/** * Provide a form to edit a new or existing ad. * @param array $A Array of ad data for edit form * @param string $mode Edit mode * @param boolean $admin True for administrator edit, false for normal * @return string HTML for ad edit form */ function adEdit($A, $mode = 'edit', $admin = false) { global $_TABLES, $LANG_ADVT, $_CONF, $_CONF_ADVT, $LANG_ADMIN, $_USER, $LANG_ACCESS, $_GROUPS, $LANG12, $LANG24, $MESSAGE, $LANG_postmodes; USES_classifieds_class_adtype(); // Determine if this user is an admin. Deprecates the $admin parameter. $admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin') ? 1 : 0; // only valid users allowed if (COM_isAnonUser() || $_CONF_ADVT['usercanedit'] == 0 && !$admin) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']); } // We know that we need to have categories, so make sure some exist // before even trying to display the form. The category dropdown is // created later since it needs the existing cat_id, if any. if (DB_count($_TABLES['ad_category']) < 1) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_categories'], 'info'); } $time = time(); // used to compare now with expiration date if ($admin) { $T = new Template(CLASSIFIEDS_PI_PATH . '/templates/admin'); $T->set_file('adedit', "adminedit.thtml"); $action_url = CLASSIFIEDS_ADMIN_URL . '/index.php'; } else { $T = new Template(CLASSIFIEDS_PI_PATH . '/templates'); $T->set_file('adedit', "submitform.thtml"); $action_url = CLASSIFIEDS_URL . '/index.php'; } // Set up the wysiwyg editor, if available switch (PLG_getEditorType()) { case 'ckeditor': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'ckeditor_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; case 'tinymce': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'tinymce_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; default: // don't support others right now $T->set_var('show_htmleditor', false); break; } switch ($mode) { case 'editsubmission': case 'moderate': $savemode = 'savesubmission'; $delete_img = 'delsubimg'; $delete_ad = 'deletesubmission'; $type = 'moderate'; $saveoption = $LANG_ADMIN['moderate']; $cancel_url = $_CONF['site_admin_url'] . '/moderation.php'; break; case 'edit': $savemode = 'savesubmission'; $delete_img = 'delsubimg'; $delete_ad = 'deletesubmission'; $saveoption = $LANG_ADMIN['save']; $type = 'submission'; $cancel_url = $action_url; break; case 'update_ad': default: $savemode = 'update_ad'; $delete_img = 'delete_img'; $delete_ad = 'delete_ad'; $saveoption = $LANG_ADMIN['save']; $type = ''; $cancel_url = $action_url; break; } // Admins (only) use this form for submissions as well as edits, // so we need to expect an empty array. if (empty($A['ad_id'])) { if (!$admin) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']); } $A['ad_id'] = COM_makeSid(); $A['subject'] = ''; $A['descript'] = ''; $A['price'] = ''; $A['url'] = ''; $A['exp_date'] = ''; $A['add_date'] = time(); $A['ad_type'] = 0; $A['perm_owner'] = $_CONF_ADVT['default_permissions'][0]; $A['perm_group'] = $_CONF_ADVT['default_permissions'][1]; $A['perm_members'] = $_CONF_ADVT['default_permissions'][2]; $A['perm_anon'] = $_CONF_ADVT['default_permissions'][3]; $A['uid'] = $_USER['uid']; if (isset($_REQUEST['cat'])) { $A['cat_id'] = intval($_REQUEST['cat']); } else { $A['cat_id'] = 0; } $catsql = "SELECT cat_id,perm_anon,keywords\n FROM {$_TABLES['ad_category']} "; if ($A['cat_id'] > 0) { $catsql .= "WHERE cat_id = {$A['cat_id']} "; } else { $catsql .= "ORDER BY cat_name ASC "; } $catsql .