function clear_log()
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
$display .= "<h3>{$lang['log_delete']}</h3>";
// Check for Admin privs before doing anything
if ($_SESSION['admin_privs'] == "yes") {
// find the number of log items
$sql = "TRUNCATE TABLE " . $config['table_prefix'] . "activitylog";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
$display .= "{$lang['log_clear_error']}";
} else {
$display .= "{$lang['log_cleared']}";
$misc->log_action($lang['log_reset']);
}
} else {
$display .= "{$lang['clear_log_need_privs']}";
}
$display .= '<br /><a href="' . $config['baseurl'] . '/admin/index.php?action=view_log">' . $lang['admin_view_log'] . '</a>';
return $display;
}
function delete_user($user_id)
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
// Set Variable to hold errors
$errors = '';
// Verify ID is Numeric
if (!is_numeric($user_id)) {
return $lang['user_manager_invalid_user_id'];
}
if ($config['demo_mode'] == 1 && $_SESSION['admin_privs'] != 'yes') {
return $lang['demo_mode'] . ' - ' . $lang['user_manager_permission_denied'] . '<br />';
}
// Admins can delte any user. Anyone can delte there own information as this is needed for updates.
if ($_SESSION['admin_privs'] == 'yes' && $user_id != '') {
$sql_delete = $misc->make_db_extra_safe($user_id);
} elseif ($_SESSION['admin_privs'] == 'yes' && $user_id == '' || $_SESSION['userID'] == $user_id) {
$sql_delete = $misc->make_db_extra_safe($_SESSION['userID']);
} else {
return $lang['user_manager_permission_denied'];
}
// delete the user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_delete;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the elements associated with the user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'userdbelements WHERE userdb_id = ' . $sql_delete;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the listings associated with a user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'listingsdb WHERE (userdb_ID = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the elements associated with a user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'listingsdbelements WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the favorites associated with a user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'userfavoritelistings WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the saved searches associated with a user
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'usersavedsearches WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// now get all the images associated with a user's listings
$sql = 'SELECT listingsimages_file_name, listingsimages_thumb_file_name FROM ' . $config['table_prefix'] . 'listingsimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// so, you've got 'em... it's time to unlink those bad boys...
while (!$recordSet->EOF) {
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_file_name']);
// get rid of those darned things...
if (!unlink($config['listings_upload_path'] . '/' . $file_name)) {
$errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['listings_upload_path'] . '/' . $file_name . '<br />';
}
if ($file_name != $thumb_file_name) {
if (!unlink($config['listings_upload_path'] . '/' . $thumb_file_name)) {
$errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['listings_upload_path'] . '/' . $thumb_file_name . '<br />';
}
}
$recordSet->MoveNext();
}
// delete all the saved images associated with a user from listingimages
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'listingsimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// it's time to do the same for all the images associated with the user himself
$sql = 'SELECT userimages_file_name, userimages_thumb_file_name FROM ' . $config['table_prefix'] . 'userimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['userimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['userimages_file_name']);
// get rid of those darned things...
if (!unlink($config['user_upload_path'] . '/' . $file_name)) {
$errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['user_upload_path'] . '/' . $file_name . '<br />';
}
if ($file_name != $thumb_file_name) {
if (!unlink($config['user_upload_path'] . '/' . $thumb_file_name)) {
$errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['user_upload_path'] . '/' . $thumb_file_name . '<br />';
}
}
$recordSet->MoveNext();
}
// delete all the saved images associated with a user from userImages
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'userimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$sql = 'SELECT vtourimages_file_name FROM ' . $config['table_prefix'] . 'vtourimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$vtour_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
// get rid of those darned things...
if (!unlink($config["vtour_upload_path"] . '/' . $vtour_file_name)) {
$errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config["vtour_upload_path"] . '/' . $vtour_file_name . '<br />';
}
$recordSet->MoveNext();
}
// delete all the saved images associated with a user from userImages
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'vtourimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($errors != '') {
return $errors;
}
// delete all the saved vtour images associated with a user from vtourimages
$sql = 'SELECT vtourimages_file_name FROM ' . $config['table_prefix'] . 'vtourimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$vtour_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
// get rid of those darned things...
