function edit_user($user_id)
 {
     global $conn, $config, $lang;
     require_once $config['basepath'] . '/include/user.inc.php';
     require_once $config['basepath'] . '/include/misc.inc.php';
     $misc = new misc();
     require_once $config['basepath'] . '/include/listing_editor.inc.php';
     $listing = new listing_editor();
     $display = '';
     // Set Variable to hold errors
     // Verify ID is Numeric
     if (!is_numeric($user_id)) {
         return $lang['user_manager_invalid_user_id'];
     }
     // Admins can edit any user. Anyone can edit there own information.
     if (($_SESSION['admin_privs'] == 'yes' || $_SESSION['edit_all_users'] == 'yes') && $user_id != '') {
         $security = login::loginCheck('Admin', true);
         if ($security === true) {
             $sql_edit = intval($user_id);
             $raw_id = $user_id;
         } else {
             $user_type = user::get_user_type($user_id);
             if ($user_type === admin) {
                 // Agents cannot edit Admin account
                 return $lang['user_manager_permission_denied'];
             } else {
                 $sql_edit = intval($user_id);
                 $raw_id = $user_id;
             }
         }
     } elseif ($_SESSION['admin_privs'] == 'yes' && $user_id == '' || $_SESSION['userID'] == $user_id) {
         $sql_edit = intval($_SESSION['userID']);
         $raw_id = intval($_SESSION['userID']);
     } else {
         return $lang['user_manager_permission_denied'];
     }
     // $raw_id = $misc->make_db_unsafe($sql_edit);
     // Save any Changes that were posted
     if (isset($_POST['edit'])) {
         $display .= user_managment::update_user($raw_id);
         if (isset($_POST['edit_listing_active']) && $_POST['edit_listing_active'] != "") {
             $display .= $listing->update_active_status($raw_id, $_POST['edit_listing_active']);
         }
     }
     //Blog Permissions
     $blog_perm[1] = $lang['blog_perm_subscriber'];
     $blog_perm[2] = $lang['blog_perm_contributor'];
     $blog_perm[3] = $lang['blog_perm_author'];
     $blog_perm[4] = $lang['blog_perm_editor'];
     // Show Account Edit Form
     require_once $config['basepath'] . '/include/forms.inc.php';
     $forms = new forms();
     $display .= '<table width="600" border="0" align="center" cellpadding="0" cellspacing="0"><tr><td>';
     $display .= '<table class="edit_users">';
     $display .= '<tr><td colspan="2"><h3>' . $lang['user_manager_edit_user'] . '</h3></td></tr>';
     $display .= '<tr>';
     $display .= '<td valign="top" align="center">';
     $display .= '<strong>' . $lang['images'] . '</strong>';
     $display .= '<br />';
     $display .= '<hr width="75%" />';
     $display .= '<form action="' . $config['baseurl'] . '/admin/index.php?action=edit_user_images" method="post" name="edit_user_images"><input type="hidden" name="edit" value="' . $raw_id . '" /><a href="javascript:document.edit_user_images.submit()">' . $lang['edit_images'] . '</a></form>';
     // Show User Images
     $sql = 'SELECT userimages_caption, userimages_file_name, userimages_thumb_file_name FROM ' . $config['table_prefix'] . 'userimages WHERE userdb_id = ' . $sql_edit;
     $recordSet = $conn->Execute($sql);
     if ($recordSet === false) {
         $misc->log_error($sql);
     }
     while (!$recordSet->EOF) {
         $caption = $misc->make_db_unsafe($recordSet->fields['userimages_caption']);
         $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['userimages_thumb_file_name']);
         $file_name = $misc->make_db_unsafe($recordSet->fields['userimages_file_name']);
         // gotta grab the image size
         $imagedata = GetImageSize($config['user_upload_path'] . '/' . $thumb_file_name);
         $imagewidth = $imagedata[0];
         $imageheight = $imagedata[1];
         $shrinkage = $config['thumbnail_width'] / $imagewidth;
         $displaywidth = $imagewidth * $shrinkage;
         $displayheight = $imageheight * $shrinkage;
         $display .= '<a href="' . $config['user_view_images_path'] . '/' . $file_name . '" target="_thumb"> ';
         $display .= '<img src="' . $config['user_view_images_path'] . '/' . $thumb_file_name . '" height="' . $displayheight . '" width="' . $displaywidth . '" /></a><br /> ';
         $display .= '<strong>' . $caption . '</strong><br /><br />';
         $recordSet->MoveNext();
     }
     // end while
     $display .= '</td>';
     // Place the Files list and edit files link on the edit user profile page if they are allowed to have files.
     if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") {
         $display .= '<td valign="top" align="center" class="row_main">';
         $display .= '<b>' . $lang['files'] . '</b>';
         $display .= '<br />';
         $display .= '<hr width="75%" />';
         $display .= '<form action="index.php?action=edit_user_files" method="post" name="edit_user_files"><input type="hidden" name="edit" value="' . intval($_GET['edit']) . '" /><a href="javascript:document.edit_user_files.submit()">' . $lang['edit_files'] . '</a></form>';
         $display .= '<br />';
         $sql = "SELECT usersfiles_id, usersfiles_caption, usersfiles_file_name FROM " . $config['table_prefix'] . "usersfiles WHERE (userdb_id = {$sql_edit})";
         $recordSet = $conn->Execute($sql);
         if ($recordSet === false) {
             $misc->log_error($sql);
         }
         while (!$recordSet->EOF) {
             $caption = $misc->make_db_unsafe($recordSet->fields['usersfiles_caption']);
             $file_name = $misc->make_db_unsafe($recordSet->fields['usersfiles_file_name']);
             $file_id = $misc->make_db_unsafe($recordSet->fields['usersfiles_id']);
             $iconext = substr(strrchr($file_name, '.'), 1);
             $iconpath = $config["file_icons_path"] . '/' . $iconext . '.png';
             if (file_exists($iconpath)) {
                 $icon = $config["listings_view_file_icons_path"] . '/' . $iconext . '.png';
             } else {
                 $icon = $config["listings_view_file_icons_path"] . '/default.png';
             }
             //
             $file_download_url = 'index.php?action=create_download&amp;ID=' . $sql_edit . '&amp;file_id=' . $file_id . '&amp;type=user';
             $display .= '<a href="' . $config['baseurl'] . '/' . $file_download_url . '" target="_thumb">';
             $display .= '<img src="' . $icon . '" height="' . $config["file_icon_height"] . '" width="' . $config["file_icon_width"] . '" alt="' . $file_name . '" /><br />';
             $display .= '<strong>' . $file_name . '</strong></a><br />';
             $display .= '<strong>' . $caption . '</strong><br /><br />';
             $recordSet->MoveNext();
         }
         // end while
         $display .= '</td>';
     }
     $display .= '<td valign="top" class="row_main">';
     // first, grab the user's main info
     $sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_edit;
     $recordSet = $conn->Execute($sql);
     if ($recordSet === false) {
         $misc->log_error($sql);
     }
     while (!$recordSet->EOF) {
         // collect up the main DB's various fields
         $_POST['edit_user_name'] = $misc->make_db_unsafe($recordSet->fields['userdb_user_name']);
         $edit_emailAddress = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']);
         // $edit_comments = $misc->make_db_unsafe ($recordSet->fields['userdb_comments']);
         $edit_firstname = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
         $edit_lastname = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
         $edit_active = $recordSet->fields['userdb_active'];
         $edit_isAgent = $recordSet->fields['userdb_is_agent'];
         $edit_isAdmin = $recordSet->fields['userdb_is_admin'];
         $edit_limitListings = $recordSet->fields['userdb_limit_listings'];
         $edit_limitFeaturedListings = $recordSet->fields['userdb_featuredlistinglimit'];
         $edit_userRank = $recordSet->fields['userdb_rank'];
         $edit_canEditAllListings = $recordSet->fields['userdb_can_edit_all_listings'];
         $edit_canEditAllUsers = $recordSet->fields['userdb_can_edit_all_users'];
