/** * Update META tags for pages * @param $params * @param $lang_id */ public static function UpdateMetaTags($params, $lang_id = '') { $tag_title = isset($params['tag_title']) ? $params['tag_title'] : ''; $tag_keywords = isset($params['tag_keywords']) ? $params['tag_keywords'] : ''; $tag_description = isset($params['tag_description']) ? $params['tag_description'] : ''; $sql = 'UPDATE ' . TABLE_PAGES . ' SET tag_title = \'' . mysql_real_escape_string($tag_title) . '\', tag_keywords = \'' . mysql_real_escape_string($tag_keywords) . '\', tag_description = \'' . mysql_real_escape_string($tag_description) . '\' WHERE language_id = \'' . $lang_id . '\''; if (database_void_query($sql)) { return true; } else { ///$this->error = _TRY_LATER; return false; } }
/** * After-Deleting Record */ public function AfterDeleteRecord() { $sql = 'SELECT id, is_active FROM ' . TABLE_CURRENCIES; if ($result = database_query($sql, DATA_AND_ROWS, ALL_ROWS)) { if ((int) $result[1] == 1) { // make last currency always $sql = 'UPDATE ' . TABLE_CURRENCIES . ' SET rate= \'1\', is_default = \'1\', is_active = \'1\' WHERE id= ' . (int) $result[0][0]['id']; database_void_query($sql); return true; } } return true; }
/** * Removes customer account */ public function RemoveAccount() { $sql = 'UPDATE ' . TABLE_CUSTOMERS . ' SET is_removed = 1, is_active = 0, comments = CONCAT(comments, "\\r\\n' . @date('Y-m-d H:i:s') . ' - account was removed by customer. ") WHERE id = ' . (int) $this->GetLoggedID(); return database_void_query($sql) > 0 ? true : false; }
/** * After-Deleting - delete banner descriptions from description table */ public function AfterDeleteRecord() { $sql = 'DELETE FROM ' . TABLE_BANNERS_DESCRIPTION . ' WHERE banner_id = ' . (int) $this->curRecordId; if (database_void_query($sql)) { return true; } else { return false; } }
/** * 'After'-operation methods */ public function AfterInsertRecord() { // clone to other languages --- $total_languages = Languages::GetAllActive(); $language_id = MicroGrid::GetParameter('language_id'); $template_code = MicroGrid::GetParameter('template_code', false); $template_name = MicroGrid::GetParameter('template_name', false); $template_subject = MicroGrid::GetParameter('template_subject', false); $template_content = MicroGrid::GetParameter('template_content', false); $is_system_template = MicroGrid::GetParameter('is_system_template', false); for ($i = 0; $i < $total_languages[1]; $i++) { if ($language_id != '' && $total_languages[0][$i]['abbreviation'] != $language_id) { $sql = 'INSERT INTO ' . TABLE_EMAIL_TEMPLATES . ' ( id, language_id, template_code, template_name, template_subject, template_content, is_system_template ) VALUES ( NULL, \'' . encode_text($total_languages[0][$i]['abbreviation']) . '\', \'' . encode_text($template_code) . '\', \'' . encode_text($template_name) . '\', \'' . encode_text($template_subject) . '\', \'' . encode_text($template_content) . '\', ' . (int) $is_system_template . ' )'; database_void_query($sql); $this->SetSQLs('insert_lan_' . $total_languages[0][$i]['abbreviation'], $sql); } } }
/** * After-Deleting Record */ public function AfterDeleteRecord() { //remove sub-locations $sql = 'DELETE FROM ' . TABLE_LISTINGS_SUB_LOCATIONS . ' WHERE location_id = ' . (int) $this->curRecordId; return database_void_query($sql) ? true : false; }
/** * Sends order mail * @param $order_number * @param $order_type * @param $customer_id */ public static function SendOrderEmail($order_number, $order_type = 'accepted', $customer_id = '') { global $objSettings; $currencyFormat = get_currency_format(); $order_details = ''; // send email to customer $sql = 'SELECT o.*, CASE WHEN o.payment_type = 0 THEN "' . _ONLINE_ORDER . '" WHEN o.payment_type = 1 THEN "' . _PAYPAL . '" WHEN o.payment_type = 2 THEN "2CO" WHEN o.payment_type = 3 THEN "Authorize.Net" ELSE "' . _UNKNOWN . '" END as m_payment_type, CASE WHEN o.payment_method = 0 THEN "' . _PAYMENT_COMPANY_ACCOUNT . '" WHEN o.payment_method = 1 THEN "' . _CREDIT_CARD . '" WHEN o.payment_method = 2 THEN "E-Check" ELSE "' . _UNKNOWN . '" END as m_payment_method, CASE WHEN o.status = 0 THEN "<span style=color:#960000>' . _PREPARING . '</span>" WHEN o.status = 1 THEN "<span style=color:#FF9966>' . _PENDING . '</span>" WHEN o.status = 2 THEN "<span style=color:#336699>' . _PAID . '</span>" WHEN o.status = 3 THEN "<span style=color:#009600>' . _COMPLETED . '</span>" WHEN o.status = 4 THEN "<span style=color:#969600>' . _REFUNDED . '</span>" ELSE "' . _UNKNOWN . '" END as m_status, c.first_name, c.last_name, c.user_name as customer_name, c.preferred_language, c.email, c.b_address, c.b_address_2, c.b_city, c.b_state, count.name as b_country, c.b_zipcode, c.phone, c.fax, cur.symbol, cur.symbol_placement FROM ' . TABLE_ORDERS . ' o LEFT OUTER JOIN ' . TABLE_CURRENCIES . ' cur ON o.currency = cur.code LEFT OUTER JOIN ' . TABLE_CUSTOMERS . ' c ON o.customer_id = c.id LEFT OUTER JOIN ' . TABLE_COUNTRIES . ' count ON c.b_country = count.abbrv WHERE o.customer_id = ' . (int) $customer_id . ' AND o.order_number = "' . $order_number . '"'; $result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($result[1] > 0) { $plan_info = AdvertisePlans::GetPlanInfo($result[0]['advertise_plan_id']); if (ModulesSettings::Get('payments', 'mode') == 'TEST MODE') { $order_details .= '<div style="text-align:center;padding:10px;color:#a60000;border:1px dashed #a60000;width:100px">TEST MODE!