/** * Recurse through the category table building an option list * sorted by id. * * @param integer $sel Category ID to be selected in list * @param integer $papa_id Parent category ID * @param string $char Separator characters * @param string $not 'NOT' to exclude $items, '' to include * @param string $items Optional comma-separated list of items to include or exclude * @return string HTML option list, without <select> tags */ function CLASSIFIEDS_buildCatSelection($sel = 0, $papa_id = 0, $char = '', $not = '', $items = '') { global $_TABLES, $_GROUPS; $str = ''; // Locate the parent category of this one, or the root categories // if papa_id is 0. $sql = "\n SELECT\n cat_id, cat_name, papa_id,\n owner_id, group_id,\n perm_owner, perm_group, perm_members, perm_anon\n FROM\n {$_TABLES['ad_category']}\n WHERE\n papa_id = {$papa_id} "; if (!empty($items)) { $sql .= " AND cat_id {$not} IN ({$items}) "; } $sql .= COM_getPermSQL('AND') . "\n ORDER BY\n cat_name\n ASC\n "; //echo $sql;die; $result = DB_query($sql); // If there is no parent, just return. if (!$result) { return ''; } while ($row = DB_fetchArray($result)) { $txt = $char . $row['cat_name']; $selected = $row['cat_id'] == $sel ? "selected" : ""; if ($row['papa_id'] == 0) { $style = 'style="background-color:lightblue"'; } else { $style = ''; } if (SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']) < 3) { $disabled = 'disabled="true"'; } else { $disabled = ''; } $str .= "<option value={$row['cat_id']} {$style} {$selected} {$disabled}>"; $str .= $txt; $str .= "</option>\n"; $str .= CLASSIFIEDS_buildCatSelection($sel, $row['cat_id'], $char . "-", $not, $items); } //echo $str;die; return $str; }
/** * Provide a form to edit a new or existing ad. * @param array $A Array of ad data for edit form * @param string $mode Edit mode * @param boolean $admin True for administrator edit, false for normal * @return string HTML for ad edit form */ function adEdit($A, $mode = 'edit', $admin = false) { global $_TABLES, $LANG_ADVT, $_CONF, $_CONF_ADVT, $LANG_ADMIN, $_USER, $LANG_ACCESS, $_GROUPS, $LANG12, $LANG24, $MESSAGE, $LANG_postmodes; USES_classifieds_class_adtype(); // Determine if this user is an admin. Deprecates the $admin parameter. $admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin') ? 1 : 0; // only valid users allowed if (COM_isAnonUser() || $_CONF_ADVT['usercanedit'] == 0 && !$admin) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']); } // We know that we need to have categories, so make sure some exist // before even trying to display the form. The category dropdown is // created later since it needs the existing cat_id, if any. if (DB_count($_TABLES['ad_category']) < 1) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_categories'], 'info'); } $time = time(); // used to compare now with expiration date if ($admin) { $T = new Template(CLASSIFIEDS_PI_PATH . '/templates/admin'); $T->set_file('adedit', "adminedit.thtml"); $action_url = CLASSIFIEDS_ADMIN_URL . '/index.php'; } else { $T = new Template(CLASSIFIEDS_PI_PATH . '/templates'); $T->set_file('adedit', "submitform.thtml"); $action_url = CLASSIFIEDS_URL . '/index.php'; } // Set up the wysiwyg editor, if available switch (PLG_getEditorType()) { case 'ckeditor': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'ckeditor_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; case 'tinymce': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'tinymce_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; default: // don't support others right now $T->set_var('show_htmleditor', false); break; } switch ($mode) { case 'editsubmission': case 'moderate': $savemode = 'savesubmission'; $delete_img = 'delsubimg'; $delete_ad = 'deletesubmission'; $type = 'moderate'; $saveoption = $LANG_ADMIN['moderate']; $cancel_url = $_CONF['site_admin_url'] . '/moderation.php'; break; case 'edit': $savemode = 'savesubmission'; $delete_img = 'delsubimg'; $delete_ad = 'deletesubmission'; $saveoption = $LANG_ADMIN['save']; $type = 'submission'; $cancel_url = $action_url; break; case 'update_ad': default: $savemode = 'update_ad'; $delete_img = 'delete_img'; $delete_ad = 'delete_ad'; $saveoption = $LANG_ADMIN['save']; $type = ''; $cancel_url = $action_url; break; } // Admins (only) use this form for submissions as well as edits, // so we need to expect an empty array. if (empty($A['ad_id'])) { if (!