         $edit_canEditSiteConfig = $recordSet->fields['userdb_can_edit_site_config'];
         $edit_canEditMemberTemplate = $recordSet->fields['userdb_can_edit_member_template'];
         $edit_canEditAgentTemplate = $recordSet->fields['userdb_can_edit_agent_template'];
         $edit_canEditListingTemplate = $recordSet->fields['userdb_can_edit_listing_template'];
         $edit_canExportListings = $recordSet->fields['userdb_can_export_listings'];
         $edit_canEditListingExpiration = $recordSet->fields['userdb_can_edit_expiration'];
         $edit_canEditPropertyClasses = $recordSet->fields['userdb_can_edit_property_classes'];
         $edit_canModerate = $recordSet->fields['userdb_can_moderate'];
         $edit_canViewLogs = $recordSet->fields['userdb_can_view_logs'];
         $edit_canVtour = $recordSet->fields['userdb_can_have_vtours'];
         $edit_canFiles = $recordSet->fields['userdb_can_have_files'];
         $edit_canUserFiles = $recordSet->fields['userdb_can_have_user_files'];
         $edit_canFeatureListings = $recordSet->fields['userdb_can_feature_listings'];
         $edit_canPages = $recordSet->fields['userdb_can_edit_pages'];
         $edit_BlogPrivileges = $recordSet->fields['userdb_blog_user_type'];
         $last_modified = $recordSet->UserTimeStamp($recordSet->fields['userdb_last_modified'], $config["date_format_timestamp"]);
         $edit_canManageAddons = $recordSet->fields['userdb_can_manage_addons'];
         $recordSet->MoveNext();
     }
     // end while
     // now, display all that stuff
     $display .= '<form name="updateUser" action="index.php?action=user_manager&amp;edit=' . $raw_id . '" method="post">';
     $display .= '<input type="hidden" name="edit" value="' . $raw_id . '" />';
     $display .= '<table class="edit_users"><tr><td>';
     $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_name'] . ':</strong></td><td align="left" class="row_main">' . $_POST['edit_user_name'] . '</td></tr>';
     $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_first_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_first_name" value="' . $edit_firstname . '" /> ';
     $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_last_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_last_name" value="' . $edit_lastname . '" /> ';
     $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['last_modified'] . ':</strong></td><td align="left">' . $last_modified . '</td></tr>';
     if ($config["demo_mode"] != 1 || $_SESSION['admin_privs'] == 'yes') {
         $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="password" name="edit_user_pass" /></td></tr>';
         $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ' (' . $lang['again'] . ') <span class="required">*</span></strong> </td><td align="left" class="row_main"> <input type="password" name="edit_user_pass2" /></td></tr>';
     } else {
         $display .= '<input type="hidden" name="edit_user_pass" value="">';
         $display .= '<input type="hidden" name="edit_user_pass2" value="">';
     }
     $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_email'] . ': <span class="required">*</span></strong><br />' . $lang['email_not_displayed'] . '</td><td align="left" class="row_main"> <input type="text" name="user_email" value="' . $edit_emailAddress . '" /> ';
     if ($_SESSION['admin_privs'] == 'yes') {
         // if the user is an admin, they can set additional properties about a given user
         // is the user active?
         $display .= "<tr><td align=right><b>{$lang['user_manager_is_user_active']}: </b></td>";
         $display .= "<td align=left><select name=\"edit_active\" size=\"1\" ";
         if ($edit_isAgent == 'yes') {
             $display .= "onchange=\"listing_change_confirm(this.form.edit_active)\"";
         }
         $display .= "><option value=\"{$edit_active}\">{$edit_active}<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select><input type=\"hidden\" name=\"edit_listing_active\" value=\"\" /></td></tr>";
         // is the user an administrator?
         $display .= "<tr><td align=right><b>{$lang['user_manager_is_an_admin']}: </b></td>";
         $display .= "<td align=left>{$edit_isAdmin}</td></tr>";
         $display .= "<input type=\"hidden\" name=\"edit_isAdmin\" value=\"" . $edit_isAdmin . "\" />";
         // is the user an agent?
         $display .= "<tr><td align=right><b>{$lang['user_manager_is_an_agent']}: </b></td>";
         $display .= "<td align=left>{$edit_isAgent}</td></tr>";
         $display .= "<input type=\"hidden\" name=\"edit_isAgent\" value=\"" . $edit_isAgent . "\" />";
         if ($edit_isAgent == 'yes' || $edit_isAdmin == 'yes') {
             // limit # of listings?
             $display .= '<tr><td align=right><b>' . $lang['user_manager_limitListings'] . ': </b></td>';
             $display .= '<td align=left><input id="edit_limitListings" name="edit_limitListings" size="6" value="' . $edit_limitListings . '" /><i>(-1 = Unlimited)</i></td></tr>';
             // limit # of featured listings?
             $display .= '<tr><td align=right><b>' . $lang['user_manager_limitFeaturedListings'] . ': </b></td>';
             $display .= '<td align=left><input id="edit_limitFeaturedListings" name="edit_limitFeaturedListings" size="6" value="' . $edit_limitFeaturedListings . '" /><i>(-1 = Unlimited)</i></td></tr>';
             // user display order?
             $display .= '<tr><td align=right><b>' . $lang['user_manager_displayorder'] . ': </b></td>';
             $display .= '<td align=left><input id="edit_userRank" name="edit_userRank" size="6" value="' . $edit_userRank . '" /></td></tr>';
         }
         if ($edit_isAgent == 'yes') {
             // can they edit all listings?
             $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_all_listings'] . ': </b></td>';
             $display .= '<td align=left><select id="edit_canEditAllListings" name="edit_canEditAllListings" size="1"><option value="' . $edit_canEditAllListings . '">' . $edit_canEditAllListings . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
             // can they edit all users?
             $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_all_users'] . ': </b></td>';
             $display .= '<td align=left><select id="edit_canEditAllUsers" name="edit_canEditAllUsers" size="1"><option value="' . $edit_canEditAllUsers . '">' . $edit_canEditAllUsers . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
             // can they edit site config?
             $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_site_config'] . ': </b></td>';
             $display .= '<td align=left><select id="edit_canEditSiteConfig" name="edit_canEditSiteConfig" size="1"><option value="' . $edit_canEditSiteConfig . '">' . $edit_canEditSiteConfig . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
             // can they edit member templates?
             $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_member_template'] . ': </b></td>';
             $display .= '<td align=left><select id="edit_canEditMemberTemplate" name="edit_canEditMemberTemplate" size="1"><option value="' . $edit_canEditMemberTemplate . '">' . $edit_canEditMemberTemplate . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
             // can they edit agent templates?
             $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_agent_template'] . ': </b></td>';
             $display .= '<td align=left><select id="edit_canEditAgentTemplate" name="edit_canEditAgentTemplate" size="1"><option value="' . $edit_canEditAgentTemplate . '">' . $edit_canEditAgentTemplate . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
             // can they edit listing templages?
             $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_listing_template'] . ': </b></td>';
             $display .= '<td align=left><select id="edit_canEditListingTemplate" name="edit_canEditListingTemplate" size="1"><option value="' . $edit_canEditListingTemplate . '">' . $edit_canEditListingTemplate . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
             // can they edit property classes?
