function update_user($user_id)
    {
        global $conn, $config, $lang;
        require_once $config['basepath'] . '/include/misc.inc.php';
        $misc = new misc();
        require_once $config['basepath'] . '/include/forms.inc.php';
        $forms = new forms();
        $display = '';
        $do_update = true;
        if ($_POST['edit_user_pass'] != $_POST['edit_user_pass2']) {
            $display .= '<p>' . $lang['user_manager_password_identical'] . '</p>';
            $do_update = false;
        } elseif ($_POST['edit_user_pass'] == '') {
            $do_update = true;
        }
        // end elseif
        if ($_POST['user_email'] == '' || $_POST['user_first_name'] == '' || $_POST['user_last_name'] == '') {
            $display .= "<p class=\"redtext\">{$lang['required_fields_not_filled']}</p>";
            $do_update = false;
        }
        // Get Current User type
        $sql = 'SELECT userdb_is_agent, userdb_is_admin, userdb_active FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $user_id;
        $recordSet = $conn->Execute($sql);
        if ($recordSet === false) {
            $misc->log_error($sql);
        }
        $is_agent = $misc->make_db_unsafe($recordSet->fields['userdb_is_agent']);
        $is_admin = $misc->make_db_unsafe($recordSet->fields['userdb_is_admin']);
        $is_active = $misc->make_db_unsafe($recordSet->fields['userdb_active']);
        $sql_user_email = $misc->make_db_safe($_POST['user_email']);
        $sql_user_first_name = $misc->make_db_safe($_POST['user_first_name']);
        $sql_user_last_name = $misc->make_db_safe($_POST['user_last_name']);
        //Make sure no other user has this email address.
        $sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'userdb WHERE  userdb_emailaddress = ' . $sql_user_email;
        $recordSet = $conn->Execute($sql);
        if ($recordSet === false) {
            $misc->log_error($sql);
        }
        while (!$recordSet->EOF) {
            if ($recordSet->fields['userdb_id'] != $user_id) {
                $display .= "<p class=\"redtext\">{$lang['email_address_already_used']}</p>";
                $do_update = false;
            }
            $recordSet->MoveNext();
        }
        if ($do_update) {
            global $pass_the_form;
            if ($is_agent == 'yes' || $is_admin == 'yes') {
                $db_to_validate = 'agentformelements';
            } else {
                $db_to_validate = 'memberformelements';
            }
            $pass_the_form = $forms->validateForm($db_to_validate);
            if (is_array($pass_the_form)) {
                // if we're not going to pass it, tell that they forgot to fill in one of the fields
                foreach ($pass_the_form as $k => $v) {
                    if ($v == 'REQUIRED') {
                        $display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>";
                    }
                    if ($v == 'TYPE') {
                        $display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>";
                    }
                }
            } else {
                $_POST['user_email'] = $misc->make_db_safe($_POST['user_email']);
                if ($_POST['edit_user_pass'] == '') {
                    $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id;
                } else {
                    $md5_user_pass = md5($_POST['edit_user_pass']);
                    $md5_user_pass = $misc->make_db_safe($md5_user_pass);
                    $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_user_password = '******', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id;
                }
                $recordSet = $conn->Execute($sql);
                if ($recordSet === false) {
                    $misc->log_error($sql);
                }
                if ($_SESSION['admin_privs'] == 'yes' && $is_admin == 'yes') {
                    $sql_edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']);
                    $sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']);
                    $sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
                    $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_rank = ' . $sql_edit_userRank . ', userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ', userdb_limit_listings = ' . $sql_edit_limitListings . ' WHERE userdb_id = ' . $user_id;
                    $recordSet = $conn->Execute($sql);
                    if ($recordSet === false) {
                        $misc->log_error($sql);
                    }
                }
                // If Admin is upadting and agent set other fields
                if ($_SESSION['admin_privs'] == 'yes' && $is_agent == 'yes') {
                    $edit_is_active = $misc->make_db_safe($_POST['edit_active']);
                    $edit_first_name = $misc->make_db_safe($_POST['user_first_name']);
                    $edit_last_name = $misc->make_db_safe($_POST['user_last_name']);
                    $edit_canEditSiteConfig = $misc->make_db_safe($_POST['edit_canEditSiteConfig']);
                    $edit_canEditMemberTemplate = $misc->make_db_safe($_POST['edit_canEditMemberTemplate']);
                    $edit_canEditAgentTemplate = $misc->make_db_safe($_POST['edit_canEditAgentTemplate']);
                    $edit_canEditListingTemplate = $misc->make_db_safe($_POST['edit_canEditListingTemplate']);
                    $edit_canEditAllListings = $misc->make_db_safe($_POST['edit_canEditAllListings']);
                    $edit_canEditAllUsers = $misc->make_db_safe($_POST['edit_canEditAllUsers']);
                    $edit_can_view_logs = $misc->make_db_safe($_POST['edit_canViewLogs']);
                    $edit_can_moderate = $misc->make_db_safe($_POST['edit_canModerate']);
                    $edit_can_feature_listings = $misc->make_db_safe($_POST['edit_canFeatureListings']);
                    $edit_can_edit_pages = $misc->make_db_safe($_POST['edit_canPages']);
