$query = "SELECT * FROM " . $DBPrefix . "users WHERE item_watch != '' AND item_watch != NULL AND id != " . $bidder_id;
$result = mysql_query($query);
$system->check_mysql($result, $query, __LINE__, __FILE__);
$num_users = mysql_num_rows($result);
$i = 0;
while ($i < $num_users) {
$items = mysql_result($result, $i, 'item_watch');
$email = mysql_result($result, $i, 'email');
$username = mysql_result($result, $i, 'name');
// If keyword matches with opened auction title or/and desc send user a mail
if (strstr($items, $id) !== false) {
// Get data about the auction
$query = "SELECT * FROM " . $DBPrefix . "auctions WHERE id = " . intval($id);
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$emailer = new email_class();
$emailer->assign_vars(array('REALNAME' => $username, 'TITLE' => mysql_result($res, 0, 'title'), 'BID' => $system->print_money(mysql_result($res, 0, 'current_bid')), 'AUCTION_URL' => $system->SETTINGS['siteurl'] . 'item.php?id=' . $id));
$emailer->email_sender($email, 'mail_item_watch.inc.php', $system->SETTINGS['sitename'] . ' - ' . $MSG['472']);
}
$i++;
}
// End of Item watch
if ($send_email) {
$month = gmdate('m', $c + $system->tdiff);
$ends_string = $MSG['MON_0' . $month] . ' ' . gmdate('d, Y H:i', $c + $system->tdiff);
$new_bid = $system->print_money($next_bid);
// -- Send e-mail message
include $include_path . 'no_longer_winner.inc.php';
}
print 2;
}
$emailsent = 1;
// --Get item data
$query = "SELECT title, category FROM " . $DBPrefix . "auctions WHERE id = " . $id;
$result = mysql_query($query);
$system->check_mysql($result, $query, __LINE__, __FILE__);
if (mysql_num_rows($result) > 0) {
$TPL_item_title = mysql_result($result, 0, 'title');
}
if (isset($_POST['action']) && $_POST['action'] == 'sendmail') {
// --Check errors
if (empty($_POST['sender_name']) || empty($_POST['sender_email']) || empty($_POST['friend_name']) || empty($_POST['friend_email'])) {
$TPL_error_text = $ERR_031;
}
if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+([\\.][a-z0-9-]+)+\$", $_POST['sender_email']) || !eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+([\\.][a-z0-9-]+)+\$", $_POST['friend_email'])) {
$TPL_error_text = $ERR_008;
}
if (!empty($TPL_error_text)) {
$emailsent = 1;
} else {
$emailsent = 0;
include $include_path . 'friend_confirmation.inc.php';
$emailer = new email_class();
$emailer->assign_vars(array('S_NAME' => $_POST['sender_name'], 'S_EMAIL' => $_POST['sender_email'], 'S_COMMENT' => $_POST['sender_comment'], 'F_NAME' => $_POST['friend_name'], 'TITLE' => $TPL_item_title, 'URL' => $system->SETTINGS['siteurl'] . 'item.php?id=' . $id, 'SITENAME' => $system->SETTINGS['sitename'], 'SITEURL' => $system->SETTINGS['siteurl'], 'ADMINEMAIL' => $system->SETTINGS['adminmail']));
$emailer->email_sender($_POST['friend_email'], 'mail_friendmail.inc.php', $MSG['905']);
}
}
$template->assign_vars(array('ERROR' => $TPL_error_text, 'ID' => intval($_REQUEST['id']), 'TITLE' => $TPL_item_title, 'FRIEND_NAME' => isset($_POST['friend_name']) ? $_POST['friend_name'] : '', 'FRIEND_EMAIL' => isset($_POST['friend_email']) ? $_POST['friend_email'] : '', 'YOUR_NAME' => isset($_SESSION['WEBID_LOGGED_NAME']) ? $_SESSION['WEBID_LOGGED_NAME'] : '', 'YOUR_EMAIL' => isset($_SESSION['WEBID_LOGGED_EMAIL']) ? $_SESSION['WEBID_LOGGED_EMAIL'] : '', 'COMMENT' => isset($_POST['sender_comment']) ? $_POST['sender_comment'] : '', 'EMAILSENT' => $emailsent));
include "header.php";
$template->set_filenames(array('body' => 'friend.html'));
$template->display('body');
include "footer.php";
<?php
/***************************************************************************
* copyright : (C) 2008 WeBid
* site : http://www.webidsupport.com/
***************************************************************************/
/***************************************************************************
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. Although none of the code may be
* sold. If you have been sold this script, get a refund.