             $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_property_classes'] . ': </b></td>';
             $display .= '<td align=left><select id="edit_canEditPropertyClasses" name="edit_canEditPropertyClasses" size="1"><option value="' . $edit_canEditPropertyClasses . '">' . $edit_canEditPropertyClasses . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>';
             // can they view logs?
             $display .= "<tr><td align=right><b>{$lang['user_manager_can_view_logs']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_canViewLogs\" size=\"1\"><option value=\"{$edit_canViewLogs}\">{$edit_canViewLogs}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             // can they moderate incoming listings?
             $display .= "<tr><td align=right><b>{$lang['user_manager_is_a_moderator']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_canModerate\" size=\"1\"><option value=\"{$edit_canModerate}\">{$edit_canModerate}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             // can they feature listings?
             $display .= "<tr><td align=right><b>{$lang['user_manager_feature_listings']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_canFeatureListings\" size=\"1\"><option value=\"{$edit_canFeatureListings}\">{$edit_canFeatureListings}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             // can they edit pages?
             $display .= "<tr><td align=right><b>{$lang['user_manager_can_edit_pages']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_canPages\" size=\"1\"><option value=\"{$edit_canPages}\">{$edit_canPages}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             // can they have vtours?
             $display .= "<tr><td align=right><b>{$lang['user_manager_can_have_vtours']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_canVtour\" size=\"1\"><option value=\"{$edit_canVtour}\">{$edit_canVtour}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             // can they have listings files
             $display .= "<tr><td align=right><b>{$lang['user_manager_can_have_files']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_canFiles\" size=\"1\"><option value=\"{$edit_canFiles}\">{$edit_canFiles}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             // can they have user files
             $display .= "<tr><td align=right><b>{$lang['user_manager_can_have_user_files']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_canUserFiles\" size=\"1\"><option value=\"{$edit_canUserFiles}\">{$edit_canUserFiles}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             // can modify expiration?
             $display .= "<tr><td align=right><b>{$lang['user_editor_can_edit_listing_expiration']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_canEditListingExpiration\" size=\"1\"><option value=\"{$edit_canEditListingExpiration}\">{$edit_canEditListingExpiration}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             // Blog Permisisons
             $display .= "<tr><td align=right><b>{$lang['user_editor_blog_privileges']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_BlogPrivileges\" size=\"1\"><option value=\"{$edit_BlogPrivileges}\">{$blog_perm[$edit_BlogPrivileges]}</option><option value=\"\">-----</option>";
             foreach ($blog_perm as $perm_key => $perm_value) {
                 $display .= '<option value="' . $perm_key . '">' . $perm_value . '</option>';
             }
             $display .= "</select></td></tr>";
             // can access addon manager
             $display .= "<tr><td align=right><b>{$lang['user_editor_can_manage_addons']}: </b></td>";
             $display .= "<td align=left><select name=\"edit_canManageAddons\" size=\"1\"><option value=\"{$edit_canManageAddons}\">{$edit_canManageAddons}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             if ($config["export_listings"] == 1) {
                 // can export listings?
                 $display .= "<tr><td align=right><b>{$lang['user_editor_can_export_listings']}: </b></td>";
                 $display .= "<td align=left><select name=\"edit_canExportListings\" size=\"1\"><option value=\"{$edit_canExportListings}\">{$edit_canExportListings}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>";
             } else {
                 $display .= '<input type="hidden" name="edit_canExportListings" value="no" />';
             }
         }
     }
     // now grab miscellenous debris
     if ($edit_isAgent == "yes" || $edit_isAdmin == 'yes') {
         $db_to_use = 'agentformelements';
     } else {
         $db_to_use = 'memberformelements';
     }
     $sql = 'SELECT ' . $db_to_use . '_field_name, userdbelements_field_value, ' . $db_to_use . '_field_type, ' . $db_to_use . '_rank, ' . $db_to_use . '_field_caption, ' . $db_to_use . '_default_text, ' . $db_to_use . '_required, ' . $db_to_use . '_field_elements, ' . $db_to_use . '_tool_tip FROM ' . $config['table_prefix'] . $db_to_use . ' left join ' . $config['table_prefix'] . 'userdbelements on userdbelements_field_name = ' . $db_to_use . '_field_name and userdb_id = ' . $sql_edit . ' ORDER BY ' . $db_to_use . '_rank';
     $recordSet = $conn->Execute($sql);
     if ($recordSet === false) {
         $misc->log_error($sql);
     }
     while (!$recordSet->EOF) {
         $field_name = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_name']);
         $field_value = $misc->make_db_unsafe($recordSet->fields['userdbelements_field_value']);
         $field_type = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_type']);
         $field_caption = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_caption']);
         $default_text = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_default_text']);
         $field_elements = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_elements']);
         $required = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_required']);
         $tool_tip = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_tool_tip']);
         // pass the data to the function
         $display .= $forms->renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements, '', $tool_tip);
         $recordSet->MoveNext();
     }
     // end while
     $display .= '<tr><td colspan="2" align="center" class="row_main">' . $lang['required_form_text'] . '</td></tr>';
     $display .= '<tr><td colspan="2" align="center" class="row_main"><input type="submit" value="' . $lang['update_button'] . '" />';
     $security = login::loginCheck('edit_all_users', true);
     if ($security === true) {
         $display .= '&nbsp;&nbsp;&nbsp;<a href="index.php?action=user_manager&amp;delete=' . $user_id . '" onclick="return confirmDelete(\'' . $lang['delete_user'] . '\')">' . $lang['delete'] . '</a>';
     }
     $display .= '</td></tr></table></form>';
     $display .= '</td></tr></table>';
     $display .= '</td></tr></table>';
     return $display;
 }
 function edit_listings($only_my_listings = true)
 {
     global $conn, $lang, $config, $listingID;
     if ($only_my_listings == false) {
         $security = login::loginCheck('edit_all_listings', true);
     } else {
         $security = login::loginCheck('Agent', true);
     }
     $display = '';
     if ($security === true) {
         require_once $config['basepath'] . '/include/misc.inc.php';
         $misc = new misc();
         require_once $config['basepath'] . '/include/forms.inc.php';
         $forms = new forms();
         require_once $config['basepath'] . '/include/class/template/core.inc.php';
         $page = new page_user();
         // $display .= '<span class="section_header">'.$lang['listings_editor'].'<span><br /><br />';
         if (!isset($_GET['delete'])) {
             $_GET['delete'] = '';
         }
         if ($_GET['delete'] != '') {
             if ($_SESSION['admin_privs'] == 'yes' || $_SESSION['edit_all_listings'] == 'yes') {
                 listing_editor::delete_listing($_GET['delete'], false);
             } else {
                 listing_editor::delete_listing($_GET['delete'], true);
             }
         }
         if (!isset($_POST['action'])) {
             $_POST['action'] = '';
         }
         if ($_POST['action'] == "update_listing") {
             if ($_SESSION['admin_privs'] == 'yes' || $_SESSION['edit_all_listings'] == 'yes') {
                 $display .= listing_editor::update_listing(false);
             } else {
                 $display .= listing_editor::update_listing(true);
             }
         }
         // end if $action == "update listing"
         if (!isset($_GET['edit'])) {
             $_GET['edit'] = '';
         }
         if (isset($_POST['lookup_field']) && isset($_POST['lookup_value'])) {
             $_SESSION['edit_listing_qeb_lookup_field'] = $_POST['lookup_field'];
             $_SESSION['edit_listing_qeb_lookup_value'] = $_POST['lookup_value'];
         }
         if (isset($_SESSION['edit_listing_qeb_lookup_field']) && isset($_SESSION['edit_listing_qeb_lookup_value'])) {
             if ($_SESSION['edit_listing_qeb_lookup_field'] != 'listingsdb_id') {
                 $_POST['lookup_field'] = $_SESSION['edit_listing_qeb_lookup_field'];
                 $_POST['lookup_value'] = $_SESSION['edit_listing_qeb_lookup_value'];
             }
         }
         if (isset($_POST['filter'])) {
             $_SESSION['edit_listing_qeb_filter'] = $_POST['filter'];
         }
         if (isset($_SESSION['edit_listing_qeb_filter'])) {
             $_POST['filter'] = $_SESSION['edit_listing_qeb_filter'];
         }
         if (isset($_POST['agent_filter'])) {
             $_SESSION['edit_listing_qeb_agent_filter'] = $_POST['agent_filter'];
         }
         if (isset($_SESSION['edit_listing_qeb_agent_filter'])) {
             $_POST['agent_filter'] = $_SESSION['edit_listing_qeb_agent_filter'];
         }
         if (isset($_POST['pclass_filter'])) {
             $_SESSION['edit_listing_qeb_pclass_filter'] = $_POST['pclass_filter'];
         }