                    $edit_can_have_vtours = $misc->make_db_safe($_POST['edit_canVtour']);
                    $edit_can_have_files = $misc->make_db_safe($_POST['edit_canFiles']);
                    $edit_can_have_user_files = $misc->make_db_safe($_POST['edit_canUserFiles']);
                    $edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']);
                    $sql_edit_canExportListings = $misc->make_db_safe($_POST['edit_canExportListings']);
                    $sql_edit_canEditListingExpiration = $misc->make_db_safe($_POST['edit_canEditListingExpiration']);
                    $sql_edit_canEditPropertyClasses = $misc->make_db_safe($_POST['edit_canEditPropertyClasses']);
                    $sql_userdb_blog_user_type = $misc->make_db_safe($_POST['edit_BlogPrivileges']);
                    $sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']);
                    $sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
                    $sql_edit_canManageAddons = $misc->make_db_safe($_POST['edit_canManageAddons']);
                    $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET 
						userdb_active = ' . $edit_is_active . ', 
						userdb_user_first_name = ' . $edit_first_name . ', 
						userdb_user_last_name = ' . $edit_last_name . ',
						userdb_can_edit_site_config = ' . $edit_canEditSiteConfig . ', 
						userdb_can_edit_member_template = ' . $edit_canEditMemberTemplate . ', 
						userdb_can_edit_agent_template = ' . $edit_canEditAgentTemplate . ', 
						userdb_can_edit_listing_template = ' . $edit_canEditListingTemplate . ', 
						userdb_can_view_logs = ' . $edit_can_view_logs . ', 
						userdb_can_moderate = ' . $edit_can_moderate . ', 
						userdb_can_feature_listings = ' . $edit_can_feature_listings . ', 
						userdb_can_edit_pages = ' . $edit_can_edit_pages . ', 
						userdb_can_have_vtours = ' . $edit_can_have_vtours . ', 
						userdb_can_have_files = ' . $edit_can_have_files . ', 
						userdb_can_have_user_files = ' . $edit_can_have_user_files . ', 
						userdb_limit_listings = ' . $edit_limitListings . ', 
						userdb_can_edit_expiration = ' . $sql_edit_canEditListingExpiration . ', 
						userdb_can_export_listings = ' . $sql_edit_canExportListings . ', 
						userdb_can_edit_all_users = ' . $edit_canEditAllUsers . ', 
						userdb_can_edit_all_listings = ' . $edit_canEditAllListings . ', 
						userdb_can_edit_property_classes = ' . $sql_edit_canEditPropertyClasses . ', 
						userdb_can_manage_addons = ' . $sql_edit_canManageAddons . ', 
						userdb_rank = ' . $sql_edit_userRank . ', 
						userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ', 
						userdb_blog_user_type = ' . $sql_userdb_blog_user_type . ' 
						WHERE userdb_id = ' . $user_id;
                    $recordSet = $conn->Execute($sql);
                    if ($recordSet === false) {
                        $misc->log_error($sql);
                    }
                } else {
                    if (isset($_POST['edit_active'])) {
                        $edit_is_active = $misc->make_db_safe($_POST['edit_active']);
                    } else {
                        $edit_is_active = $misc->make_db_safe('yes');
                    }
                    $edit_first_name = $misc->make_db_safe($_POST['user_first_name']);
                    $edit_last_name = $misc->make_db_safe($_POST['user_last_name']);
                    $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_active = ' . $edit_is_active . ', userdb_user_first_name = ' . $edit_first_name . ', userdb_user_last_name =' . $edit_last_name . ' WHERE userdb_id = ' . $user_id;
                    $recordSet = $conn->Execute($sql);
                    if ($recordSet === false) {
                        $misc->log_error($sql);
                    }
                }
                if ($is_active == 'no' && $_POST['edit_active'] == 'yes') {
                    if ($config['moderate_agents'] == 1 && $is_agent == 'yes' || $config['moderate_members'] == 1 && $is_agent == 'no') {
                        $message = $_POST['user_first_name'] . ' ' . $_POST['user_last_name'] . ",\r\n" . $lang['user_activated_message'] . "\r\n\r\n";
                        if ($is_agent == 'yes') {
                            $link = $config['baseurl'] . '/admin/index.php';
                        } else {
                            $link = $config['baseurl'] . '/index.php?action=member_login';
                        }
                        $message .= $link;
                        $email = str_replace('\'', '', $_POST['user_email']);
                        $send = $misc->send_email($config['company_name'], $config['admin_email'], $email, $message, $lang['user_activated_subject']);
                    }
                }
                $message = user_managment::updateUserData($user_id);
                if ($message == 'success') {
                    // one has to ensure that the cookie containing the pass is reset
                    // otherwise, one would have to log out and in again everytime
                    // an account was updated
                    if ($_POST['edit_user_pass'] != "" && $_SESSION['userID'] == $user_id) {
                        $_SESSION['userpassword'] = md5($_POST['edit_user_pass']);
                    }
                    $display .= '<p>' . $lang['user_editor_account_updated'] . ', ' . $_SESSION['username'] . '</p>';
                } else {
                    $display .= '<p>' . $lang['alert_site_admin'] . '</p>';
                }
                // end else
            }
            // end if $pass_the_form == "Yes"
        }
        // end else
        $misc->log_action($lang['log_updated_user'] . ': ' . $user_id);
        return $display;
    }
예제 #2
0
    /**
     * Contact::ContactFriendForm()
     *
     * @param integer $listing_id This should hold the listing ID that you aer emailing your friend about.