if (!unlink($config["vtour_upload_path"] . '/' . $vtour_file_name)) {
$errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config["vtour_upload_path"] . '/' . $vtour_file_name . '<br />';
}
$recordSet->MoveNext();
}
// delete all the saved images associated with a user from vtourimages
$sql = 'DELETE FROM ' . $config['table_prefix'] . 'vtourimages WHERE (userdb_id = ' . $sql_delete . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($errors != '') {
return $errors;
}
$misc->log_action($lang['log_deleted_user'] . ': ' . $user_id);
return true;
}
function edit_vtour_images()
{
global $lang, $conn, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
if (isset($_GET['edit']) && $_GET['edit'] != '') {
$_POST['edit'] = $_GET['edit'];
}
$edit = intval($_POST['edit']);
$sql_edit = intval($_POST['edit']);
if (!isset($_POST['action'])) {
$_POST['action'] = '';
}
// does this person have access to these listings?
if ($_SESSION['edit_all_listings'] != "yes" && $_SESSION['admin_privs'] != "yes") {
$sql = "SELECT userdb_id FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$sql_edit})";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$owner = $recordSet->fields['userdb_id'];
$recordSet->MoveNext();
}
if ($_SESSION['userID'] != $owner) {
die($lang['priv_failure']);
}
}
// end priv check
if ($_POST['action'] == "update_pic") {
$count = 0;
$num_fields = count($_POST['pic']);
$sql_edit = $misc->make_db_safe($_POST['edit']);
while ($count < $num_fields) {
$sql_caption = $misc->make_db_safe($_POST['caption'][$count]);
$sql_description = $misc->make_db_safe($_POST['description'][$count]);
$sql_rank = $misc->make_db_safe($_POST['rank'][$count]);
$sql_pic = $misc->make_db_safe($_POST['pic'][$count]);
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "UPDATE " . $config['table_prefix'] . "vtourimages SET vtourimages_caption = {$sql_caption}, vtourimages_description = {$sql_description}, vtourimages_rank = {$sql_rank} WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = {$sql_pic}))";
} else {
$sql = "UPDATE " . $config['table_prefix'] . "vtourimages SET vtourimages_caption = {$sql_caption}, vtourimages_description = {$sql_description}, vtourimages_rank = {$sql_rank} WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = {$sql_pic}) AND (userdb_id = {$_SESSION['userID']}))";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$count++;
}
$display .= '<p>' . $lang['images_update'] . '</p>';
$misc->log_action($lang['log_updated_listing_image'] . $edit);
}
if (isset($_GET['delete'])) {
// get the data for the pic being deleted
$sql_pic_id = $misc->make_db_safe($_GET['delete']);
$sql_edit = $misc->make_db_safe($_GET['edit']);
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_id = {$sql_pic_id}))";
} else {
$sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_id = {$sql_pic_id}) AND (userdb_id = {$_SESSION['userID']}))";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
$recordSet->MoveNext();
}
// end while
// delete from the db
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "DELETE FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = '{$file_name}'))";
} else {
$sql = "DELETE FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = '{$file_name}') AND (userdb_id = '{$_SESSION['userID']}'))";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete the files themselves
// on widows, required php 4.11 or better (I think)
if (!unlink("{$config['vtour_upload_path']}/{$file_name}")) {
die("{$lang['alert_site_admin']}");
}
if ($file_name != $thumb_file_name) {
if (!unlink("{$config['vtour_upload_path']}/{$thumb_file_name}")) {
die("{$lang['alert_site_admin']}");
}
}
$misc->log_action("{$lang['log_deleted_listing_image']} {$file_name}");
$display .= "<p>{$lang['image']} '{$file_name}' {$lang['has_been_deleted']}</p>";
}
if ($_POST['action'] == "upload") {
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
// get the owner of the listing
$sql = "SELECT userdb_id FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$sql_edit})";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$owner = $recordSet->fields['userdb_id'];
$recordSet->MoveNext();
}
$display .= $this->handleUpload("vtour", $edit, $owner);
} else {
$display .= $this->handleUpload("vtour", $edit, $_SESSION['userID']);
}
}
// end if $action == "upload"
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$sql = "SELECT vtourimages_id, vtourimages_caption, vtourimages_file_name, vtourimages_thumb_file_name, vtourimages_description, vtourimages_rank FROM " . $config['table_prefix'] . "vtourimages WHERE (listingsdb_id = {$sql_edit}) ORDER BY vtourimages_rank";
} else {