         if (isset($_SESSION['edit_listing_qeb_pclass_filter'])) {
             $_POST['pclass_filter'] = $_SESSION['edit_listing_qeb_pclass_filter'];
         }
         if (isset($_POST['lookup_field']) && isset($_POST['lookup_value']) && $_POST['lookup_field'] == 'listingsdb_id' && $_POST['lookup_value'] != '') {
             $_GET['edit'] = intval($_POST['lookup_value']);
         }
         if ($only_my_listings == TRUE) {
             unset($_POST['agent_filter']);
         }
         if ($_GET['edit'] != "") {
             $edit = intval($_GET['edit']);
             // first, grab the listings's main info
             if ($only_my_listings == true) {
                 $sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_notes, userdb_id, listingsdb_last_modified, listingsdb_featured, listingsdb_active, listingsdb_mlsexport, listingsdb_expiration FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$edit}) AND (userdb_id = '{$_SESSION['userID']}')";
             } else {
                 $sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_notes, userdb_id, listingsdb_last_modified, listingsdb_featured, listingsdb_active, listingsdb_mlsexport, listingsdb_expiration FROM " . $config['table_prefix'] . "listingsdb WHERE (listingsdb_id = {$edit})";
             }
             $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
             $recordSet = $conn->Execute($sql);
             if ($recordSet === false) {
                 $misc->log_error($sql);
             }
             if ($recordSet->RecordCount() > 0) {
                 // collect up the main DB's various fields
                 $listing_ID = $misc->make_db_unsafe($recordSet->fields['listingsdb_id']);
                 $edit_title = $misc->make_db_unsafe($recordSet->fields['listingsdb_title']);
                 $edit_notes = $misc->make_db_unsafe($recordSet->fields['listingsdb_notes']);
                 $edit_mlsexport = $misc->make_db_unsafe($recordSet->fields['listingsdb_mlsexport']);
                 $edit_or_owner = $recordSet->fields['userdb_id'];
                 $last_modified = $recordSet->UserTimeStamp($recordSet->fields['listingsdb_last_modified'], 'D M j G:i:s T Y');
                 $edit_featured = $recordSet->fields['listingsdb_featured'];
                 $edit_active = $recordSet->fields['listingsdb_active'];
                 $expiration = $recordSet->UserTimeStamp($recordSet->fields['listingsdb_expiration'], $config["date_format_timestamp"]);
                 // now, display all that stuff
                 $display .= '<table class="form_main">';
                 $display .= '<tr>';
                 $display .= '<td colspan="3" class="row_main">';
                 if ($only_my_listings == true) {
                     $display .= '<span class="section_header"><a href="index.php?action=edit_my_listings">' . $lang['listings_editor'] . '</a></span><br />';
                 } else {
                     $display .= '<span class="section_header"><a href="index.php?action=edit_listings">' . $lang['listings_editor'] . '</a></span><br />';
                 }
                 $display .= '<h3>' . $lang['admin_listings_editor_modify_listing'] . ' (<a href="' . $config['baseurl'] . '/index.php?action=listingview&amp;listingID=' . $listing_ID . '" target="_preview">' . $lang['preview'] . '</a>)</h3>';
                 $display .= '</td>';
                 $display .= '</tr>';
                 $display .= '<tr>';
                 $display .= '<td valign="top" align="center" class="row_main">';
                 $display .= '<b>' . $lang['images'] . '</b>';
                 $display .= '<br />';
                 $display .= '<hr width="75%" />';
                 $display .= '<form action="index.php?action=edit_listing_images" method="post" name="edit_listing_images"><input type="hidden" name="edit" value="' . $_GET['edit'] . '" /><a href="javascript:document.edit_listing_images.submit()">' . $lang['edit_images'] . '</a></form>';
                 $display .= '<br />';
                 $sql = "SELECT listingsimages_caption, listingsimages_file_name, listingsimages_thumb_file_name FROM " . $config['table_prefix'] . "listingsimages WHERE (listingsdb_id = {$edit}) ORDER BY listingsimages_rank";
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 while (!$recordSet->EOF) {
                     $caption = $misc->make_db_unsafe($recordSet->fields['listingsimages_caption']);
                     $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_thumb_file_name']);
                     $file_name = $misc->make_db_unsafe($recordSet->fields['listingsimages_file_name']);
                     // gotta grab the image size
                     $thumb_imagedata = GetImageSize("{$config['listings_upload_path']}/{$thumb_file_name}");
                     $thumb_imagewidth = $thumb_imagedata[0];
                     $thumb_imageheight = $thumb_imagedata[1];
                     $thumb_max_width = $config['thumbnail_width'];
                     $thumb_max_height = $config['thumbnail_height'];
                     $resize_by = $config['resize_thumb_by'];
                     $shrinkage = 1;
                     if ($thumb_max_width == $thumb_imagewidth || $thumb_max_height == $thumb_imageheight) {
                         $thumb_displaywidth = $thumb_imagewidth;
                         $thumb_displayheight = $thumb_imageheight;
                     } else {
                         if ($resize_by == 'width') {
                             $shrinkage = $thumb_imagewidth / $thumb_max_width;
                             $thumb_displaywidth = $thumb_max_width;
                             $thumb_displayheight = round($thumb_imageheight / $shrinkage);
                         } elseif ($resize_by == 'height') {
                             $shrinkage = $thumb_imageheight / $thumb_max_height;
                             $thumb_displayheight = $thumb_max_height;
                             $thumb_displaywidth = round($thumb_imagewidth / $shrinkage);
                         } elseif ($resize_by == 'both') {
                             $thumb_displayheight = $thumb_max_height;
                             $thumb_displaywidth = $thumb_max_width;
                         }
                     }
                     $display .= "<a href=\"{$config['listings_view_images_path']}/{$file_name}\" target=\"_thumb\"> ";
                     $display .= "<img src=\"{$config['listings_view_images_path']}/{$thumb_file_name}\" height=\"{$thumb_displayheight}\" width=\"{$thumb_displaywidth}\" alt=\"{$thumb_file_name}\" /></a><br /> ";
                     $display .= "<b>{$caption}</b><br /><br />";
                     $recordSet->MoveNext();
                 }
                 // end while
                 $display .= '</td>';
                 if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevtours'] == "yes") {
                     $display .= '<td valign="top" align="center" class="row_main">';
                     $display .= '<b>' . $lang['vtours'] . '</b>';
                     $display .= '<br />';
                     $display .= '<hr width="75%" />';
                     $display .= '<form action="index.php?action=edit_vtour_images" method="post" name="edit_vtour_images"><input type="hidden" name="edit" value="' . $edit . '" /><a href="javascript:document.edit_vtour_images.submit()">' . $lang['edit_vtours'] . '</a></form>';
                     $display .= '<br />';
                     $sql = "SELECT vtourimages_caption, vtourimages_file_name, vtourimages_thumb_file_name FROM " . $config['table_prefix'] . "vtourimages WHERE (listingsdb_id = '{$edit}') ORDER BY  vtourimages_rank";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     while (!$recordSet->EOF) {
                         $caption = $misc->make_db_unsafe($recordSet->fields['vtourimages_caption']);
                         $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_thumb_file_name']);
                         $file_name = $misc->make_db_unsafe($recordSet->fields['vtourimages_file_name']);
                         $ext = substr(strrchr($file_name, '.'), 1);
                         if ($ext == 'jpg') {
                             // gotta grab the image size
                             $imagedata = GetImageSize("{$config['vtour_upload_path']}/{$thumb_file_name}");
                             $imagewidth = $imagedata[0];
                             $imageheight = $imagedata[1];
                             $shrinkage = $config['thumbnail_width'] / $imagewidth;
                             $displaywidth = $imagewidth * $shrinkage;
                             $displayheight = $imageheight * $shrinkage;
                             $display .= "<a href=\"{$config['vtour_view_images_path']}/{$file_name}\" target=\"_thumb\">";
                             $display .= "<img src=\"{$config['vtour_view_images_path']}/{$thumb_file_name}\" height=\"{$displayheight}\" width=\"{$displaywidth}\" alt=\"{$thumb_file_name}\" /></a><br /> ";
                             $display .= "<strong>{$caption}</strong><br /><br />";
                             $recordSet->MoveNext();
                         } elseif ($ext == 'egg') {
                             $display .= "<img src=\"{$config['baseurl']}/images/eggimage.gif\" alt=\"eggimage.gif\" /><br /> ";
                             $recordSet->MoveNext();
                         } else {
                             $display .= $file_name . '<br />' . $lang['unsupported_vtour'] . '<br /><br />';
                             $recordSet->MoveNext();
                         }
                     }
                     // end while
                     if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") {
                         $display .= '<br />';
                     } else {
                         $display .= '</td>';
                     }
                 }
                 // Place the Files list and edit files link on the edit listing page if we are allowed to have files.