</div><br />'; } // Personal Info $order_details .= '<b>' . _PERSONAL_INFORMATION . ':</b><br />'; $order_details .= _FIRST_NAME . ' : ' . $result[0]['first_name'] . '<br />'; $order_details .= _LAST_NAME . ' : ' . $result[0]['last_name'] . '<br />'; $order_details .= _EMAIL_ADDRESS . ' : ' . $result[0]['email'] . '<br />'; $order_details .= '<br />'; // Billing Info $order_details .= '<b>' . _BILLING_INFORMATION . ':</b><br />'; $order_details .= _ADDRESS . ': ' . $result[0]['b_address'] . '<br />'; $order_details .= _ADDRESS_2 . ': ' . $result[0]['b_address_2'] . '<br />'; $order_details .= _CITY . ': ' . $result[0]['b_city'] . '<br />'; $order_details .= _STATE_PROVINCE . ': ' . $result[0]['b_state'] . '<br />'; $order_details .= _COUNTRY . ': ' . $result[0]['b_country'] . '<br />'; $order_details .= _ZIP_CODE . ': ' . $result[0]['b_zipcode'] . '<br />'; if (!empty($result[0]['phone'])) { $order_details .= _PHONE . ' : ' . $result[0]['phone'] . '<br />'; } if (!empty($result[0]['fax'])) { $order_details .= _FAX . ' : ' . $result[0]['fax'] . '<br />'; } $order_details .= '<br />'; // Order Details $order_details .= '<b>' . _ORDER_DETAILS . ':</b><br />'; $order_details .= _ORDER_DESCRIPTION . ': ' . $result[0]['order_description'] . '<br />'; $order_details .= _ADVERTISE_PLAN . ': ' . (isset($plan_info[0]['plan_name']) ? $plan_info[0]['plan_name'] : '') . '<br />'; $order_details .= _LISTINGS_COUNT . ': ' . $result[0]['listings_amount'] . '<br />'; $order_details .= _CURRENCY . ': ' . $result[0]['currency'] . '<br />'; $order_details .= _CREATED_DATE . ': ' . format_datetime($result[0]['created_date']) . '<br />'; $order_details .= _PAYMENT_DATE . ': ' . format_datetime($result[0]['payment_date']) . '<br />'; $order_details .= _PAYMENT_TYPE . ': ' . $result[0]['m_payment_type'] . '<br />'; $order_details .= _PAYMENT_METHOD . ': ' . $result[0]['m_payment_method'] . '<br />'; //$order_details .= (($result[0]['campaign_name'] != '') ? _DISCOUNT_CAMPAIGN.': '.$result[0]['campaign_name'].' ('.$result[0]['discount_percent'].'%)' : '').'<br />'; $order_details .= _ORDER_PRICE . ': ' . Currencies::PriceFormat($result[0]['order_price'], $result[0]['symbol'], $result[0]['symbol_placement'], $currencyFormat) . '<br />'; $order_details .= _VAT . ': ' . Currencies::PriceFormat($result[0]['vat_fee'], $result[0]['symbol'], $result[0]['symbol_placement'], $currencyFormat) . ' (' . $result[0]['vat_percent'] . '%)' . '<br />'; $order_details .= _TOTAL_PRICE . ': ' . Currencies::PriceFormat($result[0]['total_price'], $result[0]['symbol'], $result[0]['symbol_placement'], $currencyFormat) . '<br />'; //$order_details .= _ADDITIONAL_INFO.': '.nl2br($result[0]['additional_info']).'<br /><br />'; $send_order_copy_to_admin = ModulesSettings::Get('payments', 'send_order_copy_to_admin'); //////////////////////////////////////////////////////////// $sender = $objSettings->GetParameter('admin_email'); $recipient = $result[0]['email']; if ($order_type == 'completed') { // exit if email was already sent if ($result[0]['email_sent'] == '1') { return true; } $email_template = 'order_paid'; $admin_copy_subject = 'Client order has been paid (admin copy)'; } else { $email_template = 'order_accepted_online'; $admin_copy_subject = 'Client has placed online order (admin copy)'; } //////////////////////////////////////////////////////////// send_email($recipient, $sender, $email_template, array('{FIRST NAME}' => $result[0]['first_name'], '{LAST NAME}' => $result[0]['last_name'], '{ORDER NUMBER}' => $order_number, '{ORDER DETAILS}' => $order_details), $result[0]['preferred_language'], $send_order_copy_to_admin == 'yes' ? $sender : '', $send_order_copy_to_admin == 'yes' ? $admin_copy_subject : ''); //////////////////////////////////////////////////////////// if ($order_type == 'completed') { $sql = 'UPDATE ' . TABLE_ORDERS . ' SET email_sent = 1 WHERE order_number = \'' . $order_number . '\''; database_void_query($sql); } //////////////////////////////////////////////////////////// return true; } else { ///echo $sql; ///echo mysql_error(); } return false; }
// *** Make sure the file isn't accessed directly defined('APPHP_EXEC') or die('Restricted Access'); //-------------------------------------------------------------------------- if (!$objLogin->IsLoggedIn() && ModulesSettings::Get('customers', 'allow_registration') == 'yes') { $code = isset($_REQUEST['c']) ? prepare_input($_REQUEST['c']) : ''; $task = isset($_POST['task']) ? prepare_input($_POST['task']) : ''; $msg = ''; $confirmed = false; if ($code != '') { $sql = 'SELECT * FROM ' . TABLE_CUSTOMERS . ' WHERE registration_code = \'' . encode_text($code) . '\' AND is_active = 0'; $result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($result[1] > 0) { $sql = 'UPDATE ' . TABLE_CUSTOMERS . ' SET is_active = 1, registration_code = \'\' WHERE registration_code = \'' . encode_text($code) . '\' AND is_active = 0'; database_void_query($sql); $msg = draw_success_message(_CONFIRMED_SUCCESS_MSG, false); $confirmed = true; $msg .= '<script type="text/javascript">setTimeout(\'appGoTo("customer=login")\', 15000);</script>'; } else { if (strlen($code) == 20) { $confirmed = true; $msg = draw_message(_CONFIRMED_ALREADY_MSG, false); } else { $msg = draw_important_message(_WRONG_CONFIRMATION_CODE, false); } } } else { if ($task == 'post_submission') { $msg = draw_important_message(str_replace('_FIELD_', _CONFIRMATION_CODE, _FIELD_CANNOT_BE_EMPTY), false); }
