/** * Insert or update an ad with form values. Setting $admin to true * allows ads to be saved on behalf of another user. * * @param string $savetype Save action to perform * @return array * [0] = string value of page to redirect to * [1] = content of any error message or text */ function adSave($savetype = 'edit') { global $_TABLES, $_CONF_ADVT, $_USER, $_CONF, $LANG_ADVT, $LANG12; global $LANG_ADMIN; $admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin'); // Sanitize form variables. There should always be an ad id defined $A = array(); if (isset($_POST['ad_id'])) { $A['ad_id'] = COM_sanitizeID($_POST['ad_id'], false); } elseif (isset($_POST['id'])) { $A['ad_id'] = COM_sanitizeID($_POST['id'], false); } if ($A['ad_id'] == '') { return array(CLASSIFIEDS_URL, 'Missing Ad ID'); } // Make sure the current user can edit this ad. if (CLASSIFIEDS_checkAccess($A['ad_id']) < 3) { return array(); } $A['subject'] = trim($_POST['subject']); $A['descript'] = trim($_POST['descript']); if ($_POST['postmode'] == 'plaintext') { $A['descript'] = nl2br($A['descript']); } $A['price'] = trim($_POST['price']); $A['url'] = COM_sanitizeUrl($_POST['url'], array('http', 'https'), 'http'); $A['catid'] = (int) $_POST['catid']; $A['ad_type'] = (int) $_POST['ad_type']; $A['keywords'] = trim($_POST['keywords']); $A['add_date'] = COM_applyFilter($_POST['add_date'], true); $A['exp_date'] = COM_applyFilter($_POST['exp_date'], true); if ($A['exp_date'] == 0) { $A['exp_date'] = $A['add_date']; } $A['exp_sent'] = (int) $_POST['exp_sent'] == 1 ? 1 : 0; $A['owner_id'] = (int) $_POST['owner_id']; $A['group_id'] = (int) $_POST['group_id']; $A['uid'] = $A['owner_id']; $A['comments_enabled'] = (int) $_POST['comments_enabled']; switch ($savetype) { case 'moderate': case 'adminupdate': case 'savesubmission': case 'editsubmission': case 'submission': $perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']); $A['perms'] = $perms; break; case $LANG_ADMIN['save']: case $LANG12[8]: default: $A['perms'] = array((int) $_POST['perm_owner'], (int) $_POST['perm_group'], (int) $_POST['perm_members'], (int) $_POST['perm_anon']); break; } // Set anon permissions according to category if not an admin. // To avoid form injection. if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') { $A['perms'][3] = 0; } $photo = $_FILES['photo']; $moredays = COM_applyFilter($_POST['moredays'], true); if ($_CONF_ADVT['purchase_enabled'] && !$admin) { // non-administrator is limited to the available days on account, // if applicable. USES_classifieds_class_userinfo(); $User = new adUserInfo(); $moredays = min($moredays, $User->getMaxDays()); } // Validate some fields. $errmsg = ''; if ($A['subject'] == '') { $errmsg .= "<li>{$LANG_ADVT['subject_required']}</li>"; } if ($A['descript'] == '') { $errmsg .= "<li>{$LANG_ADVT['description_required']}</li>"; } if ($errmsg != '') { $errmsg = "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n"; // return to edit page so user can correct return array(1, $errmsg); //return $errmsg; } // Calculate the new number of days. For an existing ad start from the // date added, if new then start from now. If the ad has already expired, // then $moredays will be added to now() rather than exp_date. if ($moredays > 0) { $moretime = $moredays * 86400; $save_exp_date = $A['exp_date']; if ($A['exp_date'] < time()) { $basetime = time(); } else { $basetime = $A['exp_date']; } $A['exp_date'] = min($basetime + $moretime, $A['add_date'] + intval($_CONF_ADVT['max_total_duration']) * 86400); // Figure out the number of days added to this ad, and subtract // it from the user's account. $days_used = (int) (($A['exp_date'] - $save_exp_date) / 86400); if ($_CONF_ADVT['purchase_enabled'] && !$admin) { $User->UpdateDaysBalance($days_used * -1); } // Reset the "expiration notice sent" flag if the new date is at least // one more day from the old one. //if ($A['exp_date'] - $save_exp_date >= 86400) { if ($days_used > 0) { $A['exp_sent'] = 0; } } $errmsg .= CLASSIFIEDS_UploadPhoto($A['ad_id'], 'photo'); if ($errmsg != '') { // Display the real error message, if there is one return array(1, "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n"); //return "<span class=\"alert\"><ul>$errmsg</ul></span>\n"; } if (($savetype == 'moderate' || $savetype == 'editsubmission' || $savetype == 'submission') && plugin_ismoderator_classifieds()) { // If we're editing a submission, delete the submission item // after moving data to the main table $status = CLASSIFIEDS_insertAd($A, 'ad_ads'); if ($status == NULL) { DB_delete($_TABLES['ad_submission'], 'ad_id', $A['ad_id']); } else { $errmsg = $status; } // Now we've duplicated most functions of the moderator approval, // so call the plugin_ function to do the same post-approval stuff plugin_moderationapprove_classifieds($A['ad_id'], $A['owner_id']); } elseif (CLASSIFIEDS_checkAccess($A['ad_id']) == 3) { CLASSIFIEDS_updateAd($A); } else { return array(1, "Acess Denied"); } //$errmsg = COM_showMessage('02', $_CONF_ADVT['pi_name']); //$errmsg = ''; if ($errmsg == '') { return array(0, '02'); } else { return array(1, $errmsg); } //return $errmsg; }