function update_user($user_id)
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
$display = '';
$do_update = true;
if ($_POST['edit_user_pass'] != $_POST['edit_user_pass2']) {
$display .= '<p>' . $lang['user_manager_password_identical'] . '</p>';
$do_update = false;
} elseif ($_POST['edit_user_pass'] == '') {
$do_update = true;
}
// end elseif
if ($_POST['user_email'] == '' || $_POST['user_first_name'] == '' || $_POST['user_last_name'] == '') {
$display .= "<p class=\"redtext\">{$lang['required_fields_not_filled']}</p>";
$do_update = false;
}
// Get Current User type
$sql = 'SELECT userdb_is_agent, userdb_is_admin, userdb_active FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$is_agent = $misc->make_db_unsafe($recordSet->fields['userdb_is_agent']);
$is_admin = $misc->make_db_unsafe($recordSet->fields['userdb_is_admin']);
$is_active = $misc->make_db_unsafe($recordSet->fields['userdb_active']);
$sql_user_email = $misc->make_db_safe($_POST['user_email']);
$sql_user_first_name = $misc->make_db_safe($_POST['user_first_name']);
$sql_user_last_name = $misc->make_db_safe($_POST['user_last_name']);
//Make sure no other user has this email address.
$sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_emailaddress = ' . $sql_user_email;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
if ($recordSet->fields['userdb_id'] != $user_id) {
$display .= "<p class=\"redtext\">{$lang['email_address_already_used']}</p>";
$do_update = false;
}
$recordSet->MoveNext();
}
if ($do_update) {
global $pass_the_form;
if ($is_agent == 'yes' || $is_admin == 'yes') {
$db_to_validate = 'agentformelements';
} else {
$db_to_validate = 'memberformelements';
}
$pass_the_form = $forms->validateForm($db_to_validate);
if (is_array($pass_the_form)) {
// if we're not going to pass it, tell that they forgot to fill in one of the fields
foreach ($pass_the_form as $k => $v) {
if ($v == 'REQUIRED') {
$display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>";
}
if ($v == 'TYPE') {
$display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>";
}
}
} else {
$_POST['user_email'] = $misc->make_db_safe($_POST['user_email']);
if ($_POST['edit_user_pass'] == '') {
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id;
} else {
$md5_user_pass = md5($_POST['edit_user_pass']);
$md5_user_pass = $misc->make_db_safe($md5_user_pass);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_user_password = '******', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id;
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($_SESSION['admin_privs'] == 'yes' && $is_admin == 'yes') {
$sql_edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']);
$sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']);
$sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_rank = ' . $sql_edit_userRank . ', userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ', userdb_limit_listings = ' . $sql_edit_limitListings . ' WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
// If Admin is upadting and agent set other fields
if ($_SESSION['admin_privs'] == 'yes' && $is_agent == 'yes') {
$edit_is_active = $misc->make_db_safe($_POST['edit_active']);
$edit_first_name = $misc->make_db_safe($_POST['user_first_name']);
$edit_last_name = $misc->make_db_safe($_POST['user_last_name']);
$edit_canEditSiteConfig = $misc->make_db_safe($_POST['edit_canEditSiteConfig']);
$edit_canEditMemberTemplate = $misc->make_db_safe($_POST['edit_canEditMemberTemplate']);
$edit_canEditAgentTemplate = $misc->make_db_safe($_POST['edit_canEditAgentTemplate']);
$edit_canEditListingTemplate = $misc->make_db_safe($_POST['edit_canEditListingTemplate']);
$edit_canEditAllListings = $misc->make_db_safe($_POST['edit_canEditAllListings']);
$edit_canEditAllUsers = $misc->make_db_safe($_POST['edit_canEditAllUsers']);
$edit_can_view_logs = $misc->make_db_safe($_POST['edit_canViewLogs']);