/** * Clean module tables * @param $module_name */ private function CleanModuleTables($module_tables = '') { $module_tables_arr = explode(',', $module_tables); foreach ($module_tables_arr as $table) { if ($table != '') { $sql = 'TRUNCATE ' . constant('TABLE_' . strtoupper(trim($table))); database_void_query($sql); } } }
/** * Inactives dependent modules */ public function InactiveDependentModules() { $sql = 'SELECT name, module_tables, dependent_modules FROM ' . TABLE_MODULES . ' WHERE name = \'' . $this->moduleName . '\''; $result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($result[1] > 0) { $dependent_modules_arr = explode(',', $result[0]['dependent_modules']); foreach ($dependent_modules_arr as $table) { $sql = 'UPDATE ' . TABLE_MODULES_SETTINGS . ' SET settings_value = \'no\' WHERE module_name = \'' . $table . '\' AND settings_key = \'is_active\''; database_void_query($sql); } } ///echo mysql_error(); }
/** * Delete data of language * @param $lang_abbrev */ private function DeleteDataOfLang($lang_abbrev) { $sql = 'DELETE FROM ' . TABLE_MENUS . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_VOCABULARY . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_PAGES . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_NEWS . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_EMAIL_TEMPLATES . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUMS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUM_ITEMS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_BANNERS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_SITE_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); if (self::$PROJECT == 'BusinessDirectory') { $sql = 'DELETE FROM ' . TABLE_ADVERTISE_PLANS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_CATEGORIES_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_LISTINGS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); } else { if (self::$PROJECT == 'HotelSite') { $sql = 'DELETE FROM ' . TABLE_HOTELS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_ROOMS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_MEAL_PLANS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_HOTELS_LOCATIONS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_ROOM_FACILITIES_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); } else { if (self::$PROJECT == 'ShoppingCart') { $sql = 'DELETE FROM ' . TABLE_CATEGORIES_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_PRODUCTS_DESCRIPTION . ' WHERE language_id = \'' . $lang_abbrev . '\''; database_void_query($sql); } } } // delete language file @unlink('include/messages.' . $lang_abbrev . '.inc.php'); }
/** * Run - called by outside cron */ public static function Run() { // add here your code... // Class::Method(); $perform_actions = false; // update last time running $sql = 'SELECT cron_type, cron_run_last_time, cron_run_period, cron_run_period_value, CASE WHEN cron_run_last_time = \'0000-00-00 00:00:00\' THEN \'999\' WHEN cron_run_period = \'minute\' THEN TIMESTAMPDIFF(MINUTE, cron_run_last_time, \'' . date('Y-m-d H:i:s') . '\') ELSE TIMESTAMPDIFF(HOUR, cron_run_last_time, \'' . date('Y-m-d H:i:s') . '\') END as time_diff FROM ' . TABLE_SETTINGS; $result = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY); if ($result['cron_type'] == 'batch') { $perform_actions = true; } else { if ($result['cron_type'] == 'non-batch' && $result['time_diff'] > $result['cron_run_period_value']) { $perform_actions = true; } else { $perform_actions = false; } } if ($perform_actions) { // update Feeds RSSFeed::UpdateFeeds(); if (self::$PROJECT == 'ShoppingCart') { // close expired discount campaigns Campaigns::UpdateStatus(); // remove expired orders Orders::RemoveExpired(); } else { if (self::$PROJECT == 'HotelSite') { // close expired discount campaigns Campaigns::UpdateStatus(); // close expired coupons Coupons::UpdateStatus(); // remove expired 'Preparing' bookings Bookings::RemoveExpired(); } else { if (self::$PROJECT == 'BusinnessDirectory') { // close expired lisitngs Listings::UpdateStatus(); // remove old inquiries Inquiries::RemoveOld(); } else { if (self::$PROJECT == 'MedicalAppointment') { // remove expired appointments Appointments::RemoveExpired(); // send reminders for patient and doctor Appointments::SendReminders(); } else { if (self::$PROJECT == 'MicroBlog') { // close expired polls Pools::UpdateStatus(); } } } } } // update last time running $sql = 'UPDATE ' . TABLE_SETTINGS . ' SET cron_run_last_time = \'' . date('Y-m-d H:i:s') . '\''; database_void_query($sql); } }
/** * Updates vocabulary key * @param $key_value * @param $key_text */ public function UpdateKey($key_value = '', $key_text = '') { // Block all operations in demo mode if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } // Check input parameters if ($key_text == '') { $this->error = _VOC_KEY_VALUE_EMPTY; return false; } else { if (strlen($key_text) > 2048) { $msg_text = str_replace('_FIELD_', '<b>' . _VALUE . '</b>', _FIELD_LENGTH_ALERT); $msg_text = str_replace('_LENGTH_', '2048', $msg_text); $this->error = $msg_text; return false; } } $sql = 'UPDATE ' . TABLE_VOCABULARY . ' SET key_text = \'' . $this->GetFieldsEncoded(trim($key_text, "\r\n")) . '\' WHERE key_value = \'' . $key_value . '\' AND language_id = \'' . $this->languageId . '\''; if (database_void_query($sql)) { $this->isKeyUpdated = true; return true; } else { $this->error = _TRY_LATER; return false; } }