$admin) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']); } $A['ad_id'] = COM_makeSid(); $A['subject'] = ''; $A['descript'] = ''; $A['price'] = ''; $A['url'] = ''; $A['exp_date'] = ''; $A['add_date'] = time(); $A['ad_type'] = 0; $A['perm_owner'] = $_CONF_ADVT['default_permissions'][0]; $A['perm_group'] = $_CONF_ADVT['default_permissions'][1]; $A['perm_members'] = $_CONF_ADVT['default_permissions'][2]; $A['perm_anon'] = $_CONF_ADVT['default_permissions'][3]; $A['uid'] = $_USER['uid']; if (isset($_REQUEST['cat'])) { $A['cat_id'] = intval($_REQUEST['cat']); } else { $A['cat_id'] = 0; } $catsql = "SELECT cat_id,perm_anon,keywords\n FROM {$_TABLES['ad_category']} "; if ($A['cat_id'] > 0) { $catsql .= "WHERE cat_id = {$A['cat_id']} "; } else { $catsql .= "ORDER BY cat_name ASC "; } $catsql .= "LIMIT 1"; $r = DB_query($catsql, 1); if ($r && DB_numRows($r) > 0) { $row = DB_fetchArray($r, false); $A['cat_id'] = $row['cat_id']; $A['keywords'] = trim($row['keywords']); } else { $A['cat_id'] = 0; $A['keywords'] = ''; } $A['owner_id'] = $_USER['uid']; // Set ad owner to current user for new ads $A['group_id'] = isset($_GROUPS['classifieds Admin']) ? $_GROUPS['classifieds Admin'] : SEC_getFeatureGroup('classifieds.edit'); $A['exp_sent'] = 0; // set expiration & duration info for a new ad $T->set_var('expiration_date', $LANG_ADVT['runfor']); // "run for: X days" $comments_enabled = $_CONF_ADVT['commentsupport'] == 1 ? 0 : 1; $T->set_var("sel_{$comments_enabled}", 'selected'); if ($_CONF_ADVT['purchase_enabled']) { USES_classifieds_class_userinfo(); $User = new adUserInfo(); $T->set_var('days', min($_CONF_ADVT['default_duration'], $User->getMaxDays())); } else { $T->set_var('days', $_CONF_ADVT['default_duration']); } $photocount = 0; // No photos yet with a new ad } else { // This is an existing ad with values already in $A $T->set_var('expiration_date', $LANG_ADVT['expiration']); $T->set_var('days', '0'); // Disable the perm_anon checkbox if it's disabled by the category. if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') { $T->set_var('vis_disabled', 'disabled'); } // get the photo information $sql = "SELECT photo_id, filename \n FROM {$_TABLES['ad_photo']} \n WHERE ad_id='{$A['ad_id']}'"; $photo = DB_query($sql, 1); // save the count of photos for later use if ($photo) { $photocount = DB_numRows($photo); } else { $photocount = 0; } $comments_enabled = (int) $A['comments_enabled']; $T->set_var("sel_{$comments_enabled}", 'selected'); } // Get the max image size in MB and set the message $img_max = $_CONF['max_image_size'] / 1048576; // Show in MB // Sanitize entries from the database $A['subject'] = htmlspecialchars($A['subject']); $A['descript'] = htmlspecialchars($A['descript']); $A['keywords'] = htmlspecialchars($A['keywords']); $A['price'] = htmlspecialchars($A['price']); $A['url'] = htmlspecialchars($A['url']); $A['ad_type'] = (int) $A['ad_type']; // set expiration & duration based on existing info if ($A['exp_date'] == '') { $T->set_var('row_exp_date', ''); } else { if ($A['exp_date'] < $time) { $T->set_var('already_expired', $LANG_ADVT['already_expired']); } else { $T->set_var('row_exp_date', date("d M Y", $A['exp_date'])); } } $T->set_var(array('post_options' => $post_options, 'change_editormode' => 'onchange="change_editmode(this);"', 'glfusionStyleBasePath' => $_CONF['site_url'] . '/fckeditor', 'gltoken_name' => CSRF_TOKEN, 'gltoken' => SEC_createToken(), 'has_delbtn' => 'true', 'txt_photo' => "{$LANG_ADVT['photo']}<br />" . sprintf($LANG_ADVT['image_max'], $img_max), 'type' => $type, 'action_url' => $action_url, 'max_file_size' => $_CONF['max_image_size'], 'row_cat_id' => $A['cat_id'], 'row_ad_id' => $A['ad_id'], 'row_subject' => $A['subject'], 'row_descript' => $A['descript'], 'row_price' => $A['price'], 'row_url' => $A['url'], 'keywords' => $A['keywords'], 'exp_date' => $A['exp_date'], 'add_date' => $A['add_date'], 'ad_type_selection' => AdType::makeSelection($A['ad_type']), 