$edit_can_moderate = $misc->make_db_safe($_POST['edit_canModerate']);
$edit_can_feature_listings = $misc->make_db_safe($_POST['edit_canFeatureListings']);
$edit_can_edit_pages = $misc->make_db_safe($_POST['edit_canPages']);
$edit_can_have_vtours = $misc->make_db_safe($_POST['edit_canVtour']);
$edit_can_have_files = $misc->make_db_safe($_POST['edit_canFiles']);
$edit_can_have_user_files = $misc->make_db_safe($_POST['edit_canUserFiles']);
$edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']);
$sql_edit_canExportListings = $misc->make_db_safe($_POST['edit_canExportListings']);
$sql_edit_canEditListingExpiration = $misc->make_db_safe($_POST['edit_canEditListingExpiration']);
$sql_edit_canEditPropertyClasses = $misc->make_db_safe($_POST['edit_canEditPropertyClasses']);
$sql_userdb_blog_user_type = $misc->make_db_safe($_POST['edit_BlogPrivileges']);
$sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']);
$sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
$sql_edit_canManageAddons = $misc->make_db_safe($_POST['edit_canManageAddons']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET
userdb_active = ' . $edit_is_active . ',
userdb_user_first_name = ' . $edit_first_name . ',
userdb_user_last_name = ' . $edit_last_name . ',
userdb_can_edit_site_config = ' . $edit_canEditSiteConfig . ',
userdb_can_edit_member_template = ' . $edit_canEditMemberTemplate . ',
userdb_can_edit_agent_template = ' . $edit_canEditAgentTemplate . ',
userdb_can_edit_listing_template = ' . $edit_canEditListingTemplate . ',
userdb_can_view_logs = ' . $edit_can_view_logs . ',
userdb_can_moderate = ' . $edit_can_moderate . ',
userdb_can_feature_listings = ' . $edit_can_feature_listings . ',
userdb_can_edit_pages = ' . $edit_can_edit_pages . ',
userdb_can_have_vtours = ' . $edit_can_have_vtours . ',
userdb_can_have_files = ' . $edit_can_have_files . ',
userdb_can_have_user_files = ' . $edit_can_have_user_files . ',
userdb_limit_listings = ' . $edit_limitListings . ',
userdb_can_edit_expiration = ' . $sql_edit_canEditListingExpiration . ',
userdb_can_export_listings = ' . $sql_edit_canExportListings . ',
userdb_can_edit_all_users = ' . $edit_canEditAllUsers . ',
userdb_can_edit_all_listings = ' . $edit_canEditAllListings . ',
userdb_can_edit_property_classes = ' . $sql_edit_canEditPropertyClasses . ',
userdb_can_manage_addons = ' . $sql_edit_canManageAddons . ',
userdb_rank = ' . $sql_edit_userRank . ',
userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ',
userdb_blog_user_type = ' . $sql_userdb_blog_user_type . '
WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
} else {
if (isset($_POST['edit_active'])) {
$edit_is_active = $misc->make_db_safe($_POST['edit_active']);
} else {
$edit_is_active = $misc->make_db_safe('yes');
}
$edit_first_name = $misc->make_db_safe($_POST['user_first_name']);
$edit_last_name = $misc->make_db_safe($_POST['user_last_name']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_active = ' . $edit_is_active . ', userdb_user_first_name = ' . $edit_first_name . ', userdb_user_last_name =' . $edit_last_name . ' WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
if ($is_active == 'no' && $_POST['edit_active'] == 'yes') {
if ($config['moderate_agents'] == 1 && $is_agent == 'yes' || $config['moderate_members'] == 1 && $is_agent == 'no') {
$message = $_POST['user_first_name'] . ' ' . $_POST['user_last_name'] . ",\r\n" . $lang['user_activated_message'] . "\r\n\r\n";
if ($is_agent == 'yes') {
$link = $config['baseurl'] . '/admin/index.php';
} else {
$link = $config['baseurl'] . '/index.php?action=member_login';
}
$message .= $link;
$email = str_replace('\'', '', $_POST['user_email']);
$send = $misc->send_email($config['company_name'], $config['admin_email'], $email, $message, $lang['user_activated_subject']);
}
}
$message = user_managment::updateUserData($user_id);