     * @return
     */
    function ContactFriendForm($listing_id)
    {
        global $conn, $config, $lang;
        require_once $config['basepath'] . '/include/misc.inc.php';
        $misc = new misc();
        $display = '';
        $error = array();
        if (isset($_POST['message'])) {
            // Make sure there is a message
            if ($_SESSION['security_code'] != md5($_POST['security_code']) && $config["use_email_image_verification"] == 1) {
                $error[] = 'email_verification_code_not_valid';
            }
            if (trim($_POST['name']) == '') {
                $error[] = 'email_no_name';
            }
            if (trim($_POST['email']) == '') {
                $error[] = 'email_no_email_address';
            } elseif ($misc->validate_email($_POST['email']) !== true) {
                $error[] = 'email_invalid_email_address';
            }
            if (trim($_POST['friend_email']) == '') {
                $error[] = 'email_no_email_address';
            } elseif ($misc->validate_email($_POST['friend_email']) !== true) {
                $error[] = 'email_invalid_email_address';
            }
            if (trim($_POST['subject']) == '') {
                $error[] = 'email_no_subject';
            }
            if (trim($_POST['message']) == '') {
                $error[] = 'email_no_message';
            }
        }
        if (count($error) == 0 && isset($_POST['message'])) {
            // Send Mail
            $sent = $misc->send_email($_POST['name'], $_POST['email'], $_POST['friend_email'], $_POST['message'], $_POST['subject']);
            if ($sent === true) {
                $display .= $lang['email_listing_sent'] . ' ' . $_POST['friend_email'];
            } else {
                $display .= $sent;
            }
        } else {
            if (count($error) != 0) {
                foreach ($error as $err) {
                    $display .= '<div class="error_text">' . $lang[$err] . '</div>';
                }
            }
            $name = '';
            $email = '';
            $subject = '';
            // $friend_name = '';
            $friend_email = '';
            $message = '';
            if (isset($_POST['message'])) {
                $email = stripslashes($_POST['email']);
                $name = stripslashes($_POST['name']);
                $message = stripslashes($_POST['message']);
                $subject = stripslashes($_POST['subject']);
                // $friend_name = $_POST['friend_name'];
                $friend_email = stripslashes($_POST['friend_email']);
            } else {
                $subject = $lang['email_in_reference_to_listing'] . $listing_id;
                $message = $lang['email_listing_default_message'] . "\r\n\r\n" . $config['baseurl'] . '/index.php?action=listingview&amp;listingID=' . $listing_id;
            }
            $display .= '<form name="contact_friend" method="post" action="index.php?action=contact_friend&amp;popup=yes&amp;listing_id=' . $listing_id . '">
				<table  border="0" cellspacing="2" cellpadding="4">
					<tr>
						<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="name">' . $lang['email_your_name'] . '&nbsp;&nbsp;</label>
							<input id="name" name="name" value="' . htmlentities($name) . '" type="text" size="50">
						</td>
					</tr>
					<tr>
						<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="email">' . $lang['email_your_email'] . '&nbsp;&nbsp;&nbsp;</label>
							<input id="email" name="email" value="' . htmlentities($email) . '" type="text" size="50">
						</td>
					</tr>
					<tr>
						<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="email">' . $lang['email_friend_email'] . '&nbsp;&nbsp;&nbsp;</label>
							<input id="email" name="friend_email" value="' . htmlentities($friend_email) . '" type="text" size="50">
						</td>
					</tr>
					<tr>
						<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="subject">' . $lang['email_your_subject'] . '</label>
							<input id="subject" name="subject" value="' . htmlentities($subject) . '" type="text" size="50">
						</td>
					</tr>
					<tr>
						<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="message">' . $lang['email_your_message'] . '</label>
							<br />
							<br />
							<textarea id="message" name="message" rows="5" cols="50">' . htmlentities($message) . '</textarea>
						</td>
					</tr>
					</tr>';
            if ($config["use_email_image_verification"] == 1) {
                $display .= '<tr>
							<td colspan="2"><img src="' . $config['baseurl'] . '/include/class/captcha/captcha_image.php" /></td>
						</tr>
						<tr>
							<td colspan="2" style="vertical-align: top" class="TitleColor"><label for="security_code">' . $lang['email_verification_code'] . '</label>
								<input id="security_code" name="security_code" type="text" />
							</td>
						</tr>';
            }
            $display .= '<tr>
					<tr>
						<td colspan="2"><input type="submit" name="Submit" value="' . $lang['email_send'] . '">
						</td>
					</tr>
				</table>
				</form>';
        }
        return $display;
    }
 function add_listing()
 {
     @set_time_limit(1500);
     global $conn, $lang, $config;
     require_once $config['basepath'] . '/include/misc.inc.php';