                 if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") {
                     if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevtours'] == "yes") {
                         $display .= '<br />';
                     } else {
                         $display .= '<td valign="top" align="center" class="row_main">';
                     }
                     $display .= '<b>' . $lang['files'] . '</b>';
                     $display .= '<br />';
                     $display .= '<hr width="75%" />';
                     $display .= '<form action="index.php?action=edit_listing_files" method="post" name="edit_listing_files"><input type="hidden" name="edit" value="' . $_GET['edit'] . '" /><a href="javascript:document.edit_listing_files.submit()">' . $lang['edit_files'] . '</a></form>';
                     $display .= '<br />';
                     $sql = "SELECT listingsfiles_id, listingsfiles_caption, listingsfiles_file_name FROM " . $config['table_prefix'] . "listingsfiles WHERE (listingsdb_id = '{$_GET['edit']}')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     while (!$recordSet->EOF) {
                         $caption = $misc->make_db_unsafe($recordSet->fields['listingsfiles_caption']);
                         $file_name = $misc->make_db_unsafe($recordSet->fields['listingsfiles_file_name']);
                         $file_id = $misc->make_db_unsafe($recordSet->fields['listingsfiles_id']);
                         $iconext = substr(strrchr($file_name, '.'), 1);
                         $iconpath = $config["file_icons_path"] . '/' . $iconext . '.png';
                         if (file_exists($iconpath)) {
                             $icon = $config["listings_view_file_icons_path"] . '/' . $iconext . '.png';
                         } else {
                             $icon = $config["listings_view_file_icons_path"] . '/default.png';
                         }
                         $file_download_url = 'index.php?action=create_download&amp;ID=' . $edit . '&amp;file_id=' . $file_id . '&amp;type=listing';
                         $display .= '<a href="' . $config['baseurl'] . '/' . $file_download_url . '" target="_thumb">';
                         $display .= '<img src="' . $icon . '" height="' . $config["file_icon_height"] . '" width="' . $config["file_icon_width"] . '" alt="' . $file_name . '" /><br />';
                         $display .= '<strong>' . $file_name . '</strong></a><br />';
                         $display .= '<strong>' . $caption . '</strong><br /><br />';
                         $recordSet->MoveNext();
                     }
                     // end while
                     $display .= '</td>';
                 }
                 $display .= '<td class="row_main">';
                 //START FORM VALIDATION
                 if (isset($_POST['property_class'])) {
                     $class_sql = '';
                     foreach ($_POST['property_class'] as $class_id) {
                         if (empty($class_sql)) {
                             $class_sql .= ' class_id = ' . $class_id;
                         } else {
                             $class_sql .= ' OR class_id = ' . $class_id;
                         }
                         $display .= '<input type="hidden" name="property_class[]" value="' . $class_id . '" />';
                     }
                     $pclass_list = '';
                     $sql = "SELECT DISTINCT(listingsformelements_id) FROM  " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql;
                     $recordSet = $conn->execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     while (!$recordSet->EOF) {
                         if (empty($pclass_list)) {
                             $pclass_list .= $recordSet->fields['listingsformelements_id'];
                         } else {
                             $pclass_list .= ',' . $recordSet->fields['listingsformelements_id'];
                         }
                         $recordSet->Movenext();
                     }
                     if ($pclass_list == '') {
                         $pclass_list = 0;
                     }
                     $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required from " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_id IN (" . $pclass_list . ") ORDER BY listingsformelements_rank, listingsformelements_field_name";
                 } else {
                     $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required from " . $config['table_prefix'] . "listingsformelements ORDER BY listingsformelements_rank, listingsformelements_field_name";
                 }
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 $display .= "\r\n<script type=\"text/javascript\" >\r\n";
                 $display .= "<!--\r\n";
                 $display .= "function validate_form()\r\n";
                 $display .= "{\r\n";
                 $display .= "var msg=\"\"\r\n";
                 $display .= "valid = true;\r\n";
                 $display .= "if ( document.update_listing.title.value == \"\" )\r\n";
                 $display .= "{\r\n";
                 $display .= "msg += '{$lang['forgot_field']} {$lang['admin_listings_editor_title']} {$lang['admin_template_editor_field']}.\\r\\n';\r\n";
                 $display .= "valid = false;\r\n";
                 $display .= "}\r\n";
                 while (!$recordSet->EOF) {
                     $field_name = $recordSet->fields['listingsformelements_field_name'];
                     $field_caption = $recordSet->fields['listingsformelements_field_caption'];
                     $required = $recordSet->fields['listingsformelements_required'];
                     if ($required == 'Yes') {
                         $display .= "if ( document.update_listing.{$field_name}.value == \"\" )\r\n";
                         $display .= "{\r\n";
                         $display .= "msg += '" . html_entity_decode($lang[forgot_field]) . " {$field_caption} " . html_entity_decode($lang[admin_template_editor_field]) . ".\\r\\n';\r\n";
                         $display .= "valid = false;\r\n";
                         $display .= "}\r\n";
                     }
                     $recordSet->MoveNext();
                 }
                 $display .= "if (msg != \"\")\r\n";
                 $display .= "{\r\n";
                 $display .= "alert (msg);";
                 $display .= "}\r\n";
                 $display .= "return valid;\r\n";
                 $display .= "}\r\n";
                 $display .= "//-->\r\n";
                 $display .= "</script>\r\n";
                 //END FORM VALIDATION
                 $display .= '<table>';
                 if ($only_my_listings == true) {
                     $display .= '<form name="update_listing" action="index.php?action=edit_my_listings&amp;edit=' . $_GET['edit'] . '" method="post" onsubmit="return validate_form ( );">';
                 } else {
                     $display .= '<form name="update_listing" action="index.php?action=edit_listings&amp;edit=' . $_GET['edit'] . '" method="post" onsubmit="return validate_form ( );">';
                 }
                 $display .= '<input type="hidden" name="action" value="update_listing">';
                 $display .= '<input type="hidden" name="edit" value="' . $_GET['edit'] . '">';
                 $display .= '<tr>';
                 $display .= '<td align="right"><b>' . $lang['admin_listings_editor_title'] . ': <font color="red">*</font></b></td>';
                 $display .= '<td align="left"> <input type="text" name="title" value="' . $edit_title . '"></td></tr>';
                 // Display Property Classes
                 $sql2 = 'SELECT class_id FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE listingsdb_id =' . $listing_ID;
                 $recordSet2 = $conn->execute($sql2);
                 if ($recordSet2 === false) {
                     $misc->log_error($sql2);
                 }
                 $selected_class_id = array();
                 while (!$recordSet2->EOF) {
                     $selected_class_id[] = $recordSet2->fields['class_id'];
                     $recordSet2->MoveNext();
                 }
                 $sql2 = 'SELECT class_id,class_name FROM ' . $config['table_prefix'] . 'class';
                 $recordSet2 = $conn->execute($sql2);
                 if ($recordSet2 === false) {
                     $misc->log_error($sql2);
                 }
                 $display .= '<tr><td align="right"><b>' . $lang['admin_listings_editor_property_class'] . '</b></td><td align="left">';