= "LIMIT 1"; $r = DB_query($catsql, 1); if ($r && DB_numRows($r) > 0) { $row = DB_fetchArray($r, false); $A['cat_id'] = $row['cat_id']; $A['keywords'] = trim($row['keywords']); } else { $A['cat_id'] = 0; $A['keywords'] = ''; } $A['owner_id'] = $_USER['uid']; // Set ad owner to current user for new ads $A['group_id'] = isset($_GROUPS['classifieds Admin']) ? $_GROUPS['classifieds Admin'] : SEC_getFeatureGroup('classifieds.edit'); $A['exp_sent'] = 0; // set expiration & duration info for a new ad $T->set_var('expiration_date', $LANG_ADVT['runfor']); // "run for: X days" $comments_enabled = $_CONF_ADVT['commentsupport'] == 1 ? 0 : 1; $T->set_var("sel_{$comments_enabled}", 'selected'); if ($_CONF_ADVT['purchase_enabled']) { USES_classifieds_class_userinfo(); $User = new adUserInfo(); $T->set_var('days', min($_CONF_ADVT['default_duration'], $User->getMaxDays())); } else { $T->set_var('days', $_CONF_ADVT['default_duration']); } $photocount = 0; // No photos yet with a new ad } else { // This is an existing ad with values already in $A $T->set_var('expiration_date', $LANG_ADVT['expiration']); $T->set_var('days', '0'); // Disable the perm_anon checkbox if it's disabled by the category. if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') { $T->set_var('vis_disabled', 'disabled'); } // get the photo information $sql = "SELECT photo_id, filename \n FROM {$_TABLES['ad_photo']} \n WHERE ad_id='{$A['ad_id']}'"; $photo = DB_query($sql, 1); // save the count of photos for later use if ($photo) { $photocount = DB_numRows($photo); } else { $photocount = 0; } $comments_enabled = (int) $A['comments_enabled']; $T->set_var("sel_{$comments_enabled}", 'selected'); } // Get the max image size in MB and set the message $img_max = $_CONF['max_image_size'] / 1048576; // Show in MB // Sanitize entries from the database $A['subject'] = htmlspecialchars($A['subject']); $A['descript'] = htmlspecialchars($A['descript']); $A['keywords'] = htmlspecialchars($A['keywords']); $A['price'] = htmlspecialchars($A['price']); $A['url'] = htmlspecialchars($A['url']); $A['ad_type'] = (int) $A['ad_type']; // set expiration & duration based on existing info if ($A['exp_date'] == '') { $T->set_var('row_exp_date', ''); } else { if ($A['exp_date'] < $time) { $T->set_var('already_expired', $LANG_ADVT['already_expired']); } else { $T->set_var('row_exp_date', date("d M Y", $A['exp_date'])); } } $T->set_var(array('post_options' => $post_options, 'change_editormode' => 'onchange="change_editmode(this);"', 'glfusionStyleBasePath' => $_CONF['site_url'] . '/fckeditor', 'gltoken_name' => CSRF_TOKEN, 'gltoken' => SEC_createToken(), 'has_delbtn' => 'true', 'txt_photo' => "{$LANG_ADVT['photo']}<br />" . sprintf($LANG_ADVT['image_max'], $img_max), 'type' => $type, 'action_url' => $action_url, 'max_file_size' => $_CONF['max_image_size'], 'row_cat_id' => $A['cat_id'], 'row_ad_id' => $A['ad_id'], 'row_subject' => $A['subject'], 'row_descript' => $A['descript'], 'row_price' => $A['price'], 'row_url' => $A['url'], 'keywords' => $A['keywords'], 'exp_date' => $A['exp_date'], 'add_date' => $A['add_date'], 'ad_type_selection' => AdType::makeSelection($A['ad_type']), 'sel_list_catid' => CLASSIFIEDS_buildCatSelection($A['cat_id']), 'saveoption' => $saveoption, 'cancel_url' => $cancel_url)); // set expiration & duration based on existing info if ($A['exp_date'] == '') { $T->set_var('row_exp_date', ''); } else { if ($A['exp_date'] < $time) { $T->set_var('already_expired', $LANG_ADVT['already_expired']); } else { $T->set_var('row_exp_date', date("d M Y", $A['exp_date'])); } } // Set up permission editor on the admin template if needed. // Otherwise, set hidden values with existing permissions if ($admin) { // Set up owner selection $T->set_var(array('ownerselect' => CLASSIFIEDS_userDropdown($A['owner_id']), 