     $misc = new misc();
     require_once $config['basepath'] . '/include/forms.inc.php';
     $forms = new forms();
     require_once $config['basepath'] . '/include/listing.inc.php';
     $listing = new listing_pages();
     $display = '';
     $display .= '<span class="section_header">' . $lang['admin_menu_add_a_listing'] . '</span>';
     if (isset($_POST['action']) && $_POST['action'] == "create_new_listing") {
         // Check Number of Listings User has
         if (isset($_POST['or_owner'])) {
             $or_owner = $misc->make_db_safe($_POST['or_owner']);
             $sql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $or_owner;
         } else {
             $sql = 'SELECT count(listingsdb_id) as listing_count FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $_SESSION['userID'];
         }
         $recordSet = $conn->Execute($sql);
         if ($recordSet === false) {
             $misc->log_error($sql);
         }
         $listing_count = $recordSet->fields['listing_count'];
         // Get User Listing Limit
         if (isset($_POST['or_owner'])) {
             $or_owner = $misc->make_db_safe($_POST['or_owner']);
             $sql = 'SELECT userdb_limit_listings FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $or_owner;
         } else {
             $sql = 'SELECT userdb_limit_listings FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $_SESSION['userID'];
         }
         $recordSet = $conn->Execute($sql);
         if ($recordSet === false) {
             $misc->log_error($sql);
         }
         $listing_limit = $recordSet->fields['userdb_limit_listings'];
         //Ok Decide if user can have more listings
         if ($listing_count >= $listing_limit && $listing_limit != '-1') {
             $display .= '<br />';
             $display .= '<!-- ' . $listing_count . ' >= ' . $listing_limit . ' -->';
             $display .= $lang['admin_listing_limit_reached'];
         } else {
             // creates a new listing
             if ($_POST['title'] == "") {
                 $display .= "<p>{$lang['admin_new_listing_enter_a_title']}</p>";
                 $display .= "<form><input type=\"button\" value=\"{$lang['back_button_text']}\" onclick=\"history.back()\" /></form>";
             } else {
                 $pass_the_form = $forms->validateForm('listingsformelements', $_POST['property_class']);
                 if ($pass_the_form != "Yes") {
                     // if we're not going to pass it, tell that they forgot to fill in one of the fields
                     foreach ($pass_the_form as $k => $v) {
                         if ($v == 'REQUIRED') {
                             $display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>";
                         }
                         if ($v == 'TYPE') {
                             $display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>";
                         }
                     }
                     $display .= "<form><input type=\"button\" value=\"{$lang['back_button_text']}\" onclick=\"history.back()\" /></form>";
                 } else {
                     $title = $misc->make_db_safe($_POST['title']);
                     $notes = $misc->make_db_safe($_POST['notes']);
                     $mlsexport = $misc->make_db_safe($_POST['mlsexport']);
                     if (isset($_POST['or_owner'])) {
                         $new_listing_owner = $_POST['or_owner'];
                         $sql_new_listing_owner = $misc->make_db_safe($_POST['or_owner']);
                     } else {
                         $new_listing_owner = $_SESSION['userID'];
                         $sql_new_listing_owner = $misc->make_db_safe($_SESSION['userID']);
                     }
                     // check to see if moderation is turned on...
                     if ($config['moderate_listings'] == false) {
                         $set_active = "yes";
                     } else {
                         $set_active = "no";
                     }
                     if (isset($_POST['active'])) {
                         $set_active = $_POST['active'];
                     }
                     // create the account with the random number as the password
                     $expiration_date = mktime(0, 0, 0, date("m"), date("d") + $config['days_until_listings_expire'], date("Y"));
                     $sql = "INSERT INTO " . $config['table_prefix'] . "listingsdb (listingsdb_title, listingsdb_notes, userdb_id, listingsdb_active, listingsdb_mlsexport, listingsdb_creation_date, listingsdb_last_modified, listingsdb_expiration, listingsdb_hit_count, listingsdb_featured) VALUES ({$title}, {$notes},  {$sql_new_listing_owner}, '{$set_active}', {$mlsexport}, " . $conn->DBDate(time()) . "," . $conn->DBTimeStamp(time()) . "," . $conn->DBDate($expiration_date) . ",0,'no')";
                     $recordSet = $conn->Execute($sql);
                     if ($recordSet === false) {
                         $misc->log_error($sql);
                     } else {
                         $new_listing_id = $conn->Insert_ID();
                     }
                     // end while
                     // Add Listing to the property class system.