$sql = "SELECT vtourimages_id, vtourimages_caption, vtourimages_file_name, vtourimages_thumb_file_name, vtourimages_description, vtourimages_rank FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (userdb_id = '{$_SESSION['userID']}')) ORDER BY vtourimages_rank";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$display .= '<table class="image_upload">';
$ext = '';
$num_images = $recordSet->RecordCount();
$file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
$ext = substr(strrchr($file_name, '.'), 1);
$avaliable_images = $config["max_vtour_uploads"] - $num_images;
$x = 0;
if ($num_images < $config['max_vtour_uploads'] && $ext != 'egg') {
$display .= '<table border="0" cellspacing="0" cellpadding="0">';
$display .= '<tr>';
$display .= '<td colspan="2">';
$display .= '<h3>' . $lang['upload_a_picture'] . '</h3>';
$display .= '</td>';
$display .= '</tr>';
$display .= '<tr>';
$display .= '<td width="150"> </td>';
$display .= '<td>';
$display .= '<form enctype="multipart/form-data" action="index.php?action=edit_vtour_images" method="post">';
$display .= '<input type="hidden" name="action" value="upload" />';
$display .= '<input type="hidden" name="edit" value="' . $edit . '" />';
$display .= '<input type="hidden" name="MAX_FILE_SIZE" value="' . $config['max_vtour_upload_size'] . '" />';
while ($x < $avaliable_images) {
$display .= '<b>' . $lang['upload_send_this_file'] . ': </b><input name="userfile[]" type="file" /><br />';
$x++;
}
$display .= '<input type="submit" value="' . $lang['upload_send_file'] . '" />';
$display .= '</form>';
$display .= '</td>';
$display .= '</tr>';
$display .= '</table>';
}
// end if $num_images <= $config[max_user_uploads]
$display .= '<table class="image_upload">';
$display .= '<tr>';
$display .= '<td colspan="2">';
$display .= '<h3>' . $lang['edit_images'] . ' -- ';
if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
$display .= "<a href=\"index.php?action=edit_listings&edit={$edit}\">";
} else {
$display .= "<a href=\"index.php?action=edit_my_listings&edit={$edit}\">";
}
$display .= $lang['return_to_editing_listing'];
$display .= '</a></h3></td></tr>';
$display .= '</table>';
$count = 0;
$display .= '<form action="index.php?action=edit_vtour_images" method="post">';
$display .= '<table class="image_upload">';
while (!$recordSet->EOF) {
// $edit = $misc->make_db_safe($_POST['edit']);
$pic_id = $recordSet->fields['vtourimages_id'];
$rank = $recordSet->fields['vtourimages_rank'];
$caption = $misc->make_db_unsafe($recordSet->fields['vtourimages_caption']);
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']);
$description = $misc->make_db_unsafe($recordSet->fields['vtourimages_description']);
$file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
$ext = substr(strrchr($file_name, '.'), 1);
if ($ext == 'jpg') {
// gotta grab the image size
$imagedata = GetImageSize("{$config['vtour_upload_path']}/{$file_name}");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
$shrinkage = $config['thumbnail_width'] / $imagewidth;
$displaywidth = $imagewidth * $shrinkage;
$displayheight = $imageheight * $shrinkage;
$filesize = filesize("{$config['vtour_upload_path']}/{$file_name}");
$filesize = $filesize / 1000;
// to get k
// now grab the thumbnail data
$thumb_imagedata = GetImageSize("{$config['vtour_upload_path']}/{$thumb_file_name}");
$thumb_imagewidth = $thumb_imagedata[0];
$thumb_imageheight = $thumb_imagedata[1];
$thumb_filesize = filesize("{$config['vtour_upload_path']}/{$thumb_file_name}");
$thumb_filesize = $thumb_filesize / 1000;
// alternate the colors
if ($count == 0) {
$count = 1;
} else {
$count = 0;
}
$display .= '<tr class="image_row_' . $count . '"><td valign="top" class="image_row_' . $count . '" width="150"><b>' . $file_name . '</b><br />' . $lang['width'] . '=' . $imagewidth . '<br />' . $lang['height'] . '=' . $imageheight . '<br />' . $lang['size'] . '=' . $filesize . ' k<br />';
$display .= '<br />' . $lang['thumbnail'] . ':<br />';
$display .= '<img src="' . $config['vtour_view_images_path'] . '/' . $thumb_file_name . '" width="' . $displaywidth . '" border="1" alt="" />';
$display .= '<br />' . $lang['width'] . '=' . $thumb_imagewidth . '<br />' . $lang['height'] . '=' . $thumb_imageheight . '<br />' . $lang['size'] . '=' . $thumb_filesize . ' k<br />';
$display .= '<br /><a href="index.php?action=edit_vtour_images&delete=' . $pic_id . '&edit=' . $edit . '" onclick="return confirmDelete()">' . $lang['delete'] . '</a>';
$display .= '</td><td align="center" class="image_row_' . $count . '"><img src="' . $config['vtour_view_images_path'] . '/' . $file_name . '" border="1" width="600" alt="" />';
$display .= '</tr><tr><td align="center" class="image_row_' . $count . '" colspan="2">';