/** * After-insertion operation */ public function AfterInsertRecord() { // --- clone to other languages $total_languages = Languages::GetAllActive(); $language_id = self::GetParameter('language_id', false); $news_code = self::GetParameter('news_code', false); $header_text = self::GetParameter('header_text', false); $body_text = self::GetParameter('body_text', false); $date_created = self::GetParameter('date_created', false); for ($i = 0; $i < $total_languages[1]; $i++) { if ($language_id != '' && $total_languages[0][$i]['abbreviation'] != $language_id) { $sql = 'INSERT INTO ' . TABLE_NEWS . ' (id, news_code, header_text, body_text, date_created, language_id) VALUES(NULL, \'' . encode_text($news_code) . '\', \'' . encode_text($header_text) . '\', \'' . encode_text($body_text) . '\', \'' . encode_text($date_created) . '\', \'' . encode_text($total_languages[0][$i]['abbreviation']) . '\')'; database_void_query($sql); $this->SetSQLs('insert_lan_' . $total_languages[0][$i]['abbreviation'], $sql); } } }
/** * Close expired listings */ public static function UpdateStatus() { $sql = 'UPDATE ' . TABLE_LISTINGS . ' SET is_published = 0 WHERE is_published = 1 AND finish_publishing != \'0000-00-00 00:00:00\' AND finish_publishing < \'' . date('Y-m-d H:i:s') . '\''; $result = database_void_query($sql, false, false); if ($result) { Categories::RecalculateListingsCount(); } return $result; }
/** * Place order * @param $order_number * @param $cc_params */ public static function PlaceOrder($order_number, $cc_params = array()) { global $objLogin; if (SITE_MODE == 'demo') { self::$message = draw_important_message(_OPERATION_BLOCKED, false); return false; } $sql = 'SELECT id, order_number FROM ' . TABLE_ORDERS . ' WHERE order_number = \'' . $order_number . '\' AND customer_id = ' . (int) $objLogin->GetLoggedID() . ' AND status = 0 ORDER BY id DESC'; $result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($result[1] > 0) { $sql = 'UPDATE ' . TABLE_ORDERS . ' SET created_date = \'' . date('Y-m-d H:i:s') . '\', status_changed = \'' . date('Y-m-d H:i:s') . '\', cc_type = \'' . $cc_params['cc_type'] . '\', cc_holder_name = \'' . $cc_params['cc_holder_name'] . '\', cc_number = AES_ENCRYPT(\'' . $cc_params['cc_number'] . '\', \'' . PASSWORDS_ENCRYPT_KEY . '\'), cc_expires_month = \'' . $cc_params['cc_expires_month'] . '\', cc_expires_year = \'' . $cc_params['cc_expires_year'] . '\', cc_cvv_code = \'' . $cc_params['cc_cvv_code'] . '\', status = \'1\' WHERE order_number = \'' . $order_number . '\''; database_void_query($sql); if (Orders::SendOrderEmail($order_number, 'accepted', $objLogin->GetLoggedID())) { // OK } else { //$this->message = draw_success_message(_ORDER_SEND_MAIL_ERROR, false); } return true; } else { self::$message = _ORDER_ERROR; return false; } }
/** * Draws article comments * @param $article_id * @param $draw */ public function DrawArticleComments($article_id = '', $draw = true) { if (!$article_id) { return ''; } global $objLogin; $delete_pending_time = ModulesSettings::Get('comments', 'delete_pending_time'); $user_type = ModulesSettings::Get('comments', 'user_type'); $comment_length = ModulesSettings::Get('comments', 'comment_length'); $image_verification = ModulesSettings::Get('comments', 'image_verification_allow'); $comments_on_page = ModulesSettings::Get('comments', 'page_size'); $is_published = ModulesSettings::Get('comments', 'pre_moderation_allow') == 'yes' ? '0' : '1'; if ($image_verification == 'yes') { include_once 'modules/captcha/securimage.php'; $objImg = new Securimage(); } //echo '<pre>'; //print_r($_SERVER); //echo '</pre>'; $task = isset($_POST['task']) ? prepare_input($_POST['task']) : ''; $comment_id = isset($_POST['comment_id']) ? (int) $_POST['comment_id'] : ''; $init_state = 'closed'; $user_id = isset($_POST['user_id']) ? (int) $_POST['user_id'] : ''; $user_name = isset($_POST['comment_user_name']) ? prepare_input($_POST['comment_user_name']) : ''; $user_email = isset($_POST['comment_user_email']) ? prepare_input($_POST['comment_user_email']) : ''; $comment_text = isset($_POST['comment_text']) ? prepare_input($_POST['comment_text']) : ''; $captcha_code = isset($_POST['captcha_code']) ? prepare_input($_POST['captcha_code']) : ''; $msg = ''; $task_completed = false; $focus_field = ''; $current_page = isset($_GET['p']) ? abs((int) $_GET['p']) : '1'; if ($task == 'publish_comment') { $init_state = 'opened'; if ($user_name == '') { $msg = draw_important_message(_USERNAME_EMPTY_ALERT, false); $focus_field = 'comment_user_name'; } else { if (!check_email_address($user_email) && !$objLogin->IsLoggedInAs($this->user_type_name)) { $msg = draw_important_message(_EMAIL_IS_WRONG, false); $focus_field = 'comment_user_email'; } else { if ($comment_text == '') { $msg = draw_important_message(_MESSAGE_EMPTY_ALERT, false); $focus_field = 'comment_text'; } else { if ($comment_text != '' && strlen($comment_text) > $comment_length) { $msg = draw_important_message(str_replace('_LENGTH_', $comment_length, _COMMENT_LENGTH_ALERT), false); $focus_field = 'comment_text'; } else { if ($image_verification == 'yes' && !