if ($message == 'success') {
// one has to ensure that the cookie containing the pass is reset
// otherwise, one would have to log out and in again everytime
// an account was updated
if ($_POST['edit_user_pass'] != "" && $_SESSION['userID'] == $user_id) {
$_SESSION['userpassword'] = md5($_POST['edit_user_pass']);
}
$display .= '<p>' . $lang['user_editor_account_updated'] . ', ' . $_SESSION['username'] . '</p>';
} else {
$display .= '<p>' . $lang['alert_site_admin'] . '</p>';
}
// end else
}
// end if $pass_the_form == "Yes"
}
// end else
$misc->log_action($lang['log_updated_user'] . ': ' . $user_id);
return $display;
}
function update_listing($verify_user = true)
{
global $conn, $lang, $config;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
require_once $config['basepath'] . '/include/listing.inc.php';
$listing_pages = new listing_pages();
$display = '';
// update the listing
if ($verify_user) {
$sql_edit = intval($_POST['edit']);
$listing_ownerID = $listing_pages->getListingAgentID($sql_edit);
if (intval($_SESSION['userID']) != $listing_ownerID) {
$display = $lang['listing_editor_permission_denied'] . '<br />';
return $display;
}
}
if ($_POST['title'] == "") {
// if the title is blank
$display .= "{$lang['admin_new_listing_enter_a_title']}<br />";
} else {
$pass_the_form = $forms->validateForm('listingsformelements', $_POST['pclass']);
if ($pass_the_form !== "Yes") {
// if we're not going to pass it, tell that they forgot to fill in one of the fields
foreach ($pass_the_form as $k => $v) {
if ($v == 'REQUIRED') {
$display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>";
}
if ($v == 'TYPE') {
$display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>";
}
}
// $display .= "<p>$lang[required_fields_not_filled]</p>";
}
if ($pass_the_form == "Yes") {
$sql_title = $misc->make_db_safe($_POST['title']);
$sql_notes = $misc->make_db_safe($_POST['notes']);
$sql_edit = $misc->make_db_safe($_POST['edit']);
if (!isset($_POST['mlsexport'])) {
$_POST['mlsexport'] = "no";
}
$sql_mlsexport = $misc->make_db_safe($_POST['mlsexport']);
$sql = "UPDATE " . $config['table_prefix'] . "listingsdb SET ";
if (!$verify_user) {
$sql_or_owner = $misc->make_db_safe($_POST['or_owner']);
// update the listing data
$sql .= "userdb_ID = {$sql_or_owner}, ";
}
$sql .= "listingsdb_title = {$sql_title}, ";
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['featureListings'] == "yes") {
// Check Number of Featured Listings User has
if (isset($_POST['or_owner'])) {
$or_owner = $misc->make_db_safe($_POST['or_owner']);
$featuredsql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_featured = \'yes\' AND userdb_id = ' . $or_owner;
} else {
$featuredsql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_featured = \'yes\' AND userdb_id = ' . $_SESSION['userID'];
}
$recordSet = $conn->Execute($featuredsql);
if ($recordSet === false) {
$misc->log_error($featuredsql);
}
$featuredlisting_count = $recordSet->fields['listing_count'];
// Get User Featured Listing Limit
if (isset($_POST['or_owner'])) {
$or_owner = $misc->make_db_safe($_POST['or_owner']);
$featuredsql = 'SELECT userdb_featuredlistinglimit FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $or_owner;
} else {
$featuredsql = 'SELECT userdb_featuredlistinglimit FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $_SESSION['userID'];
}
$recordSet = $conn->Execute($featuredsql);
if ($recordSet === false) {
$misc->log_error($featuredsql);
}
$featuredlisting_limit = $recordSet->fields['userdb_featuredlistinglimit'];
$featuredLimitError = FALSE;
if ($_POST['featured'] == 'yes') {
if ($featuredlisting_limit > $featuredlisting_count || $featuredlisting_limit == '-1') {
// if the user can feature properties
$sql_featured = $misc->make_db_safe($_POST['featured']);
$sql .= "listingsdb_featured = {$sql_featured}, ";
} else {
//See if we are already featured..
