function clear_log() { global $conn, $config, $lang; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $display = ''; $display .= "<h3>{$lang['log_delete']}</h3>"; // Check for Admin privs before doing anything if ($_SESSION['admin_privs'] == "yes") { // find the number of log items $sql = "TRUNCATE TABLE " . $config['table_prefix'] . "activitylog"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); $display .= "{$lang['log_clear_error']}"; } else { $display .= "{$lang['log_cleared']}"; $misc->log_action($lang['log_reset']); } } else { $display .= "{$lang['clear_log_need_privs']}"; } $display .= '<br /><a href="' . $config['baseurl'] . '/admin/index.php?action=view_log">' . $lang['admin_view_log'] . '</a>'; return $display; }
function delete_user($user_id) { global $conn, $config, $lang; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); // Set Variable to hold errors $errors = ''; // Verify ID is Numeric if (!is_numeric($user_id)) { return $lang['user_manager_invalid_user_id']; } if ($config['demo_mode'] == 1 && $_SESSION['admin_privs'] != 'yes') { return $lang['demo_mode'] . ' - ' . $lang['user_manager_permission_denied'] . '<br />'; } // Admins can delte any user. Anyone can delte there own information as this is needed for updates. if ($_SESSION['admin_privs'] == 'yes' && $user_id != '') { $sql_delete = $misc->make_db_extra_safe($user_id); } elseif ($_SESSION['admin_privs'] == 'yes' && $user_id == '' || $_SESSION['userID'] == $user_id) { $sql_delete = $misc->make_db_extra_safe($_SESSION['userID']); } else { return $lang['user_manager_permission_denied']; } // delete the user $sql = 'DELETE FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_delete; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // delete all the elements associated with the user $sql = 'DELETE FROM ' . $config['table_prefix'] . 'userdbelements WHERE userdb_id = ' . $sql_delete; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // delete all the listings associated with a user $sql = 'DELETE FROM ' . $config['table_prefix'] . 'listingsdb WHERE (userdb_ID = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // delete all the elements associated with a user $sql = 'DELETE FROM ' . $config['table_prefix'] . 'listingsdbelements WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // delete all the favorites associated with a user $sql = 'DELETE FROM ' . $config['table_prefix'] . 'userfavoritelistings WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // delete all the saved searches associated with a user $sql = 'DELETE FROM ' . $config['table_prefix'] . 'usersavedsearches WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // now get all the images associated with a user's listings $sql = 'SELECT listingsimages_file_name, listingsimages_thumb_file_name FROM ' . $config['table_prefix'] . 'listingsimages WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // so, you've got 'em... it's time to unlink those bad boys... while (!$recordSet->EOF) { $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_file_name']); // get rid of those darned things... if (!unlink($config['listings_upload_path'] . '/' . $file_name)) { $errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['listings_upload_path'] . '/' . $file_name . '<br />'; } if ($file_name != $thumb_file_name) { if (!unlink($config['listings_upload_path'] . '/' . $thumb_file_name)) { $errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['listings_upload_path'] . '/' . $thumb_file_name . '<br />'; } } $recordSet->MoveNext(); } // delete all the saved images associated with a user from listingimages $sql = 'DELETE FROM ' . $config['table_prefix'] . 'listingsimages WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // it's time to do the same for all the images associated with the user himself $sql = 'SELECT userimages_file_name, userimages_thumb_file_name FROM ' . $config['table_prefix'] . 'userimages WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['userimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet->fields['userimages_file_name']); // get rid of those darned things... if (!unlink($config['user_upload_path'] . '/' . $file_name)) { $errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['user_upload_path'] . '/' . $file_name . '<br />'; } if ($file_name != $thumb_file_name) { if (!unlink($config['user_upload_path'] . '/' . $thumb_file_name)) { $errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config['user_upload_path'] . '/' . $thumb_file_name . '<br />'; } } $recordSet->MoveNext(); } // delete all the saved images associated with a user from userImages $sql = 'DELETE FROM ' . $config['table_prefix'] . 'userimages WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $sql = 'SELECT vtourimages_file_name FROM ' . $config['table_prefix'] . 