                 $display .= '<select name="pclass[]"';
                 if ($config["multiple_pclass_selection"] == '1') {
                     $display .= ' multiple="multiple" size="5"';
                 }
                 $display .= '>';
                 while (!$recordSet2->EOF) {
                     $class_id = $recordSet2->fields['class_id'];
                     $class_name = $misc->make_db_unsafe($recordSet2->fields['class_name']);
                     if (in_array($class_id, $selected_class_id, true)) {
                         $display .= '<option value="' . $class_id . '" selected="selected">' . $class_name . '</option>';
                     } else {
                         $display .= '<option value="' . $class_id . '">' . $class_name . '</option>';
                     }
                     $recordSet2->MoveNext();
                 }
                 $display .= '</select></td></tr>';
                 // End property Class Display
                 if ($_SESSION['featureListings'] == "yes" || $_SESSION['admin_privs'] == "yes") {
                     $display .= '<tr><td align="right"><b>' . $lang['admin_listings_editor_featured'] . ':</b></td><td align="left">';
                     $display .= '<select name="featured" size="1">';
                     $display .= '<option value="' . $edit_featured . '">' . $lang['' . $edit_featured . ''] . '</option>';
                     $display .= '<option value="">-----</option>';
                     $display .= '<option value="yes">' . $lang['yes'] . '</option>';
                     $display .= '<option value="no">' . $lang['no'] . '</option>';
                     $display .= '</select></td></tr>';
                 }
                 // end if ($featureListings == "yes")
                 if ($_SESSION['admin_privs'] == "yes" || $_SESSION['moderator'] == 'yes') {
                     $display .= '<tr><td align="right"><b>' . $lang['admin_listings_active'] . ':</b></td><td align="left">';
                     $display .= '<select name="edit_active" size="1">';
                     $display .= '<option value="' . $edit_active . '">' . $lang['' . $edit_active . ''] . '</option>';
                     $display .= '<option value="">-----</option>';
                     $display .= '<option value="yes">' . $lang['yes'] . '</option>';
                     $display .= '<option value="no">' . $lang['no'] . '</option>';
                     $display .= '</select></td></tr>';
                     if ($config['moderate_listings'] == 1 && $edit_active == 'no') {
                         $display .= '<tr><td align="right"><b>' . $lang['admin_send_notices'] . ':</b></td><td align="left">';
                         $display .= '<select name="send_notices" size="1">';
                         $display .= '<option value="no">' . $lang['no'] . '</option>';
                         $display .= '<option value="yes">' . $lang['yes'] . '</option>';
                         $display .= '</select>';
                         $display .= ' <a href="#" class="tooltip"><img src="images/info.gif" width="16" height="16" /><span>' . $lang['send_notices_tool_tip'] . '</span></a>';
                         $display .= '</td></tr>';
                     }
                 }
                 // end if ($featureListings == "yes")
                 if (($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_expiration'] == "yes") && $config['use_expiration'] == "1") {
                     $display .= '<tr><td align="right" class="row_main"><b>' . $lang['expiration'] . ':</b></td><td align="left"><input type="text" name="edit_expiration" value="' . $expiration . '" onFocus="javascript:vDateType=\'' . $config['date_format'] . '\'" onKeyUp="DateFormat(this,this.value,event,false,\'' . $config['date_format'] . '\')" onBlur="DateFormat(this,this.value,event,true,\'' . $config['date_format'] . '\')" />(' . $config['date_format_long'] . ')</td></tr>';
                 }
                 // end if ($admin_privs == "yes" and $config[use_expiration] = "yes")
                 if ($config["export_listings"] == 1 && $_SESSION['export_listings'] == "yes") {
                     $display .= '<tr><td align="right"><strong>' . $lang['admin_listings_editor_mlsexport'] . ':</strong></td><td align="left">';
                     $display .= '<select name="mlsexport" size="1">';
                     $display .= '<option value="' . $edit_mlsexport . '">' . $lang['' . $edit_mlsexport . ''] . '</option>';
                     $display .= '<option value="">-----</option>';
                     $display .= '<option value="yes">' . $lang['yes'] . '</option>';
                     $display .= '<option value="no">' . $lang['no'] . '</option>';
                     $display .= '</select>';
                     $display .= '</td></tr>';
                 } else {
                     $display .= '<input type="hidden" name="mlsexport" value="no" />';
                 }
                 // Display Agent selection Option to reassign listing
                 if ($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_all_listings'] == "yes") {
                     $display .= '<tr><td align="right"><b>' . $lang['listing_editor_listing_agent'] . ':</b></td>';
                     $display .= '<td align="left" class="row_main"><select name="or_owner" size="1">';
                     // find the name of the agent listed as ID in $edit_or_owner
                     $sql = "SELECT userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb WHERE (userdb_id = {$edit_or_owner})";
                     $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     // strip slashes so input appears correctly
                     $agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
                     $agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
                     $display .= "<option value=\"{$edit_or_owner}\">{$agent_last_name},{$agent_first_name}</option>";
                     // fill list with names of all agents
                     $sql = "SELECT userdb_id, userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb where userdb_is_agent = 'yes' or userdb_is_admin = 'yes' ORDER BY userdb_user_last_name,userdb_user_first_name";
                     $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     }
                     while (!$recordSet->EOF) {
                         // strip slashes so input appears correctly
                         $agent_ID = $recordSet->fields['userdb_id'];
                         $agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
                         $agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
                         $display .= "<option value=\"{$agent_ID}\">{$agent_last_name},{$agent_first_name}</option>";
                         $recordSet->MoveNext();
                     }
                     $display .= "</select></td>";
                     $display .= '</tr>';
                 } else {
                     $display .= '<input type="hidden" name="or_owner" value="' . $edit_or_owner . '" />';
                 }
                 // Show Notes Field
                 if ($config["show_notes_field"] == 1) {
                     $display .= '<tr><td align="right"><b>' . $lang['admin_listings_editor_notes'] . ':</b><br /><div class="small">(' . $lang['admin_listings_editor_notes_note'] . ')</div></td><td align="left"> <textarea name="notes" rows="6" cols="40">' . $edit_notes . '</textarea></td></tr>';
                 } else {
                     $display .= '<input type="hidden" name="notes" value="' . $edit_notes . '" />';
                 }
                 // Show Listing Fields for this property class
                 $sql = 'SELECT class_id from ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE listingsdb_id =' . $edit;
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 $class_sql = '';
                 while (!$recordSet->EOF()) {
                     $class_id = $recordSet->fields['class_id'];
                     if (empty($class_sql)) {
                         $class_sql .= ' class_id = ' . $class_id;
                     } else {
                         $class_sql .= ' OR class_id = ' . $class_id;
                     }
                     $recordSet->MoveNext();
                 }
                 $class_list = '';
                 $sql = "SELECT DISTINCT(listingsformelements_id) FROM  " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql;
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 while (!$recordSet->EOF) {