'permissions_editor' => SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']), 'group_dropdown' => SEC_getGroupDropdown($A['group_id'], 3))); } else { $ownername = COM_getDisplayName($A['owner_id']); $T->set_var(array('owner_id' => $A['owner_id'], 'ownername' => $ownername, 'perm_owner' => $A['perm_owner'], 'perm_group' => $A['perm_group'], 'perm_members' => $A['perm_members'], 'perm_anon' => $A['perm_anon'], 'group_id' => $A['group_id'])); if ($A['perm_anon'] == 2) { $T->set_var('perm_anon_chk', 'checked'); } } // Set up the photo fields. Use $photocount defined above. // If there are photos, read the $photo result. Otherwise, // or if this is a new ad, just clear the photo area $T->set_block('adedit', 'PhotoRow', 'PRow'); $i = 0; if ($photocount > 0) { while ($prow = DB_fetchArray($photo, false)) { $i++; $T->set_var(array('img_url' => LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['img_max_width'], $_CONF_ADVT['img_max_height']), 'thumb_url' => LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['thumb_max_size'], $_CONF_ADVT['thumb_max_size']), 'seq_no' => $i, 'ad_id' => $A['ad_id'], 'del_img_url' => $action_url . "?mode={$delete_img}&mid={$prow['photo_id']}" . "&id={$A['ad_id']}")); $T->parse('PRow', 'PhotoRow', true); } } else { $T->parse('PRow', ''); } // add upload fields for unused images $T->set_block('adedit', 'UploadFld', 'UFLD'); for ($j = $i; $j < $_CONF_ADVT['imagecount']; $j++) { $T->parse('UFLD', 'UploadFld', true); } $T->parse('output', 'adedit'); return $T->finish($T->get_var('output')); }
/** * Provide a form to edit a new or existing ad. * * @param string $mode Indication of where this is called from * @param array $A Array of ad data. * @return string HTML for submission form */ function CLASSIFIEDS_submitForm($mode = 'submit', $A) { global $_TABLES, $LANG_ADVT, $_CONF, $_CONF_ADVT, $_USER, $LANG_ACCESS, $_GROUPS, $LANG12, $LANG24, $LANG_ADMIN, $LANG_postmodes; USES_classifieds_class_adtype(); // only valid users allowed if (!CLASSIFIEDS_canSubmit()) { return CLASSIFIEDS_errorMsg($LANG_ADVT['login_required'], 'alert', $LANG_ADVT['access_denied']); } $time = time(); // used to compare now with expiration date $T = new Template(CLASSIFIEDS_PI_PATH . '/templates'); $T->set_file('adedit', "submit.thtml"); // Set up the wysiwyg editor, if available switch (PLG_getEditorType()) { case 'ckeditor': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'ckeditor_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; case 'tinymce': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'tinymce_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; default: // don't support others right now $T->set_var('show_htmleditor', false); break; } /*if (isset($_CONF['advanced_editor']) && $_CONF['advanced_editor'] == 1) { $editor_type = '_advanced'; $postmode_adv = 'selected="selected"'; $postmode_html = ''; } else { $editor_type = ''; $postmode_adv = ''; $postmode_html = 'selected="selected"'; } $post_options = ''; $T->set_file('adedit', "submit{$editor_type}.thtml"); if ($editor_type == '_advanced') { $T->set_var('show_adveditor',''); $T->set_var('show_htmleditor','none'); } else { $T->set_var('show_adveditor','none'); $T->set_var('show_htmleditor',''); } $T->set_var('glfusionStyleBasePath', $_CONF['site_url']. '/fckeditor'); $post_options .= "<option value=\"html\" $postmode_html>{$LANG_postmodes['html']}</option>"; $post_options .