'sel_list_catid' => CLASSIFIEDS_buildCatSelection($A['cat_id']), 'saveoption' => $saveoption, 'cancel_url' => $cancel_url)); // set expiration & duration based on existing info if ($A['exp_date'] == '') { $T->set_var('row_exp_date', ''); } else { if ($A['exp_date'] < $time) { $T->set_var('already_expired', $LANG_ADVT['already_expired']); } else { $T->set_var('row_exp_date', date("d M Y", $A['exp_date'])); } } // Set up permission editor on the admin template if needed. // Otherwise, set hidden values with existing permissions if ($admin) { // Set up owner selection $T->set_var(array('ownerselect' => CLASSIFIEDS_userDropdown($A['owner_id']), 'permissions_editor' => SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']), 'group_dropdown' => SEC_getGroupDropdown($A['group_id'], 3))); } else { $ownername = COM_getDisplayName($A['owner_id']); $T->set_var(array('owner_id' => $A['owner_id'], 'ownername' => $ownername, 'perm_owner' => $A['perm_owner'], 'perm_group' => $A['perm_group'], 'perm_members' => $A['perm_members'], 'perm_anon' => $A['perm_anon'], 'group_id' => $A['group_id'])); if ($A['perm_anon'] == 2) { $T->set_var('perm_anon_chk', 'checked'); } } // Set up the photo fields. Use $photocount defined above. // If there are photos, read the $photo result. Otherwise, // or if this is a new ad, just clear the photo area $T->set_block('adedit', 'PhotoRow', 'PRow'); $i = 0; if ($photocount > 0) { while ($prow = DB_fetchArray($photo, false)) { $i++; $T->set_var(array('img_url' => LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['img_max_width'], $_CONF_ADVT['img_max_height']), 'thumb_url' => LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['thumb_max_size'], $_CONF_ADVT['thumb_max_size']), 'seq_no' => $i, 'ad_id' => $A['ad_id'], 'del_img_url' => $action_url . "?mode={$delete_img}&mid={$prow['photo_id']}" . "&id={$A['ad_id']}")); $T->parse('PRow', 'PhotoRow', true); } } else { $T->parse('PRow', ''); } // add upload fields for unused images $T->set_block('adedit', 'UploadFld', 'UFLD'); for ($j = $i; $j < $_CONF_ADVT['imagecount']; $j++) { $T->parse('UFLD', 'UploadFld', true); } $T->parse('output', 'adedit'); return $T->finish($T->get_var('output')); }
/** * Provide a form to edit a new or existing ad. * * @param string $mode Indication of where this is called from * @param array $A Array of ad data. * @return string HTML for submission form */ function CLASSIFIEDS_submitForm($mode = 'submit', $A) { global $_TABLES, $LANG_ADVT, $_CONF, $_CONF_ADVT, $_USER, $LANG_ACCESS, $_GROUPS, $LANG12, $LANG24, $LANG_ADMIN, $LANG_postmodes; USES_classifieds_class_adtype(); // only valid users allowed if (!CLASSIFIEDS_canSubmit()) { return CLASSIFIEDS_errorMsg($LANG_ADVT['login_required'], 'alert', $LANG_ADVT['access_denied']); } $time = time(); // used to compare now with expiration date $T = new Template(CLASSIFIEDS_PI_PATH . '/templates'); $T->set_file('adedit', "submit.thtml"); // Set up the wysiwyg editor, if available switch (PLG_getEditorType()) { case 'ckeditor': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'ckeditor_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; case 'tinymce': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'tinymce_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; default: // don't support others right now $T->set_var('show_htmleditor', false); break; } /*if (isset($_CONF['advanced_editor']) && $_CONF['advanced_editor'] == 1) { $editor_type = '_advanced'; $postmode_adv = 'selected="selected"'; $postmode_html = ''; } else { $editor_type = ''; $postmode_adv = ''; $postmode_html = 'selected="selected"'; } $post_options = ''; $T->set_file('adedit', "submit{$editor_type}.thtml"); if ($editor_type == '_advanced') { $T->set_var('show_adveditor',''); $T->set_var('show_htmleditor','none'); } else { $T->set_var('show_adveditor','none'); $T->set_var('show_htmleditor',''); } $T->set_var('glfusionStyleBasePath', $_CONF['site_url']. '/fckeditor'); $post_options .= "<option value=\"html\" $postmode_html>{$LANG_postmodes['html']}</option>"; $post_options .