$objImg->check($captcha_code)) { $msg = draw_important_message(_WRONG_CODE_ALERT, false); $focus_field = 'captcha_code'; } else { // Block operation in demo mode if (strtolower(SITE_MODE) == 'demo') { $msg = draw_important_message(_OPERATION_BLOCKED, false); } else { if ($objLogin->IpAddressBlocked(get_current_ip())) { $msg = draw_important_message(_IP_ADDRESS_BLOCKED, false); } else { if ($objLogin->EmailBlocked($user_email)) { $msg = draw_important_message(_EMAIL_BLOCKED, false); } else { $sql = 'INSERT INTO ' . TABLE_COMMENTS . '( id, article_id, user_id, user_name, user_email, comment_text, date_created, date_published, is_published )VALUES( NULL, ' . (int) $article_id . ', ' . (int) $user_id . ', \'' . encode_text($user_name) . '\', \'' . encode_text($user_email) . '\', \'' . encode_text(strip_tags($comment_text, '<b><i><u><br>')) . '\', \'' . date('Y-m-d H:i:s') . '\', \'' . ($is_published == '1' ? date('Y-m-d H:i:s') : '0000-00-00 00:00:00') . '\', \'' . $is_published . '\' )'; if (database_void_query($sql)) { if ($is_published == '1') { $msg = draw_success_message(_COMMENT_POSTED_SUCCESS, false); } else { $msg = draw_success_message(_COMMENT_SUBMITTED_SUCCESS, false); } $task_completed = true; } else { $msg = draw_important_message(_TRY_LATER, false); } } } } } } } } } } else { if ($task == 'delete_comment') { $init_state = 'opened'; $sql = 'DELETE FROM ' . $this->tableName . ' WHERE TIMESTAMPDIFF(MINUTE, date_published, \'' . date('Y-m-d H:i:s') . '\') < ' . $delete_pending_time . ' AND id = ' . (int) $comment_id; if (database_void_query($sql)) { $msg = draw_success_message(_COMMENT_DELETED_SUCCESS, false); } else { $msg = draw_important_message(_TRY_LATER, false); } } } // -------- pagination $total_comments = 0; $page_size = $comments_on_page; $sql = 'SELECT COUNT(*) as cnt FROM ' . TABLE_COMMENTS . ' WHERE is_published = 1 AND article_id = ' . (int) $article_id; $comments_result = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY); $total_comments = $comments_result['cnt']; $total_pages = (int) ($total_comments / $page_size); if ($current_page > $total_pages + 1) { $current_page = 1; } if ($total_comments % $page_size != 0) { $total_pages++; } if ($task_completed) { $current_page = $total_pages; } if (!is_numeric($current_page) || (int) $current_page <= 0) { $current_page = 1; } $start_row = ($current_page - 1) * $page_size; if (isset($_GET['p'])) { $init_state = 'opened'; } // -------- $sql = 'SELECT * FROM ' . TABLE_COMMENTS . ' WHERE article_id = ' . (int) $article_id . ' AND is_published = 1 ORDER BY date_published ASC LIMIT ' . $start_row . ', ' . $page_size; $result = database_query($sql, DATA_AND_ROWS); $output = '<script type="text/javascript">function deleteComment(cid) { if(confirm(\'' . _PERFORM_OPERATION_COMMON_ALERT . '\')){ jQuery(\'#comment_task\').val(\'delete_comment\'); jQuery(\'#comment_id\').val(cid); jQuery(\'#frmComments\').submit(); return true; } return false; } </script>'; $output .= '<div id="commentsLink"><a href="javascript:void(0);" onclick="javascript:jQuery(\'#commentsWrapper\').slideToggle(\'fast\');">' . str_replace('_COUNT_', $total_comments, _COMMENTS_LINK) . '</a><br /><br /></div>'; $output .= '<div id="commentsWrapper" style="display:' . ($init_state == 'opened' ? '' : 'none') . ';">'; $output .= '<div id="commentsPublished">'; if ($result[1] > 0) { for ($i = 0; $i < $result[1]; $i++) { $output .= '<div class="comment">'; $output .= '<div class="comment_user_name"><b>' . $result[0][$i]['user_name'] . '</b> ' . _SAID . '...</div>'; $output .= '<div class="comment_test">' . $result[0][$i]['comment_text'] . '</div>'; $output .= '<div class="comment_date">'; if ($result[0][$i]['user_id'] == $objLogin->GetLoggedID() && floor(time_diff(date('Y-m-d H:i:s'), $result[0][$i]['date_published']) / 60) < $delete_pending_time) { $output .= '<img src="images/published_x.gif" alt="" style="cursor:pointer;margin-bottom:-3px;margin-right:3px;" onclick="deleteComment(\'' . $result[0][$i]['id'] . '\');">'; } $output .= '<i>' . _PUBLISHED . ': ' . format_datetime($result[0][$i]['date_published']) . '</i></div>'; $output .= '</div>'; } // draw pagination links if ($total_pages > 1) { $output .= '<div class="paging">'; for ($page_ind = 1; $page_ind <= $total_pages; $page_ind++) { $output .= prepare_permanent_link('index.php?page=' . Application::Get('page') . '&pid=' . Application::Get('page_id') . '&p=' . $page_ind, $page_ind == $current_page ? '<b>[' . $page_ind . ']</b>' : $page_ind, '', 'paging_link') . ' '; } $output .= '</div>'; } } else { $output .= '<div class="comment">'; $output .= '<b>' . _NO_COMMENTS_YET . '</b><br /><br />'; $output .= '</div>'; } $output .= '</div>'; $output .= $msg != '' ? $msg . '<br />' : ''; if ($user_type == 'registered' && !$objLogin->IsLoggedInAs($this->user_type_name)) { $output .= draw_message(_POST_COM_REGISTERED_ALERT, false); } else { $output .= $this->DrawCommentsForm($article_id, $image_verification, $focus_field, $task_completed, false); } $output .= '</div>'; if ($draw) { echo $output; } else { return $output; } }