= "<option value=\"adveditor\" $postmode_adv>{$LANG24[86]}</option>"; $T->set_var('post_options',$post_options); $T->set_var('lang_postmode', $LANG24[4]); $T->set_var('change_editormode', 'onchange="change_editmode(this);"'); // Set the cookie for the advanced editor $T->set_var('gltoken_name', CSRF_TOKEN); $T->set_var('gltoken', SEC_createToken()); @setcookie ($_CONF['cookie_name'].'fckeditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); */ // Get the category info from the form variable, if any. If not, // get the first category so we can get the keywords. // If no categories found, return an error. if (isset($A['catid'])) { $cat_id = intval($A['catid']); } elseif (isset($_REQUEST['cat'])) { $cat_id = intval($_REQUEST['cat']); } else { $cat_id = 0; } // Check permission to the desired category. If not valid, just // reset to zero if ($cat_id > 0 && CLASSIFIEDS_checkCatAccess($cat_id) < 3) { $cat_id = 0; } $catsql = "SELECT cat_id, perm_anon, keywords\n FROM {$_TABLES['ad_category']}\n WHERE 1=1 "; if ($cat_id > 0) { $catsql .= " AND cat_id={$cat_id} "; } $catsql .= COM_getPermSQL('AND', 0, 3) . " ORDER BY cat_name ASC\n LIMIT 1"; //echo $catsql;die; $r = DB_query($catsql); if (!$r || DB_numRows($r) == 0) { // No categories found, need to get some entered return CLASSIFIEDS_errorMsg($LANG_ADVT['no_categories'], 'info'); } $catrow = DB_fetchArray($r); // Set the category to the first found, if none specified if ($cat_id == 0) { $cat_id = intval($catrow['cat_id']); } // Get the keywords for the category IF there weren't any // already submitted if (empty($A['keywords'])) { $A['keywords'] = trim($catrow['keywords']); } $T->set_var('site_url', $_CONF['site_url']); // Get the max image size in MB and set the message $img_max = $_CONF['max_image_size'] / 1024 / 1024; $T->set_var('txt_photo', "{$LANG_ADVT['photo']}<br />" . sprintf($LANG_ADVT['image_max'], $img_max)); $base_url = "{$_CONF['site_url']}/{$_CONF_ADVT['pi_name']}/index.php"; $delete_img_url = $base_url . "?mode=delete_img"; if (!empty($A['ad_id'])) { $delete_img_url .= '&id=' . $A['ad_id']; $T->set_var('delete_btn', '<form action="' . $base_url . '?mode=' . $LANG_ADMIN['delete'] . '&id=' . $A['ad_id'] . '" method="post"> <input type="submit" name="mode" value="' . $LANG_ADMIN['delete'] . '"/></form>'); } // Set some of the form variables if they're already set. $T->set_var('row_price', $A['price']); $T->set_var('row_subject', $A['subject']); $T->set_var('row_descript', $A['descript']); $T->set_var('row_url', $A['url']); $T->set_var('ad_visibility', $LANG_ADVT['ad_visibility']); $T->set_var('max_file_size', $_CONF['max_image_size']); // Disable the "allow anon access" if the category disables it, // and override the checkbox if (intval($catrow['perm_anon']) > 0) { $T->set_var('vis_disabled', ''); if ($A['perm_anon'] == 2) { $T->set_var('perm_anon_chk', 'checked'); } else { $T->set_var('perm_anon_chk', ''); } } else { $T->set_var('vis_disabled', 'disabled'); $T->set_var('perm_anon_chk', ''); } $T->set_var('action_url', $_CONF['site_url'] . '/submit.php'); //$T->set_var('mode', $mode); $T->set_var('type', $_CONF_ADVT['pi_name']); $T->set_var('cancel_url', CLASSIFIEDS_URL); // set expiration & duration info for a new ad if ($_CONF_ADVT['purchase_enabled']) { USES_classifieds_class_userinfo(); $User = new adUserInfo(); $T->set_var('days', min($_CONF_ADVT['default_duration'], $User->getMaxDays())); } else { $T->set_var('days', $_CONF_ADVT['default_duration']); } $T->set_var('keywords', $A['keywords']); $T->set_var('ad_type_selection', AdType::makeSelection($A['ad_type'])); // default to a "for sale" ad /*if (empty($A['ad_type']) || $A['ad_type'] == 1) { $T->set_var('chk_sale', 'checked'); $T->set_var('chk_wanted', ''); } else { $T->set_var('chk_sale', ''); $T->set_var('chk_wanted', 'checked'); }*/ // Set up the category dropdown $T->set_var('sel_list_catid', CLASSIFIEDS_buildCatSelection($cat_id)); // add upload fields for images $T->set_block('adedit', 'UploadFld', 'UFLD'); for ($i = 0; $i < $_CONF_ADVT['imagecount']; $i++) { $T->parse('UFLD', 'UploadFld', true); } // Set the new_ad flag to trigger the use of "mode" in the form. $T->set_var('new_ad', 'true'); $T->parse('output', 'adedit'); return $T->finish($T->get_var('output')); }
