function storeTags($iID, $sTags, $sType)
{
$aTags = explodeTags($sTags);
db_res("DELETE FROM `sys_tags` WHERE `ID` = {$iID} AND `Type` = '{$sType}'");
//re-store if exist
foreach ($aTags as $sTag) {
$sTag = addslashes($sTag);
db_res("INSERT INTO `sys_tags` VALUES ( '{$sTag}', {$iID}, '{$sType}', CURRENT_TIMESTAMP )", 0);
}
}
function storeTags($iID, $sTags, $sType)
{
$aTags = explodeTags($sTags);
db_res("DELETE FROM `sys_tags` WHERE `ID` = ? AND `Type` = ?", [$iID, $sType]);
//re-store if exist
foreach ($aTags as $sTag) {
$sTag = addslashes($sTag);
db_res("INSERT INTO `sys_tags` VALUES ( ?, ?, ?, CURRENT_TIMESTAMP )", [$sTag, $iID, $sType]);
}
}
function _passTags($s)
{
$sTags = $this->passXss($s);
$aTags = explodeTags($sTags);
return implode(",", $aTags);
}
/**
* SQL Updating fields of Advertisement
*
* @param $iEditAdvertisementID ID`s of editing Advertisement
* @return Text presentation of data
*/
function ActionUpdateAdvertisementID($iEditAdvertisementID)
{
$sCheckPostSQL = "SELECT `IDProfile`\r\n\t\t\t\t\t\t\tFROM `ClassifiedsAdvertisements`\r\n\t\t\t\t\t\t\tWHERE `ID`={$iEditAdvertisementID}\r\n\t\t\t\t\t\t";
$aAdvOwner = db_arr($sCheckPostSQL);
$iAdvOwner = $aAdvOwner['IDProfile'];
$iVisitorID = (int) $_COOKIE['memberID'];
if (($iVisitorID == $iAdvOwner || $this->bAdminMode) && $iEditAdvertisementID > 0) {
if ($this->bAdminMode == FALSE) {
$sRestrictRes = $this->RestrictAction($iVisitorID);
if ($sRestrictRes != '') {
return $sRestrictRes;
}
//if ($this->RestrictAction($iVisitorID)) return;
}
require_once BX_DIRECTORY_PATH_INC . 'tags.inc.php';
$sSuccUpd = _t("_SUCC_UPD_ADV");
$sFailUpd = _t("_FAIL_UPD_ADV");
$sCategoryID = process_db_input($_POST['Classified']);
$sSubCategoryID = process_db_input($_POST['SubClassified']);
$sCustomFieldValue1 = (int) $_POST['CustomFieldValue1'];
$sCustomFieldValue2 = (int) $_POST['CustomFieldValue2'];
$sTags = process_db_input($_POST['Tags']);
$aTags = explodeTags($sTags);
$sTags = implode(",", $aTags);
$sSubject = $this->process_html_db_input($_POST['subject']);
$sMessage = $this->process_html_db_input($_POST['message']);
$changeCat = ($sCategoryID > 0 and $sSubCategoryID > 0) ? "`IDClassifiedsSubs`='{$sSubCategoryID}', " : '';
//1. get a new files and return string-array
$sNewMedias = $this->parseUploadedFiles($iAdvOwner);
//2. get current media datas from cls
$aAdvData = $this->GetAdvertisementData($iEditAdvertisementID);
$sMediaIDs = $aAdvData['Media'];
//3. merge both
$aOldChunks = preg_split("/[,]+/", $sMediaIDs, -1, PREG_SPLIT_NO_EMPTY);
$aNewChunks = preg_split("/[,]+/", $sNewMedias, -1, PREG_SPLIT_NO_EMPTY);
$aResultChunks = array_merge($aNewChunks, $aOldChunks);
$sResultChunks = implode(",", $aResultChunks);
$sPicsAddSQL = count($aNewChunks) > 0 ? "`Media` = '{$sResultChunks}'," : '';
//$sNewUri = uriGenerate($sSubject, 'ClassifiedsAdvertisements', 'EntryUri', 50);
//4. update result