                     foreach ($_POST['property_class'] as $class_id) {
                         $sql = 'INSERT INTO ' . $config['table_prefix_no_lang'] . 'classlistingsdb (listingsdb_id, class_id) VALUES(' . $new_listing_id . ',' . $class_id . ')';
                         $recordSet = $conn->Execute($sql);
                         if ($recordSet === false) {
                             $misc->log_error($sql);
                         }
                     }
                     // now that that's taken care of, it's time to insert all the rest
                     // of the variables into the database
                     $message = listing_editor::updateListingsData($new_listing_id, $new_listing_owner);
                     if ($message == "success") {
                         $display .= "<p>{$lang['admin_new_listing_created']}, {$_SESSION['username']}</p>";
                         if ($config['moderate_listings'] === "1") {
                             // if moderation is turned on...
                             $display .= "<p>{$lang['admin_new_listing_moderated']}</p>";
                         }
                         if (isset($_POST['or_owner'])) {
                             $display .= "<p><a href=\"index.php?action=edit_listings&amp;edit={$new_listing_id}\">{$lang['you_may_now_edit_the_listing']}</a></p>";
                         } else {
                             $display .= "<p><a href=\"index.php?action=edit_my_listings&amp;edit={$new_listing_id}\">{$lang['you_may_now_edit_your_listing']}</a></p>";
                         }
                         $display .= "<br /><p>{$lang['admin_additional_steps']}</p>";
                         $display .= '<form action="index.php?action=edit_listing_images" method="post" name="edit_listing_images"><input type="hidden" name="edit" value="' . $new_listing_id . '" /><a href="javascript:document.edit_listing_images.submit()">' . $lang['upload_images'] . '</a></form>';
                         $display .= '<br />';
                         if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havevtours'] == "yes") {
                             $display .= '<form action="index.php?action=edit_vtour_images" method="post" name="edit_vtour_images"><input type="hidden" name="edit" value="' . $new_listing_id . '" /><a href="javascript:document.edit_vtour_images.submit()">' . $lang['upload_vtours'] . '</a></form>';
                             $display .= '<br />';
                         }
                         if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") {
                             $display .= '<form action="index.php?action=edit_listing_files" method="post" name="edit_listing_files"><input type="hidden" name="edit" value="' . $new_listing_id . '" /><a href="javascript:document.edit_listing_files.submit()">' . $lang['upload_files'] . '</a></form>';
                             $display .= '<br />';
                         }
                         $misc->log_action("{$lang['log_created_listing']} {$new_listing_id}");
                         if ($config['email_notification_of_new_listings'] === "1") {
                             // if the site admin should be notified when a new listing is added
                             global $config, $lang;
                             $agent_email = $listing->getListingEmail($new_listing_id, true);
                             $agent_first_name = $listing->getListingAgentFirstName($new_listing_id);
                             $agent_last_name = $listing->getListingAgentLastName($new_listing_id);
                             $message = $_SERVER['REMOTE_ADDR'] . " -- " . date("F j, Y, g:i:s a") . "\r\n\r\n{$lang['admin_new_listing']}:\r\n{$config['baseurl']}/admin/index.php?action=edit_listings&edit={$new_listing_id}\r\n";
                             $header = "From: " . $agent_first_name . " " . $agent_last_name . " <" . $agent_email . ">\r\n";
                             $header .= "X-Sender: {$config['admin_email']}\r\n";
                             $header .= "Return-Path: {$config['admin_email']}\r\n";
                             $sent = $misc->send_email($agent_first_name . " " . $agent_last_name, $agent_email, $config['admin_email'], $message, $lang['admin_new_listing']);
                         }
                         // end if
                     } else {
                         $display .= "<p>{$lang['alert_site_admin']}</p>";
                     }
                     // end else
                 }
                 // end $pass_the_form == "Yes"
             }
             // end else
         }
         //End if (($listing_count >= $listing_limit) && ($listing_limit !== -1))
     } else {
         // Check Number of Listings User has
         $sql = 'SELECT count(listingsdb_id) FROM ' . $config['table_prefix'] . 'listingsdb WHERE userdb_id = ' . $_SESSION['userID'];
         $recordSet = $conn->Execute($sql);
         if ($recordSet === false) {
             $misc->log_error($sql);
         }
         $listing_count = $recordSet->fields[0];
         // Get User Listing Limit
         $sql = 'SELECT userdb_limit_listings FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $_SESSION['userID'];
         $recordSet = $conn->Execute($sql);
         if ($recordSet === false) {
             $misc->log_error($sql);
         }
         $listing_limit = $recordSet->fields[0];
         $display .= '<!-- ' . $listing_count . ' >= ' . $listing_limit . ' -->';
         if ($listing_count >= $listing_limit && $listing_limit !== '-1') {