'vtourimages WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $vtour_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']); // get rid of those darned things... if (!unlink($config["vtour_upload_path"] . '/' . $vtour_file_name)) { $errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config["vtour_upload_path"] . '/' . $vtour_file_name . '<br />'; } $recordSet->MoveNext(); } // delete all the saved images associated with a user from userImages $sql = 'DELETE FROM ' . $config['table_prefix'] . 'vtourimages WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } if ($errors != '') { return $errors; } // delete all the saved vtour images associated with a user from vtourimages $sql = 'SELECT vtourimages_file_name FROM ' . $config['table_prefix'] . 'vtourimages WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $vtour_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']); // get rid of those darned things... if (!unlink($config["vtour_upload_path"] . '/' . $vtour_file_name)) { $errors .= $lang['user_manager_failed_to_delete'] . ' ' . $config["vtour_upload_path"] . '/' . $vtour_file_name . '<br />'; } $recordSet->MoveNext(); } // delete all the saved images associated with a user from vtourimages $sql = 'DELETE FROM ' . $config['table_prefix'] . 'vtourimages WHERE (userdb_id = ' . $sql_delete . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } if ($errors != '') { return $errors; } $misc->log_action($lang['log_deleted_user'] . ': ' . $user_id); return true; }
function edit_vtour_images() { global $lang, $conn, $config; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $display = ''; if (isset($_GET['edit']) && $_GET['edit'] != '') { $_POST['edit'] = $_GET['edit']; } $edit = intval($_POST['edit']); $sql_edit = intval($_POST['edit']); if (!isset($_POST['action'])) { $_POST['action'] = ''; } // does this person have access to these listings? if ($_SESSION['edit_all_listings'] != "yes" && $_SESSION['admin_privs'] != "yes") { $sql = "SELECT userdb_id FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$sql_edit})"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $owner = $recordSet->fields['userdb_id']; $recordSet->MoveNext(); } if ($_SESSION['userID'] != $owner) { die($lang['priv_failure']); } } // end priv check if ($_POST['action'] == "update_pic") { $count = 0; $num_fields = count($_POST['pic']); $sql_edit = $misc->make_db_safe($_POST['edit']); while ($count < $num_fields) { $sql_caption = $misc->make_db_safe($_POST['caption'][$count]); $sql_description = $misc->make_db_safe($_POST['description'][$count]); $sql_rank = $misc->make_db_safe($_POST['rank'][$count]); $sql_pic = $misc->make_db_safe($_POST['pic'][$count]); if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") { $sql = "UPDATE " . $config['table_prefix'] . "vtourimages SET vtourimages_caption = {$sql_caption}, vtourimages_description = {$sql_description}, vtourimages_rank = {$sql_rank} WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = {$sql_pic}))"; } else { $sql = "UPDATE " . $config['table_prefix'] . "vtourimages SET vtourimages_caption = {$sql_caption}, vtourimages_description = {$sql_description}, vtourimages_rank = {$sql_rank} WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = {$sql_pic}) AND (userdb_id = {$_SESSION['userID']}))"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $count++; } $display .= '<p>' . $lang['images_update'] . '</p>'; $misc->log_action($lang['log_updated_listing_image'] . $edit); } if (isset($_GET['delete'])) { // get the data for the pic being deleted $sql_pic_id = $misc->make_db_safe($_GET['delete']); $sql_edit = $misc->make_db_safe($_GET['edit']); if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") { $sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_id = {$sql_pic_id}))"; } else { $sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_id = {$sql_pic_id}) AND (userdb_id = {$_SESSION['userID']}))"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']); $recordSet->MoveNext(); } // end while // delete from the db if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") { $sql = "DELETE FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = '{$file_name}'))"; } else { $sql = "DELETE FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (vtourimages_file_name = '{$file_name}') AND (userdb_id = '{$_SESSION['userID']}'))"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // delete the files themselves // on widows, required php 4.11 or better (I think) if (!unlink("{$config['vtour_upload_path']}/{$file_name}")) { die("{$lang['alert_site_admin']}"); } if ($file_name != $thumb_file_name) { if (!unlink("{$config['vtour_upload_path']}/{$thumb_file_name}")) { die("{$lang['alert_site_admin']}"); } } $misc->log_action("{$lang['log_deleted_listing_image']} {$file_name}"); $display .