$sQuery = "\r\n\t\t\t\tUPDATE `ClassifiedsAdvertisements` SET\r\n\t\t\t\t{$changeCat}\r\n\t\t\t\t`Subject`='{$sSubject}',\r\n\t\t\t\t`Message`='{$sMessage}',\r\n\t\t\t\t`CustomFieldValue1`={$sCustomFieldValue1},\r\n\t\t\t\t`CustomFieldValue2`={$sCustomFieldValue2},\r\n\t\t\t\t{$sPicsAddSQL}\r\n\t\t\t\t`Tags`='{$sTags}'\r\n\t\t\t\tWHERE `ID`={$iEditAdvertisementID}\r\n\t\t\t";
$vSqlRes = db_res($sQuery);
$sRet = mysql_affected_rows() > 0 ? _t($sSuccUpd) : _t($sFailUpd);
reparseObjTags('ad', $iEditAdvertisementID);
$this->UseDefaultCF();
return MsgBox($sRet) . $this->ActionPrintAdvertisement($iEditAdvertisementID);
} elseif ($iVisitorID != $iAdvOwner) {
return MsgBox(_t('_Hacker String'));
} else {
return MsgBox(_t('_Error Occured'));
}
}
/**
* Adding a New Post SQL
*
* @param $iLastID - returning Last Inserted ID (SQL) (just try)
* @return HTML presentation of data
*/
function ActionAddNewPost(&$iLastID)
{
global $dir;
$this->CheckLogged();
$iCategoryID = process_db_input((int) $_POST['categoryID']);
$sCheckPostSQL = "SELECT `OwnerID`\n\t\t\t\t\t\t\tFROM `BlogCategories`\n\t\t\t\t\t\t\tWHERE `CategoryID`={$iCategoryID}\n\t\t\t\t\t\t";
$aCategoryOwner = db_arr($sCheckPostSQL);
$iCategoryOwnerID = $aCategoryOwner['OwnerID'];
if ($this->aBlogConf['visitorID'] == $iCategoryOwnerID && $iCategoryID > 0) {
$sPostCaption = process_db_input($_POST['caption']);
$sPostUri = uriGenerate($sPostCaption, 'BlogPosts', 'PostUri');
$sPostText = process_db_input($_POST['blogText']);
$commentPerm = process_db_input($_POST['commentPerm']);
$readPerm = process_db_input($_POST['readPerm']);
$sTagsPerm = process_db_input($_POST['tags']);
$aTags = explodeTags($sTagsPerm);
$sTagsPerm = implode(",", $aTags);
$queryActionAdd = " INSERT INTO ";
$sAutoApprovalVal = getParam('blogAutoApproval') == 'on' ? "approval" : "disapproval";
$addQuery = "\n\t\t\t\t{$queryActionAdd} `BlogPosts`\n\t\t\t\tSET\n\t\t\t\t\t`CategoryID` = '{$iCategoryID}',\n\t\t\t\t\t`PostCaption` = '{$sPostCaption}',\n\t\t\t\t\t`PostUri` = '{$sPostUri}',\n\t\t\t\t\t`PostText` = '{$sPostText}',\n\t\t\t\t\t`PostReadPermission` = '{$readPerm}',\n\t\t\t\t\t`PostCommentPermission` = '{$commentPerm}',\n\t\t\t\t\t`PostStatus` = '{$sAutoApprovalVal}',\n\t\t\t\t\t`Tags` = '{$sTagsPerm}',\n\t\t\t\t\t`PostDate` = NOW()\n\t\t\t";
$sRet = _t('_failed_to_add_post');
if (db_res($addQuery)) {
$iLastId = mysql_insert_id();
$this->iLastPostedPostID = $iLastId;
if (0 < $_FILES['BlogPic']['size'] && 0 < strlen($_FILES['BlogPic']['name']) && 0 < $iLastId) {
$sFileName = 'blog_' . $iLastId;
$sExt = moveUploadedImage($_FILES, 'BlogPic', $dir['blogImage'] . $sFileName, '', false);
if (strlen($sExt) && !(int) $sExt) {
imageResize($dir['blogImage'] . $sFileName . $sExt, $dir['blogImage'] . 'small_' . $sFileName . $sExt, $this->iIconSize / 2, $this->iIconSize / 2);
imageResize($dir['blogImage'] . $sFileName . $sExt, $dir['blogImage'] . 'big_' . $sFileName . $sExt, $this->iThumbSize, $this->iThumbSize);