= "<option value=\"adveditor\" $postmode_adv>{$LANG24[86]}</option>"; $T->set_var('post_options',$post_options); $T->set_var('lang_postmode', $LANG24[4]); $T->set_var('change_editormode', 'onchange="change_editmode(this);"'); // Set the cookie for the advanced editor $T->set_var('gltoken_name', CSRF_TOKEN); $T->set_var('gltoken', SEC_createToken()); @setcookie ($_CONF['cookie_name'].'fckeditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); */ // Get the category info from the form variable, if any. If not, // get the first category so we can get the keywords. // If no categories found, return an error. if (isset($A['catid'])) { $cat_id = intval($A['catid']); } elseif (isset($_REQUEST['cat'])) { $cat_id = intval($_REQUEST['cat']); } else { $cat_id = 0; } // Check permission to the desired category. If not valid, just // reset to zero if ($cat_id > 0 && CLASSIFIEDS_checkCatAccess($cat_id) < 3) { $cat_id = 0; } $catsql = "SELECT cat_id, perm_anon, keywords\n FROM {$_TABLES['ad_category']}\n WHERE 1=1 "; if ($cat_id > 0) { $catsql .= " AND cat_id={$cat_id} "; } $catsql .= COM_getPermSQL('AND', 0, 3) . " ORDER BY cat_name ASC\n LIMIT 1"; //echo $catsql;die; $r = DB_query($catsql); if (!$r || DB_numRows($r) == 0) { // No categories found, need to get some entered return CLASSIFIEDS_errorMsg($LANG_ADVT['no_categories'], 'info'); } $catrow = DB_fetchArray($r); // Set the category to the first found, if none specified if ($cat_id == 0) { $cat_id = intval($catrow['cat_id']); } // Get the keywords for the category IF there weren't any // already submitted if (empty($A['keywords'])) { $A['keywords'] = trim($catrow['keywords']); } $T->set_var('site_url', $_CONF['site_url']); // Get the max image size in MB and set the message $img_max = $_CONF['max_image_size'] / 1024 / 1024; $T->set_var('txt_photo', "{$LANG_ADVT['photo']}<br />" . sprintf($LANG_ADVT['image_max'], $img_max)); $base_url = "{$_CONF['site_url']}/{$_CONF_ADVT['pi_name']}/index.php"; $delete_img_url = $base_url . "?mode=delete_img"; if (!empty($A['ad_id'])) { $delete_img_url .= '&id=' . $A['ad_id']; $T->set_var('delete_btn', '<form action="' . $base_url . '?mode=' . $LANG_ADMIN['delete'] . '&id=' . $A['ad_id'] . '" method="post"> <input type="submit" name="mode" value="' . $LANG_ADMIN['delete'] . '"/></form>'); } // Set some of the form variables if they're already set. $T->set_var('row_price', $A['price']); $T->set_var('row_subject', $A['subject']); $T->set_var('row_descript', $A['descript']); $T->set_var('row_url', $A['url']); $T->set_var('ad_visibility', $LANG_ADVT['ad_visibility']); $T->set_var('max_file_size', $_CONF['max_image_size']); // Disable the "allow anon access" if the category disables it, // and override the checkbox if (intval($catrow['perm_anon']) > 0) { $T->set_var('vis_disabled', ''); if ($A['perm_anon'] == 2) { $T->set_var('perm_anon_chk', 'checked'); } else { $T->set_var('perm_anon_chk', ''); } } else { $T->set_var('vis_disabled', 'disabled'); $T->set_var('perm_anon_chk', ''); } $T->set_var('action_url', $_CONF['site_url'] . '/submit.php'); //$T->set_var('mode', $mode); $T->set_var('type', $_CONF_ADVT['pi_name']); $T->set_var('cancel_url', CLASSIFIEDS_URL); // set expiration & duration info for a new ad if ($_CONF_ADVT['purchase_enabled']) { USES_classifieds_class_userinfo(); $User = new adUserInfo(); $T->set_var('days', min($_CONF_ADVT['default_duration'], $User->getMaxDays())); } else { $T->set_var('days', $_CONF_ADVT['default_duration']); } $T->set_var('keywords', $A['keywords']); $T->set_var('ad_type_selection', AdType::makeSelection($A['ad_type'])); // default to a "for sale" ad /*if (empty($A['ad_type']) || $A['ad_type'] == 1) { $T->set_var('chk_sale', 'checked'); $T->set_var('chk_wanted', ''); } else { $T->set_var('chk_sale', ''); $T->set_var('chk_wanted', 'checked'); }*/ // Set up the category dropdown $T->set_var('sel_list_catid', CLASSIFIEDS_buildCatSelection($cat_id)); // add upload fields for images $T->set_block('adedit', 'UploadFld', 'UFLD'); for ($i = 0; $i < $_CONF_ADVT['imagecount']; $i++) { $T->parse('UFLD', 'UploadFld', true); } // Set the new_ad flag to trigger the use of "mode" in the form. $T->set_var('new_ad', 'true'); $T->parse('output', 'adedit'); return $T->finish($T->get_var('output')); }