***************************************************************************/
if (!defined('InWeBid')) {
exit;
}
$emailer = new email_class();
$emailer->assign_vars(array('C_ID' => addslashes($TPL_id_hidden), 'C_NAME' => addslashes($TPL_name_hidden), 'C_NICK' => addslashes($TPL_nick_hidden), 'C_ADDRESS' => addslashes($_POST['TPL_address']), 'C_CITY' => addslashes($_POST['TPL_city']), 'C_PROV' => addslashes($_POST['TPL_prov']), 'C_ZIP' => addslashes($_POST['TPL_zip']), 'C_COUNTRY' => addslashes($_POST['TPL_country']), 'C_PHONE' => addslashes($_POST['TPL_phone']), 'C_EMAIL' => addslashes($_POST['TPL_email']), 'C_PASSWORD' => addslashes($TPL_password_hidden), 'SITENAME' => $system->SETTINGS['sitename'], 'SITEURL' => $system->SETTINGS['siteurl'], 'ADMINEMAIL' => $system->SETTINGS['adminmail'], 'CONFIRMATION_PAGE' => $system->SETTINGS['siteurl'] . 'confirm.php?id=' . $TPL_id_hidden . '&hash=' . md5($TPL_nick_hidden), 'LOGO' => $system->SETTINGS['siteurl'] . 'themes/' . $system->SETTINGS['theme'] . '/' . $system->SETTINGS['logo']));
$emailer->email_sender(array($TPL_email_hidden, $system->SETTINGS['adminmail']), 'mail_user_needapproval.inc.php', $system->SETTINGS['sitename'] . ' ' . $MSG['098']);
* (at your option) any later version. Although none of the code may be
* sold. If you have been sold this script, get a refund.
***************************************************************************/
// Connect to sql server & inizialize configuration variables
include 'includes/config.inc.php';
// If user is not logged in redirect to login page
if (!isset($_SESSION['WEBID_LOGGED_IN'])) {
header("Location: user_login.php");
exit;
}
$secid = intval($_SESSION['WEBID_LOGGED_IN']);
// Send buyer's request to the administrator
if (isset($_POST['requesttoadmin'])) {
$emailer = new email_class();
$emailer->assign_vars(array('NAME' => $_SESSION['WEBID_LOGGED_NAME'], 'NICK' => $_SESSION['WEBID_LOGGED_IN_USERNAME'], 'EMAIL' => $_SESSION['WEBID_LOGGED_EMAIL'], 'ID' => $_SESSION['WEBID_LOGGED_IN']));
$emailer->email_sender($system->SETTINGS['adminmail'], 'mail_buyer_request.inc.php', 'Account change request');
$request_sent = $MSG['25_0142'];
// Update user's status
$query = "UPDATE " . $DBPrefix . "users SET accounttype = 'buyertoseller' WHERE id = " . $secid;
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$_SESSION['WEBID_LOGGED_ACCOUNT'] = 'buyertoseller';
}
$cptab = isset($_GET['cptab']) ? $_GET['cptab'] : '';
switch ($cptab) {
default:
case "account":
$_SESSION['cptab'] = "account";
break;
case "selling":
$_SESSION['cptab'] = "selling";
break;
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)) {
if (isset($match)) {
unset($match);
}
$w_title = explode(" ", strtolower($_SESSION['SELL_title']));
$w_descr = explode(" ", strtolower(str_replace(array('<br>', "\n"), '', $_SESSION['SELL_description'])));
$w_nick = strtolower($_SESSION['WEBID_LOGGED_IN_USERNAME']);
$key = explode(" ", $row['auc_watch']);
if (is_array($key) && count($key) > 0) {
while (list($k, $v) = each($key)) {
$v = trim(strtolower($v));
if (in_array($v, $w_title) || in_array($v, $w_descr) || $v == $w_nick) {
$emailer = new email_class();
$emailer->assign_vars(array('URL' => $system->SETTINGS['siteurl'] . 'item.php?id=' . $_SESSION['SELL_auction_id'], 'SITENAME' => $system->SETTINGS['sitename'], 'TITLE' => $_SESSION['SELL_title'], 'REALNAME' => $row['name'], 'KWORD' => $row['auc_watch']));
$emailer->email_sender($row['email'], 'mail_auction_watchmail.inc.php', $system->SETTINGS['sitename'] . ' ' . $MSG['471']);