$display .= '<input type="hidden" name="pic[]" value="' . $file_name . '" />';
$display .= '<table border="0">';
$display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['admin_template_editor_field_rank'] . ':</b></td><td align="left"><input type="text" name="rank[]" value="' . $rank . '" /><div class="small">' . $lang['upload_rank_explanation'] . '</div></td></tr>';
$display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['upload_caption'] . ':</b></td><td align="left"><input type="text" name="caption[]" value="' . $caption . '" /></td></tr>';
$display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['upload_description'] . ':</b><td align="left"><textarea name="description[]" rows="6" cols="40">' . $description . '</textarea></td></tr>';
$display .= '</table>';
$display .= '</td></tr><tr><td colspan="2"><hr /></td></tr>';
$recordSet->MoveNext();
} elseif ($ext == 'egg') {
// alternate the colors
if ($count == 0) {
$count = 1;
} else {
$count = 0;
}
$display .= '<tr class="image_row_' . $count . '"><td valign="top" align="center" class="image_row_' . $count . '"><b>' . $file_name . '</b><br />';
$display .= '<img src="' . $config[baseurl] . '/images/eggimage.gif" border="1" />';
$display .= '<br /><a href="index.php?action=edit_vtour_images&delete=' . $pic_id . '&edit=' . $edit . '" onclick="return confirmDelete()">' . $lang['delete'] . '</a>';
$display .= '</tr>';
$recordSet->MoveNext();
} else {
// alternate the colors
if ($count == 0) {
$count = 1;
} else {
$count = 0;
}
$display .= '<tr class="image_row_' . $count . '"><td valign="top" class="image_row_' . $count . '" width="150"><b>' . $lang[unsupported_vtour] . '<br />' . $file_name . '</b><br />' . $lang[size] . '=' . $filesize . 'k<br />';
$display .= '<br /><a href="index.php?action=edit_vtour_images&delete=' . $pic_id . '&edit=' . $edit . '" onclick="return confirmDelete()">' . $lang['delete'] . '</a>';
$display .= '</tr><tr><td align="center" class="image_row_' . $count . '">';
$display .= '<input type="hidden" name="pic[]" value="' . $file_name . '" />';
$display .= '<table border="0">';
$display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['admin_template_editor_field_rank'] . ':</b></td><td align="left"><input type="text" name="rank[]" value="' . $rank . '" /><div class="small">' . $lang['upload_rank_explanation'] . '</div></td></tr>';
$display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['upload_caption'] . ':</b></td><td align="left"><input type="text" name="caption[]" value="' . $caption . '" /></td></tr>';
$display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['upload_description'] . ':</b><td align="left"><textarea name="description[]" rows="6" cols="40">' . $description . '</textarea></td></tr>';
$display .= '</table>';
$display .= '</td></tr><tr><td><hr /></td></tr>';
$recordSet->MoveNext();
}
// end else it's not a supported vtour
}
// end while
$display .= '<tr><td align="center" class="image_row_' . $count . '" colspan="2"><input type="submit" value="' . $lang['update'] . '" />';
$display .= '</table>';
$display .= '<input type="hidden" name="edit" value="' . $edit . '" />';
$display .= '<input type="hidden" name="action" value="update_pic" />';
$display .= '</form>';
return $display;
}
/**
* delete_listing()
*
* @param $id
* @param boolean $verify_user
* @return
*/
function delete_listing($id, $verify_user = true)
{
global $conn, $lang, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
if (!is_numeric($id)) {
die($lang['data type mismatch']);
}
$sql_delete = $misc->make_db_safe($id);
// delete a listing
$configured_langs = explode(',', $config['configured_langs']);
foreach ($configured_langs as $configured_lang) {
if ($verify_user === true) {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsdb WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))";
} else {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsdb WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// delete all the elements associated with a listing
if ($verify_user === true) {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsdbelements WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))";
} else {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsdbelements WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
// now get all the images associated with an listing
if ($verify_user === true) {
$sql = "SELECT listingsimages_file_name, listingsimages_thumb_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))";
} else {
$sql = "SELECT listingsimages_file_name, listingsimages_thumb_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// so, you've got 'em... it's time to unlink those bad boys...
