/**
* This function creates an Ad Form
*
* Creates an Form for an Ad using the supplied defaults (if specified).
*
* @param array $ad array of values describing an Ad
* @return string HTML string of Ad form
*/
function CLASSIFIEDS_getAdForm($ad = array(), $copy = false)
{
global $_CONF, $_CLASSIFIEDS_CONF, $LANG_CLASSIFIEDS_2, $LANG_CLASSIFIEDS_ADMIN, $_TABLES, $LANG24, $LANG_ADMIN, $_USER;
if ($_USER['uid'] < 2) {
return CLASSIFIEDS_loginRequiredForm();
}
if (!SEC_hasRights('classifieds.publish')) {
//Give publish rights to logged-in users if there is no group with this feature
$ft_id = DB_getItem($_TABLES['features'], 'ft_id', "ft_name = 'classifieds.publish'");
$grp_id = DB_getItem($_TABLES['access'], 'acc_grp_id', "acc_ft_id = {$ft_id}");
//COM_errorLog('Classifieds feature: ' . $ft_id . ' | Group: ' . $grp_id );
if ($grp_id == '') {
// Give access
} else {
// Display message
return $LANG_CLASSIFIEDS_2['access_reserved'] . ' <strong>"' . DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = {$grp_id}") . '"</strong>';
}
}
$active = true;
if ($ad != '') {
$created = COM_getUserDateTimeFormat($A['created']);
$active_days = (time() - $created['1']) / (24 * 3600);
if ($active_days > $_CLASSIFIEDS_CONF['active_days']) {
$active = false;
}
if ((SEC_hasAccess2($ad) != 3 || $ad['deleted'] == 1 || $active == false) && !SEC_hasRights('classifieds.admin')) {
echo COM_refresh($_CLASSIFIEDS_CONF['site_url'] . "/index.php?error=0");
exit;
}
}
//Display form
$ad['clid'] == '' ? $retval = COM_startBlock($LANG_CLASSIFIEDS_2['insert_new_ad']) : ($retval = COM_startBlock($LANG_CLASSIFIEDS_2['edit_label'] . ' ' . $ad['title']));
$template = new Template($_CONF['path'] . 'plugins/classifieds/templates');
$template->set_file(array('ad' => 'ad_form.thtml'));
$template->set_var('site_url', $_CLASSIFIEDS_CONF['site_url']);
$template->set_var('xhtml', XHTML);
$template->set_var('gltoken_name', CSRF_TOKEN);
$template->set_var('gltoken', SEC_createToken());
if (is_numeric($ad['clid'])) {
$template->set_var('clid', '<input type="hidden" name="clid" value="' . $ad['clid'] . '" />');
} else {
$template->set_var('clid', '');
}
//Your Ad
$template->set_var('your_ad', $LANG_CLASSIFIEDS_2['your_ad']);
//category
$categories = '';
$template->set_var('category_label', $LANG_CLASSIFIEDS_2['category']);
$categories .= '<option value="0">' . $LANG_CLASSIFIEDS_2['choose_category'] . '</option>';
$categories .= CLASSIFIEDS_adOptionList($_TABLES['cl_cat'], 'cid,category,pid', $ad['catid'], 'catorder', "catdeleted=0");
$template->set_var('categories', $categories);
//type
$template->set_var('type_label', $LANG_CLASSIFIEDS_2['type']);
if ($ad['type'] == '1') {
$template->set_var('type_d', ' selected');
$template->set_var('type_o', '');
} elseif ($ad['type'] == '0') {
$template->set_var('type_d', '');
$template->set_var('type_o', ' selected');
} else {
$template->set_var('type_d', '');
$template->set_var('type_o', '');
}
$choosetype = '<option value="-1">' . $LANG_CLASSIFIEDS_2['choose_type'] . '</option>';
$template->set_var('choose_type', $choosetype);
$template->set_var('offer', $LANG_CLASSIFIEDS_2['offer']);
$template->set_var('demand', $LANG_CLASSIFIEDS_2['demand']);
//title
$template->set_var('title_label', $LANG_CLASSIFIEDS_2['title']);
$template->set_var('title', $ad['title']);
$template->set_var('currency', $_CLASSIFIEDS_CONF['currency']);
//text
$template->set_var('text_label', $LANG_CLASSIFIEDS_2['text']);
$template->set_var('text', $ad['text']);
//Price
$template->set_var('price_label', $LANG_CLASSIFIEDS_2['price']);