/** * Send forgotten password * @param $email */ public function SendPassword($email) { global $objSettings; $lang = Application::Get('lang'); // deny all operations in demo version if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } if (!empty($email)) { if (check_email_address($email)) { if (!PASSWORDS_ENCRYPTION) { $sql = 'SELECT id, first_name, last_name, user_name, password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1'; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') { $sql = 'SELECT id, first_name, last_name, user_name, AES_DECRYPT(password, ' . quote_text(PASSWORDS_ENCRYPT_KEY) . ') as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1'; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') { $sql = 'SELECT id, first_name, last_name, user_name, \'\' as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text($email) . ' AND is_active = 1'; } } } $temp = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY); if (is_array($temp) && count($temp) > 0) { ////////////////////////////////////////////////////////////////// if (!PASSWORDS_ENCRYPTION) { $password = $temp['password']; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') { $password = $temp['password']; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') { $password = get_random_string(8); $sql = 'UPDATE ' . TABLE_ACCOUNTS . ' SET password = '******' WHERE id = ' . (int) $temp['id']; database_void_query($sql); } } } send_email($email, $objSettings->GetParameter('admin_email'), 'password_forgotten', array('{FIRST NAME}' => $temp['first_name'], '{LAST NAME}' => $temp['last_name'], '{USER NAME}' => $temp['user_name'], '{USER PASSWORD}' => $password, '{BASE URL}' => APPHP_BASE, '{WEB SITE}' => $_SERVER['SERVER_NAME'], '{YEAR}' => date('Y')), $temp['preferred_language']); ////////////////////////////////////////////////////////////////// return true; } else { $this->error = _EMAIL_NOT_EXISTS; return false; } } else { $this->error = _EMAIL_IS_WRONG; return false; } } else { $this->error = _EMAIL_EMPTY_ALERT; return false; } return true; }
/** * Remove very old inquiries */ public static function RemoveOld() { $keep_history_days = ModulesSettings::Get('inquiries', 'keep_history_days'); $sql = 'DELETE FROM ' . TABLE_INQUIRIES_REPLIES . ' WHERE DATEDIFF(\'' . date('Y-m-d H:i:s') . '\', ' . TABLE_INQUIRIES_REPLIES . '.date_added) > ' . (int) $keep_history_days; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_INQUIRIES_HISTORY . ' WHERE DATEDIFF(\'' . date('Y-m-d H:i:s') . '\', ' . TABLE_INQUIRIES_HISTORY . '.date_added) > ' . (int) $keep_history_days; database_void_query($sql); $sql = 'DELETE FROM ' . TABLE_INQUIRIES . ' WHERE DATEDIFF(\'' . date('Y-m-d H:i:s') . '\', ' . TABLE_INQUIRIES . '.date_created) > ' . (int) $keep_history_days; database_void_query($sql); }
/** * Set orders for specific customer * @param $customer_id * @param $operation */ public static function SetOrdersForCustomer($customer_id = 0, $operation = '') { $sql = 'UPDATE ' . TABLE_CUSTOMERS . ' '; if ($operation == '+') { $sql .= 'SET orders_count = orders_count + 1 '; } else { $sql .= 'SET orders_count = IF(orders_count > 0, orders_count - 1, 0) '; } $sql .= 'WHERE id = ' . (int) $customer_id; database_void_query($sql); }
/** * Updates listings count for all categories * @param $parent_id */ public static function RecalculateListingsCount($parent_id = 0) { if (strtolower(SITE_MODE) == 'demo') { self::$static_error = _OPERATION_BLOCKED; return false; } $sql = 'SELECT id, parent_id FROM ' . TABLE_CATEGORIES . ' WHERE parent_id = ' . (int) $parent_id; $result = database_query($sql, DATA_AND_ROWS, ALL_ROWS); $count = 0; $count_public = 0; $total_listings = array('count' => 0, 'count_public' => 0); $current_listings = array('count' => 0, 'count_public' => 0); $child_listings = array('count' => 0, 'count_public' => 0); for ($i = 0; $i < $result[1]; $i++) { $child_listings = self::RecalculateListingsCount($result[0][$i]['id']); $sql = 'SELECT COUNT(*) as cnt, SUM(IF(' . TABLE_LISTINGS . '.access_level = "public", 1, 0)) as cnt_public FROM ' . TABLE_LISTINGS . ' INNER JOIN ' . TABLE_LISTINGS_CATEGORIES . ' ON ' . TABLE_LISTINGS . '.id = ' . TABLE_LISTINGS_CATEGORIES . '.listing_id WHERE ' . TABLE_LISTINGS . '.is_published = 1 AND (' . TABLE_LISTINGS . '.finish_publishing = "0000-00-00 00:00:00" OR ' . TABLE_LISTINGS . '.finish_publishing > "' . date('Y-m-d H:i:s') . '") AND ' . TABLE_LISTINGS_CATEGORIES . '.category_id = ' . (int) $result[0][$i]['id']; $res = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY); $current_listings['count'] = isset($res['cnt']) ? $res['cnt'] : 0; $current_listings['count_public'] = isset($res['cnt_public']) ? $res['cnt_public'] : 0; $count = $current_listings['count'] + $child_listings['count']; $count_public = $current_listings['count_public'] + $child_listings['count_public']; $sql = 'UPDATE ' . TABLE_CATEGORIES . ' SET listings_count = ' . (int) $count . ', listings_count_public = ' . (int) $count_public . ' WHERE id = ' . (int) $result[0][$i]['id']; database_void_query($sql); $total_listings['count'] += $count; $total_listings['count_public'] += $count_public; } if (mysql_error() != '') { self::$static_error = _TRY_LATER; return 0; } else { return $total_listings; /// ($total_listings['count'] > 0 || $total_listings['count_public'] > 0) /// return true; } }
/** * After-deleting operations */ public function AfterDeleteRecord() { $sql = 'DELETE FROM ' . TABLE_FAQ_CATEGORY_ITEMS . ' WHERE category_id = ' . (int) $this->curRecordId; database_void_query($sql); }