= "<p>{$lang['image']} '{$file_name}' {$lang['has_been_deleted']}</p>"; } if ($_POST['action'] == "upload") { if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") { // get the owner of the listing $sql = "SELECT userdb_id FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$sql_edit})"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $owner = $recordSet->fields['userdb_id']; $recordSet->MoveNext(); } $display .= $this->handleUpload("vtour", $edit, $owner); } else { $display .= $this->handleUpload("vtour", $edit, $_SESSION['userID']); } } // end if $action == "upload" if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") { $sql = "SELECT vtourimages_id, vtourimages_caption, vtourimages_file_name, vtourimages_thumb_file_name, vtourimages_description, vtourimages_rank FROM " . $config['table_prefix'] . "vtourimages WHERE (listingsdb_id = {$sql_edit}) ORDER BY vtourimages_rank"; } else { $sql = "SELECT vtourimages_id, vtourimages_caption, vtourimages_file_name, vtourimages_thumb_file_name, vtourimages_description, vtourimages_rank FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_edit}) AND (userdb_id = '{$_SESSION['userID']}')) ORDER BY vtourimages_rank"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $display .= '<table class="image_upload">'; $ext = ''; $num_images = $recordSet->RecordCount(); $file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']); $ext = substr(strrchr($file_name, '.'), 1); $avaliable_images = $config["max_vtour_uploads"] - $num_images; $x = 0; if ($num_images < $config['max_vtour_uploads'] && $ext != 'egg') { $display .= '<table border="0" cellspacing="0" cellpadding="0">'; $display .= '<tr>'; $display .= '<td colspan="2">'; $display .= '<h3>' . $lang['upload_a_picture'] . '</h3>'; $display .= '</td>'; $display .= '</tr>'; $display .= '<tr>'; $display .= '<td width="150"> </td>'; $display .= '<td>'; $display .= '<form enctype="multipart/form-data" action="index.php?action=edit_vtour_images" method="post">'; $display .= '<input type="hidden" name="action" value="upload" />'; $display .= '<input type="hidden" name="edit" value="' . $edit . '" />'; $display .= '<input type="hidden" name="MAX_FILE_SIZE" value="' . $config['max_vtour_upload_size'] . '" />'; while ($x < $avaliable_images) { $display .= '<b>' . $lang['upload_send_this_file'] . ': </b><input name="userfile[]" type="file" /><br />'; $x++; } $display .= '<input type="submit" value="' . $lang['upload_send_file'] . '" />'; $display .= '</form>'; $display .= '</td>'; $display .= '</tr>'; $display .= '</table>'; } // end if $num_images <= $config[max_user_uploads] $display .= '<table class="image_upload">'; $display .= '<tr>'; $display .= '<td colspan="2">'; $display .= '<h3>' . $lang['edit_images'] . ' -- '; if ($_SESSION['edit_all_listings'] == "yes" || $_SESSION['admin_privs'] == "yes") { $display .= "<a href=\"index.php?action=edit_listings&edit={$edit}\">"; } else { $display .= "<a href=\"index.php?action=edit_my_listings&edit={$edit}\">"; } $display .= $lang['return_to_editing_listing']; $display .= '</a></h3></td></tr>'; $display .= '</table>'; $count = 0; $display .= '<form action="index.php?action=edit_vtour_images" method="post">'; $display .= '<table class="image_upload">'; while (!$recordSet->EOF) { // $edit = $misc->make_db_safe($_POST['edit']); $pic_id = $recordSet->fields['vtourimages_id']; $rank = $recordSet->fields['vtourimages_rank']; $caption = $misc->make_db_unsafe($recordSet->fields['vtourimages_caption']); $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']); $description = $misc->make_db_unsafe($recordSet->fields['vtourimages_description']); $file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']); $ext = substr(strrchr($file_name, '.'), 1); if ($ext == 'jpg') { // gotta grab the image size $imagedata = GetImageSize("{$config['vtour_upload_path']}/{$file_name}"); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $shrinkage = $config['thumbnail_width'] / $imagewidth; $displaywidth = $imagewidth * $shrinkage; $displayheight = $imageheight * $shrinkage; $filesize = filesize("{$config['vtour_upload_path']}/{$file_name}"); $filesize = $filesize / 1000; // to get k // now grab the thumbnail data $thumb_imagedata = GetImageSize("{$config['vtour_upload_path']}/{$thumb_file_name}"); $thumb_imagewidth = $thumb_imagedata[0]; $thumb_imageheight = $thumb_imagedata[1]; $thumb_filesize = filesize("{$config['vtour_upload_path']}/{$thumb_file_name}"); $thumb_filesize = $thumb_filesize / 1000; // alternate the colors if ($count == 0) { $count = 1; } else { $count = 0; } $display .= '<tr class="image_row_' . $count . '"><td valign="top" class="image_row_' . $count . '" width="150"><b>' . $file_name . '</b><br />' . $lang['width'] . '=' . $imagewidth . '<br />' . $lang['height'] . '=' . $imageheight . '<br />' . $lang['size'] . '=' . $filesize . ' k<br />'; $display .