*/ /** * Include required glFusion common functions */ require_once '../lib-common.php'; // This is for administrators only if (!SEC_hasRights('classifieds.admin')) { exit; } $base_url = $_CONF['site_url']; switch ($_GET['action']) { case 'toggleEnabled': $newval = $_REQUEST['newval'] == 1 ? 1 : 0; switch ($_GET['type']) { case 'adtype': USES_classifieds_class_adtype(); $newval = AdType::toggleEnabled($newval, $_GET['id']); break; default: exit; } header('Content-Type: text/xml'); header("Cache-Control: no-cache, must-revalidate"); //A date in the past header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); echo '<?xml version="1.0" encoding="ISO-8859-1"?> <info>' . "\n"; echo "<newval>{$newval}</newval>\n"; echo "<id>{$_REQUEST['id']}</id>\n"; echo "<type>{$_REQUEST['type']}</type>\n"; echo "<baseurl>{$base_url}</baseurl>\n";
/** * Notify the site adminstrator that an ad has been submitted. * @param array $A All ad data, such as from $_POST */ function CLASSIFIEDS_notifyAdmin($A) { global $_TABLES, $LANG_ADVT, $_CONF, $_CONF_ADVT; // require a valid ad ID if ($A['ad_id'] == '') { return; } USES_classifieds_class_adtype(); COM_clearSpeedlimit(300, 'advtnotify'); $last = COM_checkSpeedlimit('advtnotify'); if ($last > 0) { return true; } $ad_type = AdType::GetDescription($A['ad_type']); // Select the template for the message $template_dir = CLASSIFIEDS_PI_PATH . '/templates/notify/' . $_CONF['language']; if (!file_exists($template_dir . '/admin.thtml')) { $template_dir = CLASSIFIEDS_PI_PATH . '/templates/notify/english'; } $T = new Template($template_dir); $T->set_file('message', 'admin.thtml'); $T->set_var('site_url', $_CONF['site_url']); $T->set_var('admin_url', "{$_CONF['site_admin_url']}/moderation.php"); $T->set_var('site_name', $_CONF['site_name']); $T->set_var('cat', CLASSIFIEDS_BreadCrumbs($A['catid']), false); $T->set_var('subject', $A['subject']); $T->set_var('description', $A['descript']); $T->set_var('username', COM_getDisplayName(2)); //$T->set_var('ad_url', "{$_CONF['site_url']}/{$_CONF_ADVT['pi_name']}/index.php?mode=detail&id={$A['ad_id']}"); $T->set_var('price', $A['price']); $T->set_var('ad_type', $ad_type); $T->parse('output', 'message'); $message = $T->finish($T->get_var('output')); $group_id = DB_getItem($_TABLES['groups'], 'grp_id', 'grp_name="classifieds Admin"'); $groups = CLASSIFIEDS_getGroupList($group_id); if (empty($groups)) { return; } $groupList = implode(',', $groups); $sql = "SELECT DISTINCT \n {$_TABLES['users']}.uid,username,fullname,email \n FROM \n {$_TABLES['group_assignments']},\n {$_TABLES['users']} \n WHERE \n {$_TABLES['users']}.uid > 1 \n AND \n {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid \n AND \n {$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList})"; $result = DB_query($sql); $nRows = DB_numRows($result); $toCount = 0; for ($i = 0; $i < $nRows; $i++) { $row = DB_fetchArray($result); if ($row['email'] != '') { COM_errorLog("Classifieds Submit: Sending notification email to: " . $row['email'] . " - " . $row['username']); COM_mail(array($row['email'], $row['username']), "{$LANG_ADVT['you_have_new_ad']} {$_CONF['site_name']}", $message, "{$LANG_ADVT['new_ad_notice']} <{$email}>", true); } // if valid email } // foreach administrator COM_updateSpeedlimit('advtnotify'); }