while (!$recordSet->EOF) {
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_file_name']);
// get rid of those darned things...
@unlink("{$config['listings_upload_path']}/{$file_name}");
if ($file_name != $thumb_file_name) {
@unlink("{$config['listings_upload_path']}/{$thumb_file_name}");
}
$recordSet->MoveNext();
}
// now get all the vtours associated with an listing
if ($verify_user === true) {
$sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))";
} else {
$sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// so, you've got 'em... it's time to unlink those bad boys...
while (!$recordSet->EOF) {
$thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']);
$file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
// get rid of those darned things...
@unlink("{$config['vtour_upload_path']}/{$file_name}");
if ($file_name != $thumb_file_name) {
@unlink("{$config['vtour_upload_path']}/{$thumb_file_name}");
}
$recordSet->MoveNext();
}
// for the grand finale, we're going to remove the db records of 'em as well...
foreach ($configured_langs as $configured_lang) {
if ($verify_user === true) {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsimages WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}";
} else {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsimages WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($verify_user === true) {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_vtourimages WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}";
} else {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_vtourimages WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
// now get all the files associated with an listing
$uploadpath = $config['listings_file_upload_path'] . '/' . $id;
if ($verify_user === true) {
$sql = "SELECT listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))";
} else {
$sql = "SELECT listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// so, you've got 'em... it's time to unlink those bad boys...
while (!$recordSet->EOF) {
$file_name = $misc->make_db_unsafe($recordSet->fields['listingsfiles_file_name']);
// delete the files themselves
@unlink("{$uploadpath}/{$file_name}");
$empty = count(glob("{$uploadpath}/*")) === 0 ? 'true' : 'false';
if ($empty == 'true') {
rmdir($uploadpath);
}
$recordSet->MoveNext();
}
// for the grand finale, we're going to remove the db records of 'em as well...
foreach ($configured_langs as $configured_lang) {
if ($verify_user === true) {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsimages WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}";
} else {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsimages WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($verify_user === true) {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_vtourimages WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}";
} else {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_vtourimages WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($verify_user === true) {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsfiles WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}";
} else {
$sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsfiles WHERE listingsdb_id = {$sql_delete}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
//Remove the listing from the listingsclass table.
$sql = " DELETE FROM " . $config['table_prefix_no_lang'] . "classlistingsdb WHERE listingsdb_id = {$sql_delete}";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// Delete from favorites
$sql = "DELETE FROM " . $config['table_prefix'] . "userfavoritelistings WHERE listingsdb_id = {$sql_delete}";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// ta da! we're done...