= '<br />' . $lang['thumbnail'] . ':<br />'; $display .= '<img src="' . $config['vtour_view_images_path'] . '/' . $thumb_file_name . '" width="' . $displaywidth . '" border="1" alt="" />'; $display .= '<br />' . $lang['width'] . '=' . $thumb_imagewidth . '<br />' . $lang['height'] . '=' . $thumb_imageheight . '<br />' . $lang['size'] . '=' . $thumb_filesize . ' k<br />'; $display .= '<br /><a href="index.php?action=edit_vtour_images&delete=' . $pic_id . '&edit=' . $edit . '" onclick="return confirmDelete()">' . $lang['delete'] . '</a>'; $display .= '</td><td align="center" class="image_row_' . $count . '"><img src="' . $config['vtour_view_images_path'] . '/' . $file_name . '" border="1" width="600" alt="" />'; $display .= '</tr><tr><td align="center" class="image_row_' . $count . '" colspan="2">'; $display .= '<input type="hidden" name="pic[]" value="' . $file_name . '" />'; $display .= '<table border="0">'; $display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['admin_template_editor_field_rank'] . ':</b></td><td align="left"><input type="text" name="rank[]" value="' . $rank . '" /><div class="small">' . $lang['upload_rank_explanation'] . '</div></td></tr>'; $display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['upload_caption'] . ':</b></td><td align="left"><input type="text" name="caption[]" value="' . $caption . '" /></td></tr>'; $display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['upload_description'] . ':</b><td align="left"><textarea name="description[]" rows="6" cols="40">' . $description . '</textarea></td></tr>'; $display .= '</table>'; $display .= '</td></tr><tr><td colspan="2"><hr /></td></tr>'; $recordSet->MoveNext(); } elseif ($ext == 'egg') { // alternate the colors if ($count == 0) { $count = 1; } else { $count = 0; } $display .= '<tr class="image_row_' . $count . '"><td valign="top" align="center" class="image_row_' . $count . '"><b>' . $file_name . '</b><br />'; $display .= '<img src="' . $config[baseurl] . '/images/eggimage.gif" border="1" />'; $display .= '<br /><a href="index.php?action=edit_vtour_images&delete=' . $pic_id . '&edit=' . $edit . '" onclick="return confirmDelete()">' . $lang['delete'] . '</a>'; $display .= '</tr>'; $recordSet->MoveNext(); } else { // alternate the colors if ($count == 0) { $count = 1; } else { $count = 0; } $display .= '<tr class="image_row_' . $count . '"><td valign="top" class="image_row_' . $count . '" width="150"><b>' . $lang[unsupported_vtour] . '<br />' . $file_name . '</b><br />' . $lang[size] . '=' . $filesize . 'k<br />'; $display .= '<br /><a href="index.php?action=edit_vtour_images&delete=' . $pic_id . '&edit=' . $edit . '" onclick="return confirmDelete()">' . $lang['delete'] . '</a>'; $display .= '</tr><tr><td align="center" class="image_row_' . $count . '">'; $display .= '<input type="hidden" name="pic[]" value="' . $file_name . '" />'; $display .= '<table border="0">'; $display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['admin_template_editor_field_rank'] . ':</b></td><td align="left"><input type="text" name="rank[]" value="' . $rank . '" /><div class="small">' . $lang['upload_rank_explanation'] . '</div></td></tr>'; $display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['upload_caption'] . ':</b></td><td align="left"><input type="text" name="caption[]" value="' . $caption . '" /></td></tr>'; $display .= '<tr><td align="right" class="image_row_' . $count . '"><b>' . $lang['upload_description'] . ':</b><td align="left"><textarea name="description[]" rows="6" cols="40">' . $description . '</textarea></td></tr>'; $display .= '</table>'; $display .= '</td></tr><tr><td><hr /></td></tr>'; $recordSet->MoveNext(); } // end else it's not a supported vtour } // end while $display .= '<tr><td align="center" class="image_row_' . $count . '" colspan="2"><input type="submit" value="' . $lang['update'] . '" />'; $display .= '</table>'; $display .= '<input type="hidden" name="edit" value="' . $edit . '" />'; $display .= '<input type="hidden" name="action" value="update_pic" />'; $display .= '</form>'; return $display; }