chmod($dir['blogImage'] . 'small_' . $sFileName . $sExt, 0644);
chmod($dir['blogImage'] . 'big_' . $sFileName . $sExt, 0644);
$query = "UPDATE `BlogPosts` SET `PostPhoto` = '" . $sFileName . $sExt . "' WHERE `PostID` = '{$iLastId}'";
db_res($query);
@unlink($dir['blogImage'] . $sFileName . $sExt);
}
}
if ($iLastId > 0) {
$sRet = _t('_post_successfully_added');
reparseObjTags('blog', $iLastId);
}
}
return MsgBox($sRet);
} elseif ($this->aBlogConf['visitorID'] != $iCategoryOwnerID) {
return MsgBox(_t('_Hacker String'));
} else {
return MsgBox(_t('_Error Occured'));
}
}
/**
* function for New/Edit event
* @return Text Result
*/
function SDAddEvent($iEventID = -1)
{
//for update event
//print $iEventID;
global $dir;
global $logged;
global $site;
if (!$logged['member'] && !$logged['admin']) {
member_auth(0);
}
// collect information about current member
$aMember['ID'] = (int) $_COOKIE['memberID'];
$aMemberData = getProfileInfo($aMember['ID']);
// common
$sEventTitle = process_db_input($_POST['event_title']);
$sEventDesc = $this->process_html_db_input($_POST['event_desc']);
$sEventStatusMessage = process_db_input($_POST['event_statusmsg']);
// event place
$sEventCountry = process_db_input($_POST['event_country']);
$sEventCity = process_db_input($_POST['event_city']);
$EventPlace = process_db_input($_POST['event_place']);
$sTags = process_db_input($_POST['event_tags']);
$aTags = explodeTags($sTags);
$sTags = implode(",", $aTags);
$sPictureName = $sBaseName;
$aScan = getimagesize($_FILES['event_photo']['tmp_name']);
if (in_array($aScan[2], array(1, 2, 3, 6)) && 0 < strlen($_FILES['event_photo']['name'])) {
$sCurrentTime = time();
if ($iEventID == -1) {
$sBaseName = 'g_' . $sCurrentTime . '_1';
} else {
$sBaseName = db_value("SELECT `PhotoFilename` FROM `SDatingEvents` WHERE `ID`={$iEventID} LIMIT 1");
if ($sBaseName != "") {
if (ereg("([a-z0-9_]+)\\.", $sBaseName, $aRegs)) {
$sBaseName = $aRegs[1];
}
} else {
$sBaseName = $sBaseName != "" ? $sBaseName : 'g_' . $sCurrentTime . '_1';
}
}
$sExt = moveUploadedImage($_FILES, 'event_photo', $dir['tmp'] . $sBaseName, '', false);
$sBaseName .= $sExt;
$sPictureName = $sBaseName;
$sThumbName = 'thumb_' . $sBaseName;
$sIconName = 'icon_' . $sBaseName;
// resize for thumbnail
$vRes = imageResize($dir['tmp'] . $sBaseName, $dir['sdatingImage'] . $sThumbName, $this->iThumbSize, $this->iThumbSize);
if ($vRes != IMAGE_ERROR_SUCCESS) {
return SDATING_ERROR_PHOTO_PROCESS;
}
$vRes = imageResize($dir['tmp'] . $sBaseName, $dir['sdatingImage'] . $sPictureName, $this->iImgSize, $this->iImgSize);
if ($vRes != IMAGE_ERROR_SUCCESS) {
return SDATING_ERROR_PHOTO_PROCESS;
}
$vRes = imageResize($dir['tmp'] . $sBaseName, $dir['sdatingImage'] . $sIconName, $this->iIconSize, $this->iIconSize);
if ($vRes != IMAGE_ERROR_SUCCESS) {
return SDATING_ERROR_PHOTO_PROCESS;
}
unlink($dir['tmp'] . $sBaseName);
chmod($dir['sdatingImage'] . $sPictureName, 0644);
chmod($dir['sdatingImage'] . $sThumbName, 0644);