$display .= '<p>' . $lang['admin_listings_editor_listing_number'] . ' ' . $id . ' ' . $lang['has_been_deleted'] . '</p>';
$misc->log_action($lang['log_deleted_listing'] . ' ' . $id);
return $display;
}
function uploadfile($type, $edit, $owner)
{
// deals with incoming uploads
global $config, $conn, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
$file_x = 0;
if ($type == 'users') {
$sql = "SELECT count(" . $type . "files_id) as num_files FROM " . $config['table_prefix'] . "" . $type . "files WHERE (userdb_id = {$owner})";
} else {
$sql = "SELECT count(" . $type . "files_id) as num_files FROM " . $config['table_prefix'] . "" . $type . "files WHERE (listingsdb_id = {$edit})";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num_files = $recordSet->fields['num_files'];
$avaliable_files = $config['max_' . $type . '_file_uploads'] - $num_files;
while ($file_x < $avaliable_files) {
if (is_uploaded_file($_FILES['userfile']['tmp_name'][$file_x])) {
$realname = $misc->clean_filename($_FILES['userfile']['name'][$file_x]);
$filename = $_FILES['userfile']['tmp_name'][$file_x];
$extension = substr(strrchr($realname, "."), 1);
$pass_the_upload = "true";
// check file extensions
if (!in_array($extension, explode(',', $config['allowed_file_upload_extensions']))) {
$pass_the_upload = "{$lang['upload_invalid_extension']}: {$extension}";
}
// check size
$filesize = $_FILES['userfile']['size'][$file_x];
if ($config['max_' . $type . '_file_upload_size'] != 0 && $filesize > $config['max_' . $type . '_file_upload_size']) {
$pass_the_upload = $lang['upload_too_large'] . '<br />' . $lang['failed_max_filesize'] . ' ' . $config['max_' . $type . '_file_upload_size'] . '' . $lang['bytes'];
}
// security error
if (strstr($_FILES['userfile']['name'][$file_x], "..") != "") {
$pass_the_upload = "{$lang['upload_security_violation']}!";
}
// make sure the file hasn't already been uploaded...
if ($type == "listings") {
$save_name = $realname;
$sql = "SELECT listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE listingsfiles_file_name = '{$save_name}' AND listingsdb_id = {$_POST['edit']}";
} elseif ($type == "users") {
$save_name = $realname;
$sql = "SELECT usersfiles_file_name FROM " . $config['table_prefix'] . "usersfiles WHERE usersfiles_file_name = '{$save_name}'";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num = $recordSet->RecordCount();
if ($num > 0) {
$pass_the_upload = "{$lang['file_exists']}!";
}
// IF the upload has passed all the tests do:
if ($pass_the_upload == "true") {
if ($type == "listings") {
$uploadpath = $config[listings_file_upload_path] . '/' . $edit;
if (!file_exists($uploadpath)) {
mkdir($uploadpath, 0777);
}
move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$uploadpath}/{$save_name}");
// Get Max Image Rank
$sql = "SELECT MAX(listingsfiles_rank) AS max_rank FROM " . $config['table_prefix'] . "listingsfiles WHERE (listingsdb_id = '{$edit}')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$rank = $recordSet->fields['max_rank'];
$rank++;
$sql = "INSERT INTO " . $config['table_prefix'] . "listingsfiles (listingsdb_id, userdb_id, listingsfiles_file_name, listingsfiles_rank, listingsfiles_caption, listingsfiles_description, listingsfiles_active) VALUES ('{$edit}', '{$owner}', '{$save_name}', {$rank},'','','yes')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$misc->log_action("{$lang['log_uploaded_listing_file']} {$save_name}");
@chmod("{$uploadpath}/{$save_name}", 0777);
}
// end if $type == "listings"
// IF the type of upload is a user file do:
if ($type == "users") {
$uploadpath = $config[users_file_upload_path] . '/' . $owner;
if (!file_exists($uploadpath)) {
mkdir($uploadpath, 0777);
}
move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$uploadpath}/{$save_name}");
// Get Max Image Rank
$sql = "SELECT MAX(usersfiles_rank) AS max_rank FROM " . $config['table_prefix'] . "usersfiles WHERE (userdb_id = '{$owner}')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$rank = $recordSet->fields['max_rank'];
$rank++;
$sql = "INSERT INTO " . $config['table_prefix'] . "usersfiles (userdb_id, usersfiles_file_name,usersfiles_rank,usersfiles_caption,usersfiles_description,usersfiles_active) VALUES ('{$owner}', '{$save_name}', {$rank},'','','yes')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$misc->log_action("{$lang['log_uploaded_user_image']} {$save_name}");
@chmod("{$config['user_upload_path']}/{$save_name}", 0777);
}
// end if $type == "user"
$display .= "<p>{$realname} {$lang['upload_success']}.</p>";
// end if $pass_the_upload == "true"
} else {
// else the upload has failed... lets tell them why... the suspense is killing me...
$display .= "<p><strong>{$lang['upload_failed']}</strong> {$pass_the_upload}</p>";
}
} else {
// print_r($_FILES);
if ($_FILES['userfile']['error'][$file_x] != 4) {
$display .= "{$lang['upload_too_large']}: " . $_FILES['userfile']['name'][$file_x] . ".<br />";
}
}
$file_x++;
}
return $display;
}