/** * delete_listing() * * @param $id * @param boolean $verify_user * @return */ function delete_listing($id, $verify_user = true) { global $conn, $lang, $config; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $display = ''; if (!is_numeric($id)) { die($lang['data type mismatch']); } $sql_delete = $misc->make_db_safe($id); // delete a listing $configured_langs = explode(',', $config['configured_langs']); foreach ($configured_langs as $configured_lang) { if ($verify_user === true) { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsdb WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))"; } else { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsdb WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // delete all the elements associated with a listing if ($verify_user === true) { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsdbelements WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))"; } else { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsdbelements WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } // now get all the images associated with an listing if ($verify_user === true) { $sql = "SELECT listingsimages_file_name, listingsimages_thumb_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))"; } else { $sql = "SELECT listingsimages_file_name, listingsimages_thumb_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // so, you've got 'em... it's time to unlink those bad boys... while (!$recordSet->EOF) { $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_file_name']); // get rid of those darned things... @unlink("{$config['listings_upload_path']}/{$file_name}"); if ($file_name != $thumb_file_name) { @unlink("{$config['listings_upload_path']}/{$thumb_file_name}"); } $recordSet->MoveNext(); } // now get all the vtours associated with an listing if ($verify_user === true) { $sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))"; } else { $sql = "SELECT vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // so, you've got 'em... it's time to unlink those bad boys... while (!$recordSet->EOF) { $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']); // get rid of those darned things... @unlink("{$config['vtour_upload_path']}/{$file_name}"); if ($file_name != $thumb_file_name) { @unlink("{$config['vtour_upload_path']}/{$thumb_file_name}"); } $recordSet->MoveNext(); } // for the grand finale, we're going to remove the db records of 'em as well... foreach ($configured_langs as $configured_lang) { if ($verify_user === true) { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsimages WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}"; } else { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsimages WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } if ($verify_user === true) { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_vtourimages WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}"; } else { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_vtourimages WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } // now get all the files associated with an listing $uploadpath = $config['listings_file_upload_path'] . '/' . $id; if ($verify_user === true) { $sql = "SELECT listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE ((listingsdb_id = {$sql_delete}) AND (userdb_id = {$_SESSION['userID']}))"; } else { $sql = "SELECT listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // so, you've got 'em... it's time to unlink those bad boys... while (!$recordSet->EOF) { $file_name = $misc->make_db_unsafe($recordSet->fields['listingsfiles_file_name']); // delete the files themselves @unlink("{$uploadpath}/{$file_name}"); $empty = count(glob("{$uploadpath}/*")) === 0 ? 'true' : 'false'; if ($empty == 'true') { rmdir($uploadpath); } $recordSet->MoveNext(); } // for the grand finale, we're going to remove the db records of 'em as well... foreach ($configured_langs as $configured_lang) { if ($verify_user === true) { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsimages WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}"; } else { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsimages WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } if ($verify_user === true) { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_vtourimages WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}"; } else { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_vtourimages WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } if ($verify_user === true) { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsfiles WHERE listingsdb_id = {$sql_delete} AND userdb_id = {$_SESSION['userID']}"; } else { $sql = "DELETE FROM " . $config['table_prefix_no_lang'] . $configured_lang . "_listingsfiles WHERE listingsdb_id = {$sql_delete}"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } //Remove the listing from the listingsclass table. $sql = " DELETE FROM " . $config['table_prefix_no_lang'] . "classlistingsdb WHERE listingsdb_id = {$sql_delete}"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // Delete from favorites $sql = "DELETE FROM " . $config['table_prefix'] . "userfavoritelistings WHERE listingsdb_id = {$sql_delete}"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // ta da! we're done... $display .= '<p>' . $lang['admin_listings_editor_listing_number'] . ' ' . $id . ' ' . $lang['has_been_deleted'] . '</p>'; $misc->log_action($lang['log_deleted_listing'] . ' ' . $id); return $display; }