             $display .= '<br />';
             $display .= $lang['admin_listing_limit_reached'];
         } else {
             //START FORM VALIDATION
             if (isset($_POST['property_class'])) {
                 $class_sql = '';
                 foreach ($_POST['property_class'] as $class_id) {
                     if (empty($class_sql)) {
                         $class_sql .= ' class_id = ' . $class_id;
                     } else {
                         $class_sql .= ' OR class_id = ' . $class_id;
                     }
                     $display .= '<input type="hidden" name="property_class[]" value="' . $class_id . '" />';
                 }
                 $pclass_list = '';
                 $sql = "SELECT DISTINCT(listingsformelements_id) FROM  " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql;
                 $recordSet = $conn->execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 while (!$recordSet->EOF) {
                     if (empty($pclass_list)) {
                         $pclass_list .= $recordSet->fields['listingsformelements_id'];
                     } else {
                         $pclass_list .= ',' . $recordSet->fields['listingsformelements_id'];
                     }
                     $recordSet->Movenext();
                 }
                 if ($pclass_list == '') {
                     $pclass_list = 0;
                 }
                 $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_id IN (" . $pclass_list . ") ORDER BY listingsformelements_rank, listingsformelements_field_name";
             } else {
                 $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements ORDER BY listingsformelements_rank, listingsformelements_field_name";
             }
             $recordSet = $conn->Execute($sql);
             if ($recordSet === false) {
                 $misc->log_error($sql);
             }
             $display .= "\r\n<script type=\"text/javascript\" >\r\n";
             $display .= "<!--\r\n";
             $display .= "function validate_form()\r\n";
             $display .= "{\r\n";
             $display .= "var msg=\"\"\r\n";
             $display .= "valid = true;\r\n";
             $display .= "if ( document.addlisting.title.value == \"\" )\r\n";
             $display .= "{\r\n";
             $display .= "msg += '{$lang['forgot_field']} {$lang['admin_listings_editor_title']} {$lang['admin_template_editor_field']}.\\r\\n';\r\n";
             $display .= "valid = false;\r\n";
             $display .= "}\r\n";
             while (!$recordSet->EOF) {
                 $field_name = $recordSet->fields['listingsformelements_field_name'];
                 $field_caption = $recordSet->fields['listingsformelements_field_caption'];
                 $required = $recordSet->fields['listingsformelements_required'];
                 if ($required == 'Yes') {
                     $display .= "if ( document.addlisting.{$field_name}.value == \"\" )\r\n";
                     $display .= "{\r\n";
                     $display .= "msg += '{$lang['forgot_field']} {$field_caption} {$lang['admin_template_editor_field']}.\\r\\n';\r\n";
                     $display .= "valid = false;\r\n";
                     $display .= "}\r\n";
                 }
                 $recordSet->MoveNext();
             }
             $display .= "if (msg != \"\")\r\n";
             $display .= "{\r\n";
             $display .= "alert (msg);";
             $display .= "}\r\n";
             $display .= "return valid;\r\n";
             $display .= "}\r\n";
             $display .= "//-->\r\n";
             $display .= "</script>\r\n";
             //END FORM VALIDATION
             $display .= '<form name="addlisting" action="index.php?action=add_listing" method="post" onsubmit="return validate_form ( );">';
             $display .= '<input type="hidden" name="action" value="create_new_listing" />';
             $display .= '<table class="form_main">';
             $display .= '<tr>';
             $display .= '<td align="right" class="row_main"><b>' . $lang['admin_listings_editor_title'] . '<span class="required">*</span></b></td>';
             $display .= '<td align="left" class="row_main"> <input type="text" name="title" /></td>';
             $display .= '</tr>';
             // Display Agent selection Option to assign listing
             if ($_SESSION['admin_privs'] == "yes" || $_SESSION['edit_all_listings'] == "yes") {
                 $display .= '<tr><td align="right"><b>' . $lang['listing_editor_listing_agent'] . ':</b></td>';
                 $display .= '<td align="left" class="row_main"><select name="or_owner" size="1">';
                 // find the name of the agent listed as ID in $edit_or_owner
                 $sql = "SELECT userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb WHERE (userdb_id = {$_SESSION['userID']})";
                 $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 // strip slashes so input appears correctly
                 $agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
                 $agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
                 if ($_SESSION['admin_privs'] != "yes") {
                     $display .= "<option value=\"{$_SESSION['userID']}\">{$agent_last_name},{$agent_first_name}</option>";
                 }
                 // fill list with names of all agents