$featuredcheckSql = 'SELECT listingsdb_featured FROM ' . $config['table_prefix'] . 'listingsdb WHERE listingsdb_id = ' . $sql_edit;
$recordSetFeatured = $conn->Execute($featuredcheckSql);
if ($recordSetFeatured === false) {
$misc->log_error($featuredcheckSql);
}
$current_status = $recordSetFeatured->fields['listingsdb_featured'];
if ($current_status == 'yes') {
$sql_featured = $misc->make_db_safe($_POST['featured']);
$sql .= "listingsdb_featured = {$sql_featured}, ";
} else {
$featuredLimitError = TRUE;
}
}
} else {
//Not Feautred Save no matter what
$sql_featured = $misc->make_db_safe($_POST['featured']);
$sql .= "listingsdb_featured = {$sql_featured}, ";
}
}
// end if ($featureListings == "yes")
if ($_SESSION['admin_privs'] == "yes" || $_SESSION['moderator'] == "yes") {
// if the user is an administrtor
$sql_active = $misc->make_db_safe($_POST['edit_active']);
$sql .= "listingsdb_active = {$sql_active}, ";
}
// end if ($admin_privs == "yes")
if (($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_expiration'] == "yes") && $config['use_expiration'] == "1") {
$expiration_date = $misc->or_date_format($_POST['edit_expiration']);
$sql .= "listingsdb_expiration = " . $expiration_date . ",";
}
if ($verify_user) {
$sql .= "listingsdb_notes = {$sql_notes}, listingsdb_mlsexport = {$sql_mlsexport}, listingsdb_last_modified = " . $conn->DBTimeStamp(time()) . " WHERE ((listingsdb_id = {$sql_edit}) AND (userdb_id = {$_SESSION['userID']}))";
} else {
$sql .= "listingsdb_notes = {$sql_notes}, listingsdb_mlsexport = {$sql_mlsexport}, listingsdb_last_modified = " . $conn->DBTimeStamp(time()) . " WHERE listingsdb_id = {$sql_edit}";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($verify_user) {
$message = listing_editor::updateListingsData($_POST['edit'], $_SESSION['userID']);
} else {
// update the image data (in case the or_owner has changed)
$sql = "UPDATE " . $config['table_prefix'] . "listingsimages SET userdb_id = {$sql_or_owner} WHERE listingsdb_id = {$sql_edit}";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$message = listing_editor::updateListingsData($_POST['edit'], $_POST['or_owner']);
}
// Ok Now Handle Any property class changes that all the data is saved.
// First Get a list of all the currently assing property classes.
$sql2 = 'SELECT class_id FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE listingsdb_id =' . $sql_edit;
$recordSet2 = $conn->execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
$current_class_id = array();
while (!$recordSet2->EOF) {
$current_class_id[] = $recordSet2->fields['class_id'];
$recordSet2->MoveNext();
}
// Get List of edited pclasses
$new_class_assigned_sql = implode(',', $_POST['pclass']);
// Now if teh property class is no longer assigned remove this listin from the class and remove any listing fields tha belogn only to this class
foreach ($current_class_id as $c_class_id) {
if (!in_array($c_class_id, $_POST['pclass'])) {
// Delete listing from class
$sql = 'DELETE FROM ' . $config['table_prefix_no_lang'] . 'classlistingsdb WHERE class_id = ' . $c_class_id . ' AND listingsdb_id = ' . $sql_edit;
$recordSet = $conn->execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// Get a list of form element ids for the new selected property classes
$sql = 'SELECT listingsformelements_id FROM ' . $config['table_prefix_no_lang'] . 'classformelements WHERE class_id IN (' . $new_class_assigned_sql . ')';
$recordSet = $conn->execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$formelement_ids = array();
while (!$recordSet->EOF) {
$formelement_ids[] = $recordSet->fields['listingsformelements_id'];
$recordSet->Movenext();
}
$new_listingsformelements_id_sql = implode(',', $formelement_ids);
$sql = 'SELECT DISTINCT(listingsformelements_field_name) FROM ' . $config['table_prefix_no_lang'] . 'classformelements as c,' . $config['table_prefix'] . 'listingsformelements as f WHERE class_id = ' . $c_class_id . ' AND c.listingsformelements_id NOT IN (' . $new_listingsformelements_id_sql . ') AND c.listingsformelements_id = f.listingsformelements_id';
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$sql2 = 'DELETE FROM ' . $config['table_prefix'] . 'listingsdbelements WHERE listingsdbelements_field_name = ' . $recordSet->fields['listingsformelements_field_name'] . ' AND listingsdb_id = ' . $sql_edit;
$recordSet2 = $conn->execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
}
}
}
// If this is a new class add the listing to the class
foreach ($_POST['pclass'] as $class_id) {
if (!in_array($class_id, $current_class_id)) {
$sql2 = 'INSERT INTO ' . $config['table_prefix_no_lang'] . 'classlistingsdb (class_id,listingsdb_id) VALUES (' . $class_id . ',' . $sql_edit . ')';
$recordSet2 = $conn->execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
}
}
if ($message == "success") {
$display .= "<p>{$lang['admin_listings_editor_listing_number']} {$_POST['edit']} {$lang['has_been_updated']} </p>";
if ($featuredLimitError == TRUE) {
$display .= "<p style=\"error\">{$lang['admin_listings_editor_featuredlistingerror']} </p>";
}
$misc->log_action("{$lang['log_updated_listing']} {$_POST['edit']}");
} else {
$display .= "<p>{$lang['alert_site_admin']}</p>";
}
// end else
}
// end if $pass_the_form == "Yes"
}
// end else
return $display;
}