}
}
}
}
$query = "SELECT startemailmode, bn_only FROM " . $DBPrefix . "users WHERE id = " . intval($_SESSION['WEBID_LOGGED_IN']);
$result = mysql_query($query);
$system->check_mysql($result, $query, __LINE__, __FILE__);
$EMAILMODE = mysql_result($result, 0, 'startemailmode');
$ubn_only = mysql_result($result, 0, 'bn_only');
if ($EMAILMODE == 'yes') {
include $include_path . 'auction_confirmation.inc.php';
}
if ($system->SETTINGS['bn_only'] == 'y' && $system->SETTINGS['bn_only_disable'] == 'y' && $system->SETTINGS['bn_only_percent'] < 100) {
$query = "SELECT COUNT(*) FROM " . $DBPrefix . "auctions\r\n\t\t\t\t\t\t WHERE closed = 0 AND suspended = 0 AND user = " . intval($_SESSION['WEBID_LOGGED_IN']);
$result = mysql_query($query);
$cleaned_question = strip_tags($system->filter($_POST['sender_question']));
if ($system->SETTINGS['wordsfilter'] == 'y') {
$cleaned_question = $system->filter($cleaned_question);
}
if (isset($_POST['action']) || !empty($_POST['action'])) {
// --Check errors
if (isset($_POST['action']) && (!isset($_POST['sender_name']) || !isset($_POST['sender_email']) || empty($seller_nick) || empty($seller_email))) {
$TPL_error_text = $ERR_032;
}
if (empty($cleaned_question)) {
$TPL_error_text = $ERR_031;
}
if (isset($_POST['action']) && (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+([\\.][a-z0-9-]+)+\$", $_POST['sender_email']) || !eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+([\\.][a-z0-9-]+)+\$", $seller_email))) {
$TPL_error_text = $ERR_008;
}
if (empty($TPL_error_text)) {
$mes = $MSG['337'] . ': <i>' . $seller_nick . '</i><br><br>';
$emailer = new email_class();
$emailer->assign_vars(array('SENDER_NAME' => $_POST['sender_name'], 'SENDER_QUESTION' => $cleaned_question, 'SENDER_EMAIL' => $_POST['sender_email'], 'SITENAME' => $system->SETTINGS['sitename'], 'SITEURL' => $system->SETTINGS['siteurl'], 'AID' => $auction_id, 'TITLE' => $item_title, 'SELLER_NICK' => $seller_nick));
$item_title = $system->uncleanvars($item_title);
$subject = $MSG['335'] . ' ' . $system->SETTINGS['sitename'] . ' ' . $MSG['336'] . ' ' . $item_title;
$emailer->email_sender($seller_email, 'mail_send_email.inc.php', $subject);
$sql = "INSERT INTO " . $DBPrefix . "messages (`sentto`, `from`, `when`, `message`, `subject`) VALUES ('{$seller_id}', '{$userid}', '" . time() . "', '" . mysql_escape_string($cleaned_question) . "', '" . $system->cleanvars(sprintf($MSG['651'], $item_title)) . "')";
$system->check_mysql(mysql_query($sql), $sql, __LINE__, __FILE__);
}
}
$template->assign_vars(array('MESSAGE' => isset($mes) ? $mes : '', 'ERROR' => isset($TPL_error_text) ? $TPL_error_text : '', 'AUCT_ID' => $TPL_auction_id, 'SELLER_NICK' => $TPL_seller_nick_value, 'SELLER_EMAIL' => $TPL_seller_email_value, 'SELLER_QUESTION' => $TPL_sender_question, 'ITEM_TITLE' => $TPL_item_title, 'EMAIL' => isset($_SESSION['WEBID_LOGGED_EMAIL']) ? $_SESSION['WEBID_LOGGED_EMAIL'] : ''));
include "header.php";
$template->set_filenames(array('body' => 'send_email.html'));
$template->display('body');
include "footer.php";
<?php
/***************************************************************************
* copyright : (C) 2008 WeBid
* site : http://www.webidsupport.com/
***************************************************************************/
/***************************************************************************
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. Although none of the code may be
* sold. If you have been sold this script, get a refund.