                 $sql = "SELECT userdb_id, userdb_user_first_name, userdb_user_last_name FROM " . $config['table_prefix'] . "userdb where userdb_is_agent = 'yes' or userdb_is_admin = 'yes' ORDER BY userdb_user_last_name,userdb_user_first_name";
                 $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
                 $recordSet = $conn->Execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 while (!$recordSet->EOF) {
                     // strip slashes so input appears correctly
                     $agent_ID = $recordSet->fields['userdb_id'];
                     $agent_first_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
                     $agent_last_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
                     if ($agent_ID == $_SESSION['userID']) {
                         $display .= "<option value=\"{$agent_ID}\" selected=\"selected\">{$agent_last_name},{$agent_first_name}</option>";
                     } else {
                         $display .= "<option value=\"{$agent_ID}\">{$agent_last_name},{$agent_first_name}</option>";
                     }
                     $recordSet->MoveNext();
                 }
                 $display .= "</select></td>";
                 $display .= '</tr>';
             }
             if ($config["show_notes_field"] == 1) {
                 $display .= '<tr>';
                 $display .= '<td align="right" class="row_main"><b>' . $lang['admin_listings_editor_notes'] . '</b><br /><div class="small">(' . $lang['admin_listings_editor_notes_note'] . ')</div></td>';
                 $display .= '<td align="left" class="row_main"><textarea name="notes" cols="40" rows="6"></textarea></td>';
                 $display .= '</tr>';
             } else {
                 $display .= '<input type="hidden" name="notes" value="" />';
             }
             if ($config["export_listings"] == 1 && $_SESSION['export_listings'] == "yes") {
                 $display .= '<tr>';
                 $display .= '<td align="right" class="row_main"><b>' . $lang['admin_listings_editor_mlsexport'] . '</b><br /><div class="small">(' . $lang['admin_listings_editor_mlsexport'] . ')</div></td>';
                 $display .= '<td align="left" class="row_main">';
                 $display .= '<select size="1" name="mlsexport">';
                 $display .= '<option value="no" selected="selected">' . $lang['no'] . '</option>';
                 $display .= '<option value="yes">' . $lang['yes'] . '</option>';
                 $display .= '</select>';
                 $display .= '</td>';
                 $display .= '</tr>';
             } else {
                 $display .= '<input type="hidden" name="mlsexport" value="no" />';
             }
             // Determine which fields to show based on property class
             if (isset($_POST['property_class'])) {
                 $class_sql = '';
                 foreach ($_POST['property_class'] as $class_id) {
                     if (empty($class_sql)) {
                         $class_sql .= ' class_id = ' . $class_id;
                     } else {
                         $class_sql .= ' OR class_id = ' . $class_id;
                     }
                     $display .= '<input type="hidden" name="property_class[]" value="' . $class_id . '" />';
                 }
                 $pclass_list = '';
                 $sql = "SELECT DISTINCT(listingsformelements_id) FROM  " . $config['table_prefix_no_lang'] . "classformelements WHERE " . $class_sql;
                 $recordSet = $conn->execute($sql);
                 if ($recordSet === false) {
                     $misc->log_error($sql);
                 }
                 while (!$recordSet->EOF) {
                     if (empty($pclass_list)) {
                         $pclass_list .= $recordSet->fields['listingsformelements_id'];
                     } else {
                         $pclass_list .= ',' . $recordSet->fields['listingsformelements_id'];
                     }
                     $recordSet->Movenext();
                 }
                 if ($pclass_list == '') {
                     $pclass_list = 0;
                 }
                 $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements WHERE listingsformelements_id IN (" . $pclass_list . ") ORDER BY listingsformelements_rank, listingsformelements_field_name";
             } else {
                 $sql = "SELECT listingsformelements_field_type, listingsformelements_field_name, listingsformelements_field_caption, listingsformelements_default_text, listingsformelements_field_elements, listingsformelements_required, listingsformelements_field_length, listingsformelements_tool_tip from " . $config['table_prefix'] . "listingsformelements ORDER BY listingsformelements_rank, listingsformelements_field_name";
             }
             $recordSet = $conn->Execute($sql);
             if ($recordSet === false) {
                 $misc->log_error($sql);
             }
             while (!$recordSet->EOF) {
                 $field_type = $recordSet->fields['listingsformelements_field_type'];
                 $field_name = $recordSet->fields['listingsformelements_field_name'];
                 $field_caption = $recordSet->fields['listingsformelements_field_caption'];
                 $default_text = $recordSet->fields['listingsformelements_default_text'];
                 $field_elements = $recordSet->fields['listingsformelements_field_elements'];
                 $required = $recordSet->fields['listingsformelements_required'];
                 $field_length = $recordSet->fields['listingsformelements_field_length'];