                     if (empty($class_list)) {
                         $class_list .= $recordSet->fields['listingsformelements_id'];
                     } else {
                         $class_list .= ',' . $recordSet->fields['listingsformelements_id'];
                     }
                     $recordSet->MoveNext();
                 }
                 if ($class_list == '') {
                     $class_list = 0;
                 }
                 $sql = "SELECT listingsformelements_field_name, listingsdbelements_field_value, listingsformelements_field_type, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip FROM " . $config['table_prefix'] . "listingsformelements left join " . $config['table_prefix'] . "listingsdbelements on listingsdbelements_field_name = listingsformelements_field_name AND listingsdb_id = {$edit} WHERE listingsformelements_id IN (" . $class_list . ") ORDER BY listingsformelements_rank";
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 while (!$recordSet->EOF) {
                     $field_name = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_name']);
                     if (isset($_POST[$field_name])) {
                         if (is_array($_POST[$field_name])) {
                             $field_value = "";
                             foreach ($_POST[$field_name] as $feature_item) {
                                 $feature_item = $misc->make_db_unsafe($feature_item);
                                 $field_value .= "||{$feature_item}";
                             }
                             // end while
                             // now remove the first two characters
                             $feature_insert_length = strlen($field_value);
                             $feature_insert_length = $feature_insert_length - 2;
                             $field_value = substr($field_value, 2, $feature_insert_length);
                         } else {
                             $field_value = $misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']);
                         }
                     } else {
                         $field_value = $misc->make_db_unsafe($recordSet->fields['listingsdbelements_field_value']);
                     }
                     $field_type = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_type']);
                     $field_caption = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_caption']);
                     $default_text = $misc->make_db_unsafe($recordSet->fields['listingsformelements_default_text']);
                     $field_elements = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_elements']);
                     $required = $misc->make_db_unsafe($recordSet->fields['listingsformelements_required']);
                     $field_length = $misc->make_db_unsafe($recordSet->fields['listingsformelements_field_length']);
                     $tool_tip = $misc->make_db_unsafe($recordSet->fields['listingsformelements_tool_tip']);
                     // pass the data to the function
                     $display .= $forms->renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements, $field_length, $tool_tip);
                     $recordSet->MoveNext();
                 }
                 //$editid = substr($edit, 1, -1) * 1;
                 if ($only_my_listings == true) {
                     $edit_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&amp;edit=' . $edit;
                     $delete_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&amp;delete=' . $edit;
                 } else {
                     $edit_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&amp;edit=' . $edit;
                     $delete_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&amp;delete=' . $edit;
                 }
                 $display .= '<tr><td colspan="2" align="center">' . $lang[required_form_text] . '</td></tr>';
                 $display .= '<tr><td colspan="2" align="center"><input type="submit" value="' . $lang[update_button] . '">  <a href="' . $delete_link . '" onclick="return confirmDelete()">' . $lang[admin_listings_editor_delete_listing] . '</a></td></tr></table></form>';
                 $display .= '</td></tr></table>';
             } else {
                 $display .= '<center><span class="redtext">' . $lang['admin_listings_editor_invalid_listing'] . '</span></center>';
                 $next_prev = '<center>' . $misc->next_prev($num_rows, $_GET['cur_page'], "", '', TRUE) . '</center>';
                 // put in the next/previous stuff
                 $display .= listing_editor::show_quick_edit_bar($next_prev, $only_my_listings);
             }
         } else {
             // show all the listings
             $sql_filter = '';
             if (isset($_POST['filter'])) {
                 if ($_POST['filter'] == 'active') {
                     $sql_filter = " AND listingsdb_active = 'yes' ";
                 }
                 if ($_POST['filter'] == 'inactive') {
                     $sql_filter = " AND listingsdb_active = 'no' ";
                 }
                 if ($_POST['filter'] == 'expired') {
                     $sql_filter = " AND listingsdb_expiration < " . $conn->DBDate(time());
                 }
                 if ($_POST['filter'] == 'featured') {
                     $sql_filter = " AND listingsdb_featured = 'yes' ";
                 }
                 if ($_POST['filter'] == 'created_1week') {
                     $sql_filter = " AND listingsdb_creation_date >= " . $conn->DBDate(date('Y-m-d', strtotime('-1 week')));
                 }
                 if ($_POST['filter'] == 'created_1month') {
                     $sql_filter = " AND listingsdb_creation_date >= " . $conn->DBDate(date('Y-m-d', strtotime('-1 month')));
                 }
                 if ($_POST['filter'] == 'created_3month') {
                     $sql_filter = " AND listingsdb_creation_date >= " . $conn->DBDate(date('Y-m-d', strtotime('-3 month')));
                 }
             }
             $lookup_sql = '';
             if (isset($_POST['lookup_field']) && isset($_POST['lookup_value']) && $_POST['lookup_field'] != 'listingsdb_id' && $_POST['lookup_field'] != 'listingsdb_title' && $_POST['lookup_value'] != '') {
                 $lookup_field = $misc->make_db_safe($_POST['lookup_field']);
                 $lookup_value = $misc->make_db_safe('%' . $_POST['lookup_value'] . '%');
                 $sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix'] . 'listingsdbelements WHERE listingsdbelements_field_name = ' . $lookup_field . ' AND listingsdbelements_field_value LIKE ' . $lookup_value;
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 $listing_ids = array();
                 while (!$recordSet->EOF) {
                     $listing_ids[] = $recordSet->fields['listingsdb_id'];
                     $recordSet->MoveNext();
                 }
                 if (count($listing_ids) > 0) {
                     $listing_ids = implode(',', $listing_ids);
                 } else {
                     $listing_ids = '0';
                 }
                 $lookup_sql = ' AND listingsdb_id IN (' . $listing_ids . ') ';
             }
             if (isset($_POST['lookup_field']) && isset($_POST['lookup_value']) && $_POST['lookup_field'] == 'listingsdb_title' && $_POST['lookup_value'] != '') {
                 $lookup_value = $misc->make_db_safe('%' . $_POST['lookup_value'] . '%');
                 $sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_title  LIKE ' . $lookup_value;
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 $listing_ids = array();
                 while (!$recordSet->EOF) {
                     $listing_ids[] = $recordSet->fields['listingsdb_id'];
                     $recordSet->MoveNext();
                 }
                 if (count($listing_ids) > 0) {
                     $listing_ids = implode(',', $listing_ids);
                 } else {
                     $listing_ids = '0';
                 }
                 $lookup_sql = ' AND listingsdb_id IN (' . $listing_ids . ') ';
             }
             if (isset($_POST['pclass_filter']) && $_POST['pclass_filter'] != '') {
                 $pclass_filter = $misc->make_db_safe($_POST['pclass_filter']);
                 $sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE class_id = ' . $pclass_filter;
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 $listing_ids = array();
                 while (!$recordSet->EOF) {
                     $listing_ids[] = $recordSet->fields['listingsdb_id'];