***************************************************************************/
if (!defined('InWeBid')) {
exit;
}
// Check if the e-mail has to be sent or not
$query = "SELECT endemailmode FROM " . $DBPrefix . "users WHERE id = " . $Seller['id'];
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$emailmode = mysql_result($res, 0, 'endemailmode');
if ($emailmode == 'one') {
$emailer = new email_class();
$emailer->assign_vars(array('S_NAME' => $Seller['name'], 'S_NICK' => $Seller['nick'], 'S_EMAIL' => $Seller['email'], 'A_TITLE' => $Auction['title'], 'A_ID' => $Auction['id'], 'A_END' => $ends_string, 'A_URL' => $system->SETTINGS['siteurl'] . 'item.php?id=' . $Auction['id'], 'SITE_URL' => $system->SETTINGS['siteurl'], 'A_PICURL' => $_SESSION['SELL_pict_url'] != '' ? $system->SETTINGS['siteurl'] . $uploaded_path . $auction_id . '/' . $pict_url : $system->SETTINGS['siteurl'] . 'images/email_alerts/default_item_img.jpg', 'SITENAME' => $system->SETTINGS['sitename']));
$emailer->email_sender($Seller['email'], 'mail_endauction_nowinner.inc.php', $system->SETTINGS['sitename'] . ' ' . $MSG['112']);
}
if (isset($_POST['action']) && $_POST['action'] == "ok") {
if (isset($_POST['TPL_username'])) {
$username = $system->cleanvars($_POST['TPL_username']);
$query = "SELECT email, id, name FROM " . $DBPrefix . "users WHERE nick = '" . $username . "' OR email = '" . $username . "' LIMIT 1";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) > 0) {
// Generate a new random password and mail it to the user
$email = mysql_result($res, 0, 'email');
$id = mysql_result($res, 0, 'id');
$name = mysql_result($res, 0, 'name');
$newpass = substr(uniqid(md5(time())), 0, 6);
// send message
$emailer = new email_class();
$emailer->assign_vars(array('REALNAME' => $name, 'NEWPASS' => $newpass, 'SITENAME' => $system->SETTINGS['sitename']));
$emailer->email_sender($email, 'mail_newpasswd.inc.php', $MSG['024']);
// Update database
$query = "UPDATE " . $DBPrefix . "users SET password = '******' WHERE id = " . $id;
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
} else {
$TPL_err = 1;
$TPL_errmsg = $ERR_100;
}
} else {
$TPL_err = 1;
$TPL_errmsg = $ERR_112;
}
}
$template->assign_vars(array('L_ERROR' => isset($errmsg) ? '<p class="errfont">' . $TPL_errmsg . '</p>' : '', 'L_MSG' => $MGS_2__0039, 'L_UNAME' => $MGS_2__0040, 'USERNAME' => isset($username) ? $username : '', 'B_FIRST' => !isset($_POST['action']) || isset($_POST['action']) && isset($TPL_errmsg)));
include "header.php";
$template->set_filenames(array('body' => 'forgotpasswd.html'));
$ended_auction_id = $row['id'];
$title = $row['title'];
$resultUSERS = mysql_query("SELECT name, email, item_watch FROM " . $DBPrefix . "users");
while ($watchusers = mysql_fetch_array($resultUSERS)) {
$usname = $watchusers['name'];
$e_mail = $watchusers['email'];
$keyword = $watchusers['item_watch'];
$key = split(" ", $keyword);
for ($j = 0; $j < count($key); $j++) {
$match = strpos($key[$j], $ended_auction_id);
}
// If keyword matches with opened auction title or/and desc send user a mail
if ($match) {
$emailer = new email_class();
$emailer->assign_vars(array('URL' => $system->SETTINGS['siteurl'] . "item.php?mode=1&id=" . $ended_auction_id, 'TITLE' => $title, 'NAME' => $usname));
$emailer->email_sender($e_mail, 'mail_auctionend_watchmail.inc.php', $system->SETTINGS['sitename'] . ' - ' . $MSG['471']);
}
}
// ======================================================
// END OF ITEM WATCH CODE
// ======================================================
// ************************************
// update category tables
// *************************************
$cat_id = $row['category'];
$root_cat = $cat_id;
do {
// update counter for this category
$R_parent_id = $categories[$cat_id]['parent_id'];
$R_cat_id = $categories[$cat_id]['cat_id'];
$R_counter = intval($categories[$cat_id]['counter']);