/** * After-Deleting - delete album descriptions from description table */ public function AfterDeleteRecord() { $sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUMS_DESCRIPTION . ' WHERE gallery_album_id = ' . (int) $this->curRecordId; database_void_query($sql); if ($this->curAlbumCode != '') { $sql = 'SELECT id, album_code, item_file, item_file_thumb, priority_order, is_active FROM ' . TABLE_GALLERY_ALBUM_ITEMS . ' WHERE album_code = \'' . $this->curAlbumCode . '\''; $result = database_query($sql, DATA_AND_ROWS, ALL_ROWS); if ($result[1] > 0) { for ($i = 0; $i < $result[1]; $i++) { if ($this->curAlbumType == 'images') { unlink('images/gallery/' . $result[0][$i]['item_file']); unlink('images/gallery/' . $result[0][$i]['item_file_thumb']); } $sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUM_ITEMS_DESCRIPTION . ' WHERE gallery_album_item_id = ' . (int) $result[0][$i]['id']; database_void_query($sql); } $sql = 'DELETE FROM ' . TABLE_GALLERY_ALBUM_ITEMS . ' WHERE album_code = \'' . $this->curAlbumCode . '\''; database_void_query($sql); return true; } } return false; }
/** * Set sql_mode */ function set_sql_mode() { database_void_query('SET sql_mode = ""'); }
/** * Update table */ public function Update($rid = '', $params = array()) { if ($rid = '') { return false; } $sql = 'UPDATE `' . $this->tableName . '` SET '; $fields_count = 0; foreach ($params as $key => $val) { if ($fields_count++ > 0) { $sql .= ','; } $sql .= '`' . $key . '` = ' . mysql_real_escape_string($val); } $sql .= ' WHERE `' . $this->primaryKey . '`=' . (int) $rid; if (!database_void_query($sql)) { return false; } else { return true; } }
/** * Execute SqlDump * @param $restore_query - resore query or list of queries */ private function ExecuteSqlDump($restore_query) { $nl = "\n"; $sql_array = array(); $sql_length = strlen($restore_query); $pos = strpos($restore_query, ';'); for ($i = $pos; $i < $sql_length; $i++) { if ($restore_query[0] == '#') { $restore_query = ltrim(substr($restore_query, strpos($restore_query, $nl))); $sql_length = strlen($restore_query); $i = strpos($restore_query, ';') - 1; continue; } if ($restore_query[$i + 1] == $nl) { for ($j = $i + 2; $j < $sql_length; $j++) { if (trim($restore_query[$j]) != '') { $next = substr($restore_query, $j, 6); if ($next[0] == '#') { // remove line where the break position (#comment line) for ($k = $j; $k < $sql_length; $k++) { if ($restore_query[$k] == $nl) { break; } } $query = substr($restore_query, 0, $i + 1); $restore_query = substr($restore_query, $k); // join 2 parts of query $restore_query = $query . $restore_query; $sql_length = strlen($restore_query); $i = strpos($restore_query, ';') - 1; continue 2; } break; } } if ($next == '') { // get last insert query $next = 'insert'; } if (preg_match('/create/i', $next) || preg_match('/insert/i', $next) || preg_match('/drop t/i', $next)) { $next = ''; $sql_array[] = substr($restore_query, 0, $i); $restore_query = ltrim(substr($restore_query, $i + 1)); $sql_length = strlen($restore_query); $i = strpos($restore_query, ';') - 1; } } } for ($i = 0; $i < sizeof($sql_array); $i++) { if (!@database_void_query($sql_array[$i])) { ///echo $sql_array[$i].mysql_error(); return false; } } return true; }
/** * After addition record */ public function AfterInsertRecord() { global $objSettings, $objLogin; $maximum_replies = ModulesSettings::Get('inquiries', 'maximum_replies'); // increase by 1 a number of replies and update is_active field $sql = 'UPDATE ' . TABLE_INQUIRIES . ' SET replies_count = replies_count + IF(replies_count < ' . (int) $maximum_replies . ', 1, 0), is_active = IF(replies_count > (' . (int) $maximum_replies . ' - 1), 0, 1) WHERE id = ' . (int) $this->params['inquiry_id']; database_void_query($sql); $objInquiries = Inquiries::Instance(); $inquiry_info = $objInquiries->GetInfoByID($this->params['inquiry_id']); $visitor_email = isset($inquiry_info['email']) ? $inquiry_info['email'] : ''; $visitor_name = isset($inquiry_info['name']) ? $inquiry_info['name'] : ''; $reply_details = _MESSAGE . ':'; $reply_details .= '<br>-----------<br>'; $reply_details .= $this->params['message']; $reply_details .= '<br><br>'; $reply_details .= _CUSTOMER_DETAILS . ':'; $reply_details .= '<br>-----------<br>'; $reply_details .= _FIRST_NAME . ': ' . $objLogin->GetLoggedFirstName() . '<br>'; $reply_details .= _LAST_NAME . ': ' . $objLogin->GetLoggedLastName() . '<br>'; $reply_details .= _EMAIL . ': ' . $objLogin->GetLoggedEmail() . '<br>'; // send inquiry reply to visitor send_email($visitor_email, $objSettings->GetParameter('admin_email'), 'inquiry_reply', array('{FIRST NAME}' => '', '{LAST NAME}' => $visitor_name, '{REPLY DETAILS}' => $reply_details, '{WEB SITE}' => $_SERVER['SERVER_NAME'], '{BASE URL}' => APPHP_BASE)); }
/** * Deletes menu * @param $menu_id - menu ID * @param $menu_order */ public function MenuDelete($menu_id = '0', $menu_order = '0') { // Block operation in demo mode if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } $sql = 'SELECT language_id FROM ' . TABLE_MENUS . ' WHERE id = ' . (int) $menu_id; if ($menu = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY)) { $sql = 'DELETE FROM ' . TABLE_MENUS . ' WHERE id = ' . (int) $menu_id; if (database_void_query($sql)) { $sql = 'UPDATE ' . TABLE_MENUS . ' SET menu_order = menu_order - 1 WHERE language_id = \'' . $menu['language_id'] . '\' AND menu_order > ' . (int) $menu_order; if (database_void_query($sql)) { return true; } } } return false; }