                     $recordSet->MoveNext();
                 }
                 if (count($listing_ids) > 0) {
                     $listing_ids = implode(',', $listing_ids);
                 } else {
                     $listing_ids = '0';
                 }
                 $pclass_sql = ' AND listingsdb_id IN (' . $listing_ids . ') ';
             }
             if (isset($_POST['agent_filter']) && $_POST['agent_filter'] != '') {
                 $agent_filter = $misc->make_db_safe($_POST['agent_filter']);
                 $sql = 'SELECT listingsdb_id FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $agent_filter;
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 $listing_ids = array();
                 while (!$recordSet->EOF) {
                     $listing_ids[] = $recordSet->fields['listingsdb_id'];
                     $recordSet->MoveNext();
                 }
                 if (count($listing_ids) > 0) {
                     $listing_ids = implode(',', $listing_ids);
                 } else {
                     $listing_ids = '0';
                 }
                 $agent_sql = ' AND listingsdb_id IN (' . $listing_ids . ') ';
             }
             // grab the number of listings from the db
             if ($only_my_listings == true) {
                 $sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_mlsexport, listingsdb_notes,\tlistingsdb_expiration, listingsdb_active, listingsdb_featured, listingsdb_hit_count, userdb_emailaddress FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "userdb WHERE " . $config['table_prefix'] . "listingsdb.userdb_id = " . $config['table_prefix'] . "userdb.userdb_id AND (" . $config['table_prefix'] . "userdb.userdb_id = '{$_SESSION['userID']}') {$sql_filter} {$lookup_sql} {$pclass_sql} {$agent_sql} ORDER BY listingsdb_id ASC";
             } else {
                 $sql = "SELECT listingsdb_id, listingsdb_title, listingsdb_mlsexport, listingsdb_notes,\tlistingsdb_expiration, listingsdb_active, listingsdb_featured, listingsdb_hit_count, userdb_emailaddress FROM " . $config['table_prefix'] . "listingsdb, " . $config['table_prefix'] . "userdb WHERE " . $config['table_prefix'] . "listingsdb.userdb_id = " . $config['table_prefix'] . "userdb.userdb_id {$sql_filter} {$lookup_sql} {$pclass_sql} {$agent_sql} ORDER BY listingsdb_id ASC";
             }
             $recordSet = $conn->Execute($sql);
             if ($recordSet === false) {
                 $misc->log_error($sql);
             }
             $num_rows = $recordSet->RecordCount();
             if (!isset($_GET['cur_page'])) {
                 $_GET['cur_page'] = 0;
             }
             $next_prev = '<center>' . $misc->next_prev($num_rows, $_GET['cur_page'], "", '', TRUE) . '</center>';
             // put in the next/previous stuff
             $display .= listing_editor::show_quick_edit_bar($next_prev, $only_my_listings);
             // build the string to select a certain number of listings per page
             $limit_str = $_GET['cur_page'] * $config['listings_per_page'];
             $recordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str);
             if ($recordSet === false) {
                 $misc->log_error($sql);
             }
             $count = 0;
             $display .= "<br /><br />";
             $page->load_page($config['admin_template_path'] . '/edit_listings.html');
             $page->replace_lang_template_tags();
             $page->replace_tags();
             $addons = $page->load_addons();
             $listing_section = $page->get_template_section('listing_dataset');
             while (!$recordSet->EOF) {
                 // alternate the colors
                 if ($count == 0) {
                     $count = $count + 1;
                 } else {
                     $count = 0;
                 }
                 $listing .= $listing_section;
                 // strip slashes so input appears correctly
                 $title = $misc->make_db_unsafe($recordSet->fields['listingsdb_title']);
                 $notes = $misc->make_db_unsafe($recordSet->fields['listingsdb_notes']);
                 $active = $misc->make_db_unsafe($recordSet->fields['listingsdb_active']);
                 $featured = $misc->make_db_unsafe($recordSet->fields['listingsdb_featured']);
                 $mlsexport = $misc->make_db_unsafe($recordSet->fields['listingsdb_mlsexport']);
                 $email = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']);
                 $formatted_expiration = $recordSet->UserTimeStamp($recordSet->fields['listingsdb_expiration'], $config["date_format_timestamp"]);
                 $listingID = $recordSet->fields['listingsdb_id'];
                 $hit_count = $misc->make_db_unsafe($recordSet->fields['listingsdb_hit_count']);
                 if ($active == 'yes') {
                     $active = '<span class="edit_listings_' . $active . '">' . $lang['yes'] . '</span>';
                 } elseif ($active == 'no') {
                     $active = '<span class="edit_listings_' . $active . '">' . $lang['no'] . '</span>';
                 }
                 if ($featured == 'yes') {
                     $featured = '<span class="edit_listings_' . $featured . '">' . $lang['yes'] . '</span>';
                 } elseif ($featured == 'no') {
                     $featured = '<span class="edit_listings_' . $featured . '">' . $lang['no'] . '</span>';
                 }
                 //Add filters to link
                 if (isset($_POST['lookup_field']) && isset($_POST['lookup_value'])) {
                     $_GET['lookup_field'] = $_POST['lookup_field'];
                     $_GET['lookup_value'] = $_POST['lookup_value'];
                 }
                 if (isset($_GET['lookup_field']) && isset($_GET['lookup_value'])) {
                     $_POST['lookup_field'] = $_GET['lookup_field'];
                     $_POST['lookup_value'] = $_GET['lookup_value'];
                 }
                 if ($only_my_listings == true) {
                     $edit_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&amp;edit=' . $listingID;
                     $delete_link = $config['baseurl'] . '/admin/index.php?action=edit_my_listings&amp;delete=' . $listingID;
                 } else {
                     $edit_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&amp;edit=' . $listingID;
                     $delete_link = $config['baseurl'] . '/admin/index.php?action=edit_listings&amp;delete=' . $listingID;
                 }
                 $email_link = 'mailto:' . $email;
                 $listing = $page->replace_listing_field_tags($listingID, $listing);
                 $listing = $page->parse_template_section($listing, 'listingid', $listingID);
                 $listing = $page->parse_template_section($listing, 'edit_listing_link', $edit_link);
                 $listing = $page->parse_template_section($listing, 'delete_listing_link', $delete_link);
                 $listing = $page->parse_template_section($listing, 'email_agent_link', $email_link);
                 $listing = $page->parse_template_section($listing, 'listing_active_status', $active);
                 $listing = $page->parse_template_section($listing, 'listing_featured_status', $featured);
                 $listing = $page->parse_template_section($listing, 'listing_expiration', $formatted_expiration);
                 $listing = $page->parse_template_section($listing, 'listing_notes', $notes);
                 $listing = $page->parse_template_section($listing, 'row_num_even_odd', $count);
                 $listing = $page->parse_template_section($listing, 'listing_hit_count', $hit_count);
                 $addon_fields = $page->get_addon_template_field_list($addons);
                 $listing = $page->parse_addon_tags($listing, $addon_fields);
                 if ($config["use_expiration"] == 0) {
                     $listing = $page->remove_template_block('show_expiration', $listing);
                 } else {
                     $listing = $page->cleanup_template_block('show_expiration', $listing);
                 }
                 $recordSet->MoveNext();
             }
             // end while
             $page->replace_template_section('listing_dataset', $listing);
             $page->replace_permission_tags();
             $display .= $page->return_page();
         }
         // end if $edit == ""
     } else {
         $display .= '<div class="error_text">' . $lang['access_denied'] . '</div>';
     }
     return $display;
 }