chmod($dir['sdatingImage'] . $sIconName, 0644);
$sEventPhotoFilename = process_db_input($sPictureName);
} else {
$sEventPhotoFilename = '';
}
$sPictureSQL = '';
if ($iEventID > 0 && $sEventPhotoFilename != '') {
$sPictureSQL = "`PhotoFilename` = '{$sEventPhotoFilename}',";
}
// event date
$sEventStart = strtotime($_REQUEST['event_start']);
if ($sEventStart == -1) {
return SDATING_ERROR_WRONG_DATE_FORMAT;
}
if ($this->bAdminMode) {
$sEventEnd = strtotime($_POST['event_end']);
//if ( $sEventEnd == -1 )
// return SDATING_ERROR_WRONG_DATE_FORMAT;
$sEventSaleStart = strtotime($_POST['event_sale_start']);
//if ( $sEventSaleStart == -1 )
// return SDATING_ERROR_WRONG_DATE_FORMAT;
$sEventSaleEnd = strtotime($_POST['event_sale_end']);
//if ( $sEventSaleEnd == -1 )
// return SDATING_ERROR_WRONG_DATE_FORMAT;
//if ( $sEventEnd < $sEventStart || $sEventSaleEnd < $sEventSaleStart || $sEventStart < $sEventSaleStart )
// return SDATING_ERROR_WRONG_DATE_FORMAT;
$sEventEndVal = "FROM_UNIXTIME( {$sEventEnd} )";
$sEventSaleStartVal = "FROM_UNIXTIME( {$sEventSaleStart} )";
$sEventSaleEndVal = "FROM_UNIXTIME( {$sEventSaleEnd} )";
} else {
$sEventEndVal = 'NOW()';
$sEventSaleStartVal = 'NOW()';
$sEventSaleEndVal = 'NOW()';
}
// event responsible
$sEventRespId = $this->bAdminMode ? 0 : process_db_input($aMemberData['ID'], 0, 1);
$sEventRespName = $this->bAdminMode ? _t('Admin') : process_db_input($aMemberData['NickName'], 0, 1);
$sEventRespEmail = $this->bAdminMode ? $site['email'] : process_db_input($aMemberData['Email'], 0, 1);
$sEventRespPhone = $this->bAdminMode ? '666' : process_db_input($aMemberData['Phone'], 0, 1);
$iEventAgeLowerFilter = (int) getParam('search_start_age');
$iEventAgeUpperFilter = (int) getParam('search_end_age');
$sEventMembershipFilter = "\\'all\\'";
$iEventCountF = (int) $_POST['event_count_female'];
$iEventCountM = (int) $_POST['event_count_male'];
$dEventPriceF = '0.00';
$dEventPriceM = '0.00';
$dEventPriceC = '0.00';
// choose options
$iEventChoosePeriod = 5;
// allow to view participants
$iEventAllowView = '1';
if ($iEventID == -1) {
$sNewUri = uriGenerate($sEventTitle, 'SDatingEvents', 'EntryUri', 100);
//Commented elements
/*`EventEnd` = FROM_UNIXTIME( {$sEventEnd} ),*/
/*`TicketSaleStart` = FROM_UNIXTIME( {$sEventSaleStart} ),*/
/*`TicketSaleEnd` = FROM_UNIXTIME( {$sEventSaleEnd} ),*/
$vRes = db_res("INSERT INTO `SDatingEvents` SET\r\n\t\t\t\t\t\t`Title` = '{$sEventTitle}',\r\n\t\t\t\t\t\t`EntryUri` = '{$sNewUri}',\r\n\t\t\t\t\t\t`Description` = '{$sEventDesc}',\r\n\t\t\t\t\t\t`Status` = 