$template->set_var('price', number_format(floatval($ad['price']), $_CONF['decimal_count']));
//images
$template->set_var('images', $LANG_CLASSIFIEDS_2['images']);
$fileinputs = '';
$saved_images = '';
if ($_CLASSIFIEDS_CONF['max_images_per_ad'] > 0) {
if ($ad['clid'] != '') {
$icount = DB_count($_TABLES['cl_pic'], 'pi_pid', $ad['clid']);
if ($icount > 0) {
$result_pics = DB_query("SELECT * FROM {$_TABLES['cl_pic']} WHERE pi_pid = '" . $ad['clid'] . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_pics);
$saved_images .= '<div><p>' . $z . ') ' . '<a class="lightbox" href="' . $_CLASSIFIEDS_CONF['site_url'] . '/timthumb.php?src=' . $_CLASSIFIEDS_CONF['url_images'] . $I['pi_filename'] . '&w=640"><img src="' . $_CLASSIFIEDS_CONF['site_url'] . '/timthumb.php?src=' . $_CLASSIFIEDS_CONF['url_images'] . $I['pi_filename'] . '&w=' . $size . '&h=' . $size . '" align="top" alt="' . $A['title'] . '" /></a>' . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['pi_img_num'] . ']"' . XHTML . '><br' . XHTML . '></p></div>';
}
}
}
$newallowed = $_CLASSIFIEDS_CONF['max_images_per_ad'] - $icount;
for ($z = $icount + 1; $z <= $_CLASSIFIEDS_CONF['max_images_per_ad']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '> ';
if ($z < $_CLASSIFIEDS_CONF['max_images_per_ad']) {
$fileinputs .= '<br' . XHTML . '>';
}
}
}
$template->set_var('saved_images', $saved_images);
$template->set_var('image_form_elements', $fileinputs);
//your details
if (!is_numeric($ad['clid'])) {
$data = DB_query("SELECT *\n FROM {$_TABLES['cl_users']} \n\t\t\tWHERE user_id = {$_USER['uid']}\n\t\t");
$user_data = DB_fetchArray($data, true);
$ad['status'] = $user_data['status'];
$ad['tel'] = $user_data['tel'];
$ad['postcode'] = $user_data['postcode'];
$ad['city'] = $user_data['city'];
$ad['siren'] = $user_data['siren'];
}
$template->set_var('your_details', $LANG_CLASSIFIEDS_2['your_details']);
$template->set_var('status_label', $LANG_CLASSIFIEDS_2['status']);
$template->set_var('private', $LANG_CLASSIFIEDS_2['private']);
$template->set_var('professional', $LANG_CLASSIFIEDS_2['professional']);
if ($ad['status'] == '1') {
$template->set_var('pro_yes', ' selected');
$template->set_var('pro_no', '');
} elseif ($ad['status'] == '0') {
$template->set_var('pro_yes', '');
$template->set_var('pro_no', ' selected');
} else {
$template->set_var('pro_no', '');
$template->set_var('pro_yes', '');
}
$choose_status = '<option value="-1">' . $LANG_CLASSIFIEDS_2['choose_status'] . '</option>';
$template->set_var('choose_status', $choose_status);
$template->set_var('siren_label', $LANG_CLASSIFIEDS_2['siren']);
$template->set_var('siren', $ad['siren']);
$template->set_var('tel_label', $LANG_CLASSIFIEDS_2['tel']);
$template->set_var('tel', $ad['tel']);
$template->set_var('hide_tel_label', $LANG_CLASSIFIEDS_2['hide_tel']);
$template->set_var('hide_tel', $ad['hide_tel']);
if ($ad['hide_tel'] == '1') {
$template->set_var('tel_ckecked', ' checked="checked"');
} else {
$template->set_var('tel_ckecked', '');
}
$template->set_var('postcode_label', $LANG_CLASSIFIEDS_2['postcode']);
$template->set_var('postcode', $ad['postcode']);
$template->set_var('city_label', $LANG_CLASSIFIEDS_2['city']);
$template->set_var('city', $ad['city']);
//submit
$template->set_var('save_button', $LANG_CLASSIFIEDS_2['save_button']);
$template->set_var('delete_button', $LANG_CLASSIFIEDS_2['delete_button']);
$template->set_var('validate_button', $LANG_CLASSIFIEDS_2['validate_button']);
$template->set_var('required_field', $LANG_CLASSIFIEDS_2['required_field']);
//Admin options
if (SEC_hasRights('classifieds.admin')) {
$admin_select = LB . '<select name="op">' . LB;