                 $tool_tip = $recordSet->fields['listingsformelements_tool_tip'];
                 $field_type = $misc->make_db_unsafe($field_type);
                 $field_name = $misc->make_db_unsafe($field_name);
                 $field_caption = $misc->make_db_unsafe($field_caption);
                 $default_text = $misc->make_db_unsafe($default_text);
                 $field_elements = $misc->make_db_unsafe($field_elements);
                 $required = $misc->make_db_unsafe($required);
                 $field_length = $misc->make_db_unsafe($field_length);
                 $tool_tip = $misc->make_db_unsafe($tool_tip);
                 $display .= $forms->renderFormElement($field_type, $field_name, $field_caption, $default_text, $field_elements, $required, $field_length, $tool_tip);
                 $recordSet->MoveNext();
             }
             // end while
             $display .= $forms->renderFormElement("submit", "", "{$lang['submit']}", "", "", "");
             $display .= '<tr><td colspan="2" align="center" class="row_main">' . $lang['required_form_text'] . '</td></tr>';
             $display .= '</table>';
             $display .= '</form>';
         }
         //End
     }
     // end if
     return $display;
 }
 function NotifyUsersOfAllNewListings()
 {
     global $conn, $lang, $config;
     $display = '';
     require_once $config['basepath'] . '/include/misc.inc.php';
     $misc = new misc();
     require_once $config['basepath'] . '/include/search.inc.php';
     //Get Last Notification Timestamp
     $sql = 'SELECT controlpanel_notification_last_timestamp FROM ' . $config['table_prefix_no_lang'] . 'controlpanel';
     $recordSet = $conn->Execute($sql);
     if ($recordSet === false) {
         $misc->log_error($sql);
     }
     $last_timestamp = $conn->UnixTimeStamp($recordSet->fields['controlpanel_notification_last_timestamp']);
     //echo 'Timestamp'.$last_timestamp;
     $display .= 'Sending New Listing Notifications since ' . date(DATE_RFC822, $last_timestamp) . "<br />\r\n";
     $current_timestamp = time();
     $notify_count = 0;
     $sql = "SELECT " . $config['table_prefix'] . "usersavedsearches.userdb_id, usersavedsearches_title, usersavedsearches_query_string, usersavedsearches_notify, userdb_user_name, userdb_emailaddress\n\t\t\t\tFROM " . $config['table_prefix'] . "userdb , " . $config['table_prefix'] . "usersavedsearches\n\t\t\t\tWHERE " . $config['table_prefix'] . "userdb.userdb_id = " . $config['table_prefix'] . "usersavedsearches.userdb_id AND usersavedsearches_notify = 'yes'";
     $recordSet = $conn->Execute($sql);
     if ($recordSet === false) {
         $misc->log_error($sql);
     }
     while (!$recordSet->EOF) {
         $query_string = $misc->make_db_unsafe($recordSet->fields['usersavedsearches_query_string']);
         $user_id = $recordSet->fields['userdb_id'];
         $search_title = $misc->make_db_unsafe($recordSet->fields['usersavedsearches_title']);
         $email = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']);
         $user_name = $misc->make_db_unsafe($recordSet->fields['userdb_user_name']);
         $display .= 'Checking Notifications for Saved Search "' . $search_title . '" for ' . $user_name . "<br />\r\n";
         // Break Quesry String up into $_GET variables.
         unset($_GET);
         $query_string = urldecode($query_string);
         $criteria = explode('&', $query_string);
         foreach ($criteria as $crit) {
             if ($crit != '') {
                 $pieces = explode('=', $crit);
                 $pos = strpos($pieces[0], '[]');
                 if ($pos !== false) {
                     $name = substr($pieces[0], 0, -2);
                     $_GET[$name][] = $pieces[1];
                 } else {
                     $_GET[$pieces[0]] = $pieces[1];
                 }
             }
         }
         if (!isset($_GET)) {
             $_GET[] = '';
         }
         $_GET['listing_last_modified_greater'] = $last_timestamp;
         $matched_listing_ids = search_page::search_results(true);
         if (count($matched_listing_ids) >= 1) {
             //print_r($matched_listing_ids);
             //Get User Details
             //Now that we have a list of the listings, render the template
             $template = $this->renderNotifyListings($matched_listing_ids, $search_title, $user_name, $email);
             $display .= '<span class=redtext">Sent Listing Notification to ' . $user_name . '&lt;' . $email . '&gt; for listings ' . implode(',', $matched_listing_ids) . "</span><br />\r\n";
             // Send Mail
             if (isset($config['site_email']) && $config['site_email'] != '') {
                 $sender_email = $config['site_email'];
             } else {
                 $sender_email = $config['admin_email'];
             }
             $subject = $lang['new_listing_notify'] . $search_title;
             $sent = $misc->send_email($config['admin_name'], $sender_email, $email, $template, $subject, TRUE, TRUE);
         }
         $recordSet->MoveNext();
     }
     // while
     //Swt Last Notification Timestamp
     $db_timestamp = $conn->DBTimeStamp($current_timestamp);
     $sql = 'UPDATE ' . $config['table_prefix_no_lang'] . 'controlpanel SET controlpanel_notification_last_timestamp = ' . $db_timestamp;
     $recordSet = $conn->Execute($sql);
     if ($recordSet === false) {
         $misc->log_error($sql);
     }
     $display .= "Finish Sending Notifications<br />\r\n";
     return $display;
 }