'Active',\r\n\t\t\t\t\t\t`StatusMessage` = '{$sEventStatusMessage}',\r\n\t\t\t\t\t\t`Country` = '{$sEventCountry}',\r\n\t\t\t\t\t\t`City` = '{$sEventCity}',\r\n\t\t\t\t\t\t`Place` = '{$EventPlace}',\r\n\t\t\t\t\t\t`PhotoFilename` = '{$sEventPhotoFilename}',\r\n\t\t\t\t\t\t`EventStart` = FROM_UNIXTIME( {$sEventStart} ),\r\n\t\t\t\t\t\t`EventEnd` = {$sEventEndVal},\r\n\t\t\t\t\t\t`TicketSaleStart` = {$sEventSaleStartVal},\r\n\t\t\t\t\t\t`TicketSaleEnd` = {$sEventSaleEndVal},\r\n\t\t\t\t\t\t`ResponsibleID` = '{$sEventRespId}',\r\n\t\t\t\t\t\t`ResponsibleName` = '{$sEventRespName}',\r\n\t\t\t\t\t\t`ResponsibleEmail` = '{$sEventRespEmail}',\r\n\t\t\t\t\t\t`ResponsiblePhone` = '{$sEventRespPhone}',\r\n\t\t\t\t\t\t`EventSexFilter` = 'female,male',\r\n\t\t\t\t\t\t`EventAgeLowerFilter` = {$iEventAgeLowerFilter},\r\n\t\t\t\t\t\t`EventAgeUpperFilter` = {$iEventAgeUpperFilter},\r\n\t\t\t\t\t\t`EventMembershipFilter` = '{$sEventMembershipFilter}',\r\n\t\t\t\t\t\t`TicketCountFemale` = {$iEventCountF},\r\n\t\t\t\t\t\t`TicketCountMale` = {$iEventCountM},\r\n\t\t\t\t\t\t`TicketPriceFemale` = {$dEventPriceF},\r\n\t\t\t\t\t\t`TicketPriceMale` = {$dEventPriceM},\r\n\t\t\t\t\t\t`ChoosePeriod` = {$iEventChoosePeriod},\r\n\t\t\t\t\t\t`AllowViewParticipants` = {$iEventAllowView},\r\n\t\t\t\t\t\t`Tags` = '{$sTags}'\r\n\t\t\t\t\t\t");
$iLastID = mysql_insert_id();
if ($iLastID > 0) {
$this->iLastInsertedID = $iLastID;
reparseObjTags('event', $iLastID);
}
} else {
//$sNewUri = uriGenerate($sEventTitle, 'SDatingEvents', 'EntryUri', 100);
//Commented elements
/*`EventEnd` = FROM_UNIXTIME( {$sEventEnd} ),*/
/*`TicketSaleStart` = FROM_UNIXTIME( {$sEventSaleStart} ),*/
/*`TicketSaleEnd` = FROM_UNIXTIME( {$sEventSaleEnd} ),*/
$vRes = db_res("UPDATE `SDatingEvents` SET\r\n\t\t\t\t\t\t`Title` = '{$sEventTitle}',\r\n\t\t\t\t\t\t`Description` = '{$sEventDesc}',\r\n\t\t\t\t\t\t`Status` = 'Active',\r\n\t\t\t\t\t\t`StatusMessage` = '{$sEventStatusMessage}',\r\n\t\t\t\t\t\t`Country` = '{$sEventCountry}',\r\n\t\t\t\t\t\t`City` = '{$sEventCity}',\r\n\t\t\t\t\t\t`Place` = '{$EventPlace}',\r\n\t\t\t\t\t\t{$sPictureSQL}\r\n\t\t\t\t\t\t`EventStart` = FROM_UNIXTIME( {$sEventStart} ),\r\n\t\t\t\t\t\t`EventEnd` = {$sEventEndVal},\r\n\t\t\t\t\t\t`TicketSaleStart` = {$sEventSaleStartVal},\r\n\t\t\t\t\t\t`TicketSaleEnd` = {$sEventSaleEndVal},\r\n\t\t\t\t\t\t`ResponsibleID` = '{$sEventRespId}',\r\n\t\t\t\t\t\t`ResponsibleName` = '{$sEventRespName}',\r\n\t\t\t\t\t\t`ResponsibleEmail` = '{$sEventRespEmail}',\r\n\t\t\t\t\t\t`ResponsiblePhone` = '{$sEventRespPhone}',\r\n\t\t\t\t\t\t`EventSexFilter` = 'female,male',\r\n\t\t\t\t\t\t`EventAgeLowerFilter` = {$iEventAgeLowerFilter},\r\n\t\t\t\t\t\t`EventAgeUpperFilter` = {$iEventAgeUpperFilter},\r\n\t\t\t\t\t\t`EventMembershipFilter` = '{$sEventMembershipFilter}',\r\n\t\t\t\t\t\t`TicketCountFemale` = {$iEventCountF},\r\n\t\t\t\t\t\t`TicketCountMale` = {$iEventCountM},\r\n\t\t\t\t\t\t`TicketPriceFemale` = {$dEventPriceF},\r\n\t\t\t\t\t\t`TicketPriceMale` = {$dEventPriceM},\r\n\t\t\t\t\t\t`ChoosePeriod` = {$iEventChoosePeriod},\r\n\t\t\t\t\t\t`AllowViewParticipants` = {$iEventAllowView},\r\n\t\t\t\t\t\t`Tags` = '{$sTags}'\r\n\t\t\t\t\t\tWHERE `ID` = {$iEventID}\r\n\t\t\t\t\t\t");
reparseObjTags('event', $iEventID);
}
return SDATING_ERROR_SUCCESS;
}
