamp ASC'; //Load Record Set $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } //Handle Next prev $num_rows = $recordSet->RecordCount(); if (!isset($_GET['cur_page'])) { $_GET['cur_page'] = 0; } $limit_str = $_GET['cur_page'] * $config['listings_per_page']; $recordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str); if ($recordSet === false) { $misc->log_error($sql); } $blog_comment_template = ''; while (!$recordSet->EOF) { //Load DB Values $comment_author_id = $misc->make_db_unsafe($recordSet->fields['userdb_id']); $blogcomments_id = $misc->make_db_unsafe($recordSet->fields['blogcomments_id']); $blogcomments_moderated = $misc->make_db_unsafe($recordSet->fields['blogcomments_moderated']); $blogcomments_timestamp = $misc->make_db_unsafe($recordSet->fields['blogcomments_timestamp']); $blogcomments_text = html_entity_decode($misc->make_db_unsafe($recordSet->fields['blogcomments_text']), ENT_NOQUOTES, $config['charset']); //Load Template Block $blog_comment_template .= $page->get_template_section('blog_article_comment_item_block'); //Lookup Blog Author.. $author_type = $userclass->get_user_type($comment_author_id); if ($author_type == 'member') { $author_display = $userclass->get_user_name($comment_author_id); } else { $author_display = $userclass->get_user_last_name($comment_author_id) . ', ' . $userclass->get_user_first_name($comment_author_id); } $blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_author', $author_display); if ($config['date_format'] == 1) { $format = "m/d/Y"; } elseif ($config['date_format'] == 2) { $format = "Y/d/m"; } elseif ($config['date_format'] == 3) { $format = "d/m/Y"; } $blog_comment_date_posted = date($format, "{$blogcomments_timestamp}"); $blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_date_posted', $blog_comment_date_posted); $blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_text', $blogcomments_text); //Add Delete COmment Link //{blog_comment_delete_url} $blog_comment_delete_url = 'index.php?action=edit_blog_post_comments&id=' . $post_id . '&caction=delete&cid=' . $blogcomments_id; $blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_delete_url', $blog_comment_delete_url); $blog_comment_approve_url = 'index.php?action=edit_blog_post_comments&id=' . $post_id . '&caction=approve&cid=' . $blogcomments_id; $blog_comment_template = $page->parse_template_section($blog_comment_template, 'blog_comment_approve_url', $blog_comment_approve_url); //Do Security Checks if ($blog_user_type < 4) { $blog_comment_template = $page->remove_template_block('blog_article_comment_approve', $blog_comment_template); $blog_comment_template = $page->remove_template_block('blog_article_comment_delete', $blog_comment_template); } //Handle Moderation if ($blogcomments_moderated == 1) { $blog_comment_template = $page->remove_template_block('blog_article_comment_approve', $blog_comment_template); } else { $blog_comment_template = $page->cleanup_template_block('blog_article_comment_approve', $blog_comment_template); } $recordSet->MoveNext(); } $page->replace_template_section('blog_article_comment_item_block', $blog_comment_template); $next_prev = $misc->next_prev($num_rows, $_GET['cur_page'], "", 'blog', TRUE); $page->replace_tag('next_prev', $next_prev); $page->replace_permission_tags(); $page->auto_replace_tags('', true); $display .= $page->return_page(); } } return $display; }