$cat_id = $_POST['cat_id']; $field_list = $service->get_searchable_field_list($cat_id); if (count($field_list) > 0) { foreach ($field_list as $key => $value) { switch ($value['type']) { case TYPE_NUMBER: if (isset($_POST[$value['name'] . TYPE_NUMBER_FROM]) && ctype_digit($_POST[$value['name'] . TYPE_NUMBER_FROM]) && $_POST[$value['name'] . TYPE_NUMBER_FROM] >= 0) { $field_list[$key]['from'] = text_only($_POST[$value['name'] . TYPE_NUMBER_FROM]); } if (isset($_POST[$value['name'] . TYPE_NUMBER_TO]) && ctype_digit($_POST[$value['name'] . TYPE_NUMBER_TO]) && $_POST[$value['name'] . TYPE_NUMBER_TO] >= 0) { $field_list[$key]['to'] = text_only($_POST[$value['name'] . TYPE_NUMBER_TO]); } break; case TYPE_SELECT: if (isset($_POST[$value['name']]) && ctype_digit($_POST[$value['name']]) && $_POST[$value['name']] >= 0) { $field_list[$key]['default'] = text_only($_POST[$value['name']]); } $field_list[$key]['option_list'] = $service->get_option_list_by_field_id($value['id']); break; default: break; } } $view->field_list = $field_list; } } else { $cat_id = null; } //echo $search_term; if (ctype_digit($_POST['page']) && $_POST['page'] > 0) { $page = $_POST['page'];
$error = true; $error_list['textlimit'] = sprintf(LANG_POST_EM_AD_IS_BIG, AD_TEXT_LIMIT); } } include 'securimage/securimage.php'; //check captcha! $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code']) == false) { $error = true; $error_list['captcha'] = LANG_POST_EM_WRONG_CAPTCHA; } if ($error) { $view->error_list = $error_list; } else { try { $text = text_only($text); // $values = array(array('cat_id'=>$cat_id, 'text'=>$text,'subject'=>$subject,'location'=>$location,'city_id'=>$city_id,'user_id'=>$email,'code'=>$code)); // $view->success_message=$service->insert_new_ad($values,$_FILES['photo'],$all_field_list); //TODO send email $data = array('text' => $text); $message_sent = send_email_contactus($data); if (!$message_sent) { $error = true; $error_list['server'] = LANG_POST_EM_FAIL_TO_POST; } } catch (Exception $e) { $error = true; $error_list['server'] = LANG_POST_EM_FAIL_TO_POST; } } }
if ($action == 'submit') { //do validation and save $error = false; $error_list = array(); $subject = htmlentities(text_only(trim($_POST['subject'])), ENT_QUOTES, CONF_ENC, false); //$str = mb_convert_encoding($str, ‘UTF-8', ‘UTF-8'); $location = htmlentities(text_only(trim($_POST['location'])), ENT_QUOTES, CONF_ENC, false); $text = $_POST['text']; $purifier = new HTMLPurifier(); $text = $purifier->purify($text); //$text=htmlentities($text,ENT_QUOTES,'UTF-8'); $all_field_list = $service->get_all_field_list($cat_id); if (count($all_field_list) > 0) { foreach ($all_field_list as $k => $v) { if (isset($_POST[$v['name']])) { $all_field_list[$k]['default'] = htmlentities(text_only(trim($_POST[$v['name']])), ENT_QUOTES, CONF_ENC, false); } } } $value_list = array('text' => $text, 'subject' => $subject, 'location' => $location); list($error, $error_list) = validate_ad_for_edit($value_list, $_FILES['photo'], $all_field_list); //validation include 'securimage/securimage.php'; //check captcha! $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code']) == false) { $error = true; $error_list['captcha'] = LANG_POST_EM_WRONG_CAPTCHA; } $photo_action = $_POST['photo_action']; switch ($photo_action) {
$text = $_POST['text']; $text = $purifier->purify($text); // $text=htmlentities($text,ENT_QUOTES,'UTF-8'); $email = htmlentities(text_only(trim($_POST['email'])), ENT_QUOTES, CONF_ENC, false); $cat_id = htmlentities(text_only(trim($_POST['cat_id'])), ENT_QUOTES, CONF_ENC, false); $city_id = htmlentities(text_only(trim($_COOKIE['city_id'])), ENT_QUOTES, CONF_ENC, false); //change to vars from dir $code = md5(uniqid(rand(), true)); //need it to verify email $photo = $_FILES['photo']['name']; //echo $photo; $rows = $service->get_all_field_list($cat_id); if (count($rows) > 0) { foreach ($rows as $key => $value) { if (isset($_POST[$value['name']])) { $rows[$key]['default'] = htmlentities(text_only(trim($_POST[$value['name']])), ENT_QUOTES, CONF_ENC, false); } } } $all_field_list = $rows; $values = array(array('cat_id' => $cat_id, 'text' => $text, 'subject' => $subject, 'location' => $location, 'city_id' => $city_id, 'user_id' => $email, 'code' => $code, 'anonymize' => $anonymize)); list($error, $error_messages) = validate_ad($values, $_FILES['photo'], $all_field_list); //validation include 'securimage/securimage.php'; //check captcha! $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code']) == false) { $error = true; $error_messages['captcha'] = LANG_POST_EM_WRONG_CAPTCHA; } if ($error) {
<?php // sleep(2); include 'class/includes.php'; $error_list = array(); $ad_id = htmlentities(text_only(trim($_POST['ad_id']), ENT_QUOTES, CONF_ENC, false)); //$location=htmlentities(text_only(trim($_POST['location'])),ENT_QUOTES,CONF_ENC,false); $friend_email = text_only(trim($_POST['friend_email'])); $user_email = text_only(trim($_POST['user_email'])); $action = htmlentities(text_only(trim($_POST['action']), ENT_QUOTES, CONF_ENC, false)); $view = new Savant3(); $view->setPath('template', array(TPL_PATH)); if ($action == 'load') { $view->value_list = array('ad_id' => $ad_id, 'action' => 'submit'); $view->pushToQueue('ad_email_friend.tpl.php'); } elseif ($action == 'submit') { if (empty($friend_email)) { $error_list[] = LANG_AD_EF_F_EMAIL_EMPTY; } elseif (!isemail($friend_email)) { $error_list[] = LANG_AD_EF_F_EMAIL_WRONG_FORMAT; } if (!empty($user_email) && !isemail($user_email)) { $error_list[] = LANG_AD_EF_EMAIL_WRONG_FORMAT; } if (!chkid($ad_id)) { $error_list[] = 'a'; } if (empty($error_list)) { // if (ad_email_friend($ad_id,$friend_email,$user_email)) { // $view->message=LANG_AD_EF_SUCCESS; // $view->pushToQueue('message.tpl.php');