function uploadfile($type, $edit, $owner) { // deals with incoming uploads global $config, $conn, $lang; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $display = ''; $file_x = 0; if ($type == 'users') { $sql = "SELECT count(" . $type . "files_id) as num_files FROM " . $config['table_prefix'] . "" . $type . "files WHERE (userdb_id = {$owner})"; } else { $sql = "SELECT count(" . $type . "files_id) as num_files FROM " . $config['table_prefix'] . "" . $type . "files WHERE (listingsdb_id = {$edit})"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $num_files = $recordSet->fields['num_files']; $avaliable_files = $config['max_' . $type . '_file_uploads'] - $num_files; while ($file_x < $avaliable_files) { if (is_uploaded_file($_FILES['userfile']['tmp_name'][$file_x])) { $realname = $misc->clean_filename($_FILES['userfile']['name'][$file_x]); $filename = $_FILES['userfile']['tmp_name'][$file_x]; $extension = substr(strrchr($realname, "."), 1); $pass_the_upload = "true"; // check file extensions if (!in_array($extension, explode(',', $config['allowed_file_upload_extensions']))) { $pass_the_upload = "{$lang['upload_invalid_extension']}: {$extension}"; } // check size $filesize = $_FILES['userfile']['size'][$file_x]; if ($config['max_' . $type . '_file_upload_size'] != 0 && $filesize > $config['max_' . $type . '_file_upload_size']) { $pass_the_upload = $lang['upload_too_large'] . '<br />' . $lang['failed_max_filesize'] . ' ' . $config['max_' . $type . '_file_upload_size'] . '' . $lang['bytes']; } // security error if (strstr($_FILES['userfile']['name'][$file_x], "..") != "") { $pass_the_upload = "{$lang['upload_security_violation']}!"; } // make sure the file hasn't already been uploaded... if ($type == "listings") { $save_name = $realname; $sql = "SELECT listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE listingsfiles_file_name = '{$save_name}' AND listingsdb_id = {$_POST['edit']}"; } elseif ($type == "users") { $save_name = $realname; $sql = "SELECT usersfiles_file_name FROM " . $config['table_prefix'] . "usersfiles WHERE usersfiles_file_name = '{$save_name}'"; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $num = $recordSet->RecordCount(); if ($num > 0) { $pass_the_upload = "{$lang['file_exists']}!"; } // IF the upload has passed all the tests do: if ($pass_the_upload == "true") { if ($type == "listings") { $uploadpath = $config[listings_file_upload_path] . '/' . $edit; if (!file_exists($uploadpath)) { mkdir($uploadpath, 0777); } move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$uploadpath}/{$save_name}"); // Get Max Image Rank $sql = "SELECT MAX(listingsfiles_rank) AS max_rank FROM " . $config['table_prefix'] . "listingsfiles WHERE (listingsdb_id = '{$edit}')"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $rank = $recordSet->fields['max_rank']; $rank++; $sql = "INSERT INTO " . $config['table_prefix'] . "listingsfiles (listingsdb_id, userdb_id, listingsfiles_file_name, listingsfiles_rank, listingsfiles_caption, listingsfiles_description, listingsfiles_active) VALUES ('{$edit}', '{$owner}', '{$save_name}', {$rank},'','','yes')"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $misc->log_action("{$lang['log_uploaded_listing_file']} {$save_name}"); @chmod("{$uploadpath}/{$save_name}", 0777); } // end if $type == "listings" // IF the type of upload is a user file do: if ($type == "users") { $uploadpath = $config[users_file_upload_path] . '/' . $owner; if (!file_exists($uploadpath)) { mkdir($uploadpath, 0777); } move_uploaded_file($_FILES['userfile']['tmp_name'][$file_x], "{$uploadpath}/{$save_name}"); // Get Max Image Rank $sql = "SELECT MAX(usersfiles_rank) AS max_rank FROM " . $config['table_prefix'] . "usersfiles WHERE (userdb_id = '{$owner}')"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $rank = $recordSet->fields['max_rank']; $rank++; $sql = "INSERT INTO " . $config['table_prefix'] . "usersfiles (userdb_id, usersfiles_file_name,usersfiles_rank,usersfiles_caption,usersfiles_description,usersfiles_active) VALUES ('{$owner}', '{$save_name}', {$rank},'','','yes')"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $misc->log_action("{$lang['log_uploaded_user_image']} {$save_name}"); @chmod("{$config['user_upload_path']}/{$save_name}", 0777); } // end if $type == "user" $display .= "<p>{$realname} {$lang['upload_success']}.</p>"; // end if $pass_the_upload == "true" } else { // else the upload has failed... lets tell them why... the suspense is killing me... $display .= "<p><strong>{$lang['upload_failed']}</strong> {$pass_the_upload}</p>"; } } else { // print_r($_FILES); if ($_FILES['userfile']['error'][$file_x] != 4) { $display .= "{$lang['upload_too_large']}: " . $_FILES['userfile']['name'][$file_x] . ".<br />"; } } $file_x++; } return $display; }