if (!$copy) {
$admin_select .= '<option value="save" selected="selected">' . $LANG_CLASSIFIEDS_2['save_button'] . '</option>' . LB;
if ($ad['clid'] != '') {
$admin_select .= '<option value="delete">' . $LANG_CLASSIFIEDS_2['delete_button'] . '</option>' . LB;
}
}
if (function_exists('CLASSIFIEDS_getBonusAdminButton') && $ad['clid'] != '') {
$admin_select .= CLASSIFIEDS_getBonusAdminButton();
}
$admin_select .= LB . '</select>' . LB;
$template->set_var('admin_options', $admin_select);
$datecreated = COM_getUserDateTimeFormat($ad['created']);
$datemodified = COM_getUserDateTimeFormat($ad['modified']);
$template->set_var('created', '<p>' . $LANG_CLASSIFIEDS_ADMIN['created'] . $LANG_CLASSIFIEDS_1['double_point'] . ' ' . $datecreated[0] . '</p>');
$template->set_var('modified', '<p>' . $LANG_CLASSIFIEDS_ADMIN['modified'] . $LANG_CLASSIFIEDS_1['double_point'] . ' ' . $datemodified[0] . '</p>');
} else {
$template->set_var('admin_options', '');
$template->set_var('created', '');
$template->set_var('modified', '');
}
$retval .= $template->parse('output', 'ad');
$retval .= COM_endBlock();
return $retval;
}
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////
$valid_prices = true;
foreach ($cart->get_contents() as $item) {
$realid = COM_sanitizeID(explode("|", $item['id']));
$item_id = $realid[0];
$item_price = $item['price'];
$A = DB_fetchArray(DB_query("SELECT * FROM {$_TABLES['paypal_products']} WHERE id = '{$item_id}' LIMIT 1"));
$price = $A['price'];
if ($A['discount_a'] != '' && $A['discount_a'] != 0) {
$price = number_format($A['price'] - $A['discount_a'], 2, '.', '');
}
if ($A['discount_p'] != '' && $A['discount_p'] != 0) {
$price = number_format($A['price'] - $A['price'] * ($A['discount_p'] / 100), 2, '.', '');
}
if ($item_price != $price || !SEC_hasAccess2($A) || $A['active'] != '1') {
$valid_prices = false;
}
}
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////
// IF THE SUBMITTED PRICES ARE NOT VALID
if ($valid_prices !== true) {
// KILL THE SCRIPT
die($jcart['text']['checkout_error']);
} else {
if ($valid_prices === true) {
if ($_POST['pay_by'] == 'check') {
echo COM_refresh($_PAY_CONF['site_url'] . '/informations.php?shipping=' . $_POST['shipping'] . '&pay_by=check');
exit;
} else {
}
}
}
}
//subscrition
$product->set_var('subscription', '');
//Donation
$product->set_var('donation', '');
//Rent
$product->set_var('rent', '');
switch ($type) {
case 'subscription':
break;
case 'donation':
break;
case 'rent':
break;
default:
break;
}
if ($A['active'] == 1 && SEC_hasAccess2($A) || SEC_hasRights('paypal.admin')) {
$display .= $product->parse('output', 'product');
} else {
$display .= COM_showMessageText($LANG_PAYPAL_1['not_active_message'], $LANG_PAYPAL_1['active']);
}
//Display cart
$display .= '<div id="cart">' . PAYPAL_displayCart() . '</div>';
$display .= PAYPAL_siteFooter();
//hit +1
hitProduct($A['id']);
COM_output($display);
$remove_from_tel = array(' ', '.', '|', ',', '/', ':', '-', '_');
$clean_tel = str_replace($remove_from_tel, '', $_REQUEST['tel']);
$_REQUEST['hide_tel'] == '1' ? $hide_tel = '1' : ($hide_tel = '0');
$_REQUEST['status'] == '1' ? $status = '1' : ($status = '0');
$created = date("YmdHis");
$modified = date("YmdHis");
// price can only contain numbers and a decimal
$price = str_replace(",", "", $_REQUEST['price']);
$price = preg_replace('/[^\\d.]/', '', $price);
if (!empty($_REQUEST['clid'])) {
//Edit mode
if (is_numeric($_REQUEST['clid'])) {
$sql = "SELECT * FROM {$_TABLES['cl']} WHERE clid = {$_REQUEST['clid']}";
$res = DB_query($sql);
$A = DB_fetchArray($res);
if (SEC_hasAccess