$message .= 'Possible Attempt of Hack Attack? ' . "<br />\n"; $message .= 'Please check this order: ' . "<br />\n"; $message .= 'Order Price: ' . $result[0]['total_price'] . "<br />\n"; $message .= 'Payment Processing Gross Price: ' . $total . "<br />\n"; write_log($message); break; } $sql = 'UPDATE ' . TABLE_ORDERS . ' SET status = 2, transaction_number = \'' . $transaction_number . '\', payment_date = \'' . date('Y-m-d H:i:s') . '\', status_changed = \'' . date('Y-m-d H:i:s') . '\', payment_type = 1, payment_method = ' . $payment_method . ' WHERE order_number = \'' . $order_number . '\''; if (database_void_query($sql)) { // update customer orders/listings amount Customers::SetOrdersForCustomer($result[0]['customer_id'], '+'); Customers::SetListingsForCustomer($result[0]['customer_id'], $result[0]['advertise_plan_id'], $result[0]['listings_amount'], '+'); // send email to customer if (Orders::SendOrderEmail($order_number, 'completed', $result[0]['customer_id'])) { write_log($sql, _ORDER_PLACED_MSG); } else { write_log($sql, _ORDER_ERROR); } } else { write_log($sql, mysql_error()); } } else { write_log($sql, 'Error: no records found. ' . mysql_error()); }
/** * Searchs in pages by keyword * @param $keyword - keyword * @param $page * @param $search_in */ public function SearchBy($keyword, $page = 1, $search_in = 'listings') { $lang_id = Application::Get('lang'); $order_by_clause = 'ASC'; if ($search_in == 'news') { $sql = 'SELECT CONCAT(\'page=news&nid=\', id) as url, header_text as title, body_text as text, \'article\' as content_type, \'\' as link_url FROM ' . TABLE_NEWS . ' n WHERE language_id = \'' . $lang_id . '\' AND ( header_text LIKE \'%' . encode_text($keyword) . '%\' OR body_text LIKE \'%' . encode_text($keyword) . '%\' )'; $order_field = 'n.id'; } else { if ($search_in == 'pages') { $sql = 'SELECT CONCAT(\'page=pages&pid=\', id) as url, page_title as title, page_text as text, content_type, link_url FROM ' . TABLE_PAGES . ' p WHERE language_id = \'' . $lang_id . '\' AND is_published = 1 AND show_in_search = 1 AND is_removed = 0 AND (finish_publishing = \'0000-00-00\' OR finish_publishing >= \'' . date('Y-m-d') . '\') AND ( page_title LIKE \'%' . encode_text($keyword) . '%\' OR page_text LIKE \'%' . encode_text($keyword) . '%\' )'; $order_field = 'p.id'; } else { $sel_categories = isset($_POST['sel_categories']) ? (int) $_POST['sel_categories'] : ''; $sel_listings_locations = isset($_POST['sel_listings_locations']) ? prepare_input($_POST['sel_listings_locations']) : ''; $sel_listings_sub_locations = isset($_POST['sel_listings_sub_locations']) ? prepare_input($_POST['sel_listings_sub_locations']) : ''; $sel_view = isset($_POST['sel_view']) ? prepare_input($_POST['sel_view']) : ''; $sel_sortby = isset($_POST['sel_sortby']) ? prepare_input($_POST['sel_sortby']) : ''; $order_by_clause = isset($_POST['sel_orderby']) ? prepare_input($_POST['sel_orderby']) : 'ASC'; $chk_with_images = isset($_POST['chk_with_images']) ? prepare_input($_POST['chk_with_images']) : ''; // 'listings' or 'empty' $sql = 'SELECT CONCAT(\'page=listing&lid=\', l.id) as url, ld.business_name as title, ld.business_description as text, \'article\' as content_type, \'\' as link_url ' . ($chk_with_images == '1' ? ', l.image_file_thumb' : '') . ' FROM ' . TABLE_LISTINGS . ' l ' . ($sel_categories != '' ? 'LEFT OUTER JOIN ' . TABLE_LISTINGS_CATEGORIES . ' lc ON l.id = lc.listing_id' : '') . ' LEFT OUTER JOIN ' . TABLE_LISTINGS_DESCRIPTION . ' ld ON l.id = ld.listing_id WHERE l.is_published = 1 AND ld.language_id = \'' . $lang_id . '\' AND ' . ($sel_categories != '' ? 'lc.category_id = \'' . $sel_categories . '\' AND ' : '') . ' ' . ($sel_listings_locations != '' ? 'l.listing_location_id = \'' . $sel_listings_locations . '\' AND ' : '') . ' ' . ($sel_listings_sub_locations != '' ? 'l.listing_sub_location_id = \'' . $sel_listings_sub_locations . '\' AND ' : '') . ' ' . ($sel_view == '1' ? ' l.date_published LIKE \'%' . date('Y-m-d') . '%\' AND ' : '') . ' ' . ($sel_view == '2' ? ' l.date_published LIKE \'%' . date('Y-m-d', strtotime('-1 day')) . '%\' AND ' : '') . ' ' . ($sel_view == '3' ? ' l.date_published >= \'%' . date('Y-m-d', strtotime('-7 days')) . '%\' AND ' : '') . ' ' . ($chk_with_images == '1' ? ' (l.image_file != \'\') AND' : '') . ' ( ' . (!empty($keyword) ? 'l.keywords LIKE \'%,' . encode_text($keyword) . '%\' OR l.keywords LIKE \'%' . encode_text($keyword) . ',%\' OR ld.business_name LIKE \'%' . encode_text($keyword) . '%\' OR ld.business_address LIKE \'%' . encode_text($keyword) . '%\' OR ld.business_description LIKE \'%' . encode_text($keyword) . '%\'' : '1=1') . ' )'; $order_field = 'l.id'; if ($sel_sortby == '0') { $order_field = 'l.date_published'; } } } if (!is_numeric($page) || (int) $page <= 0) { $page = 1; } $this->totalSearchRecords = (int) database_query($sql, ROWS_ONLY); $total_pages = (int) ($this->totalSearchRecords / $this->pageSize); if ($this->totalSearchRecords % $this->pageSize != 0) { $total_pages++; } $start_row = ($page - 1) * $this->pageSize; $result = database_query($sql . ' ORDER BY ' . $order_field . ' ' . $order_by_clause . ' LIMIT ' . $start_row . ', ' . $this->pageSize, DATA_AND_ROWS); // update search results table if (strtolower(SITE_MODE) != 'demo' && $result[1] > 0) { $sql = 'INSERT INTO ' . TABLE_SEARCH_WORDLIST . ' (word_text, word_count) VALUES (\'' . $keyword . '\', 1) ON DUPLICATE KEY UPDATE word_count = word_count + 1'; database_void_query($sql); // store table contains up to 1000 records $sql = 'SELECT id, COUNT(*) as cnt FROM ' . TABLE_SEARCH_WORDLIST . ' ORDER BY word_count ASC'; $res1 = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($res1[1] > 0 && $res1[0]['cnt'] > 1000) { $sql = 'DELETE FROM ' . TABLE_SEARCH_WORDLIST . ' WHERE id = ' . (int) $res1[0]['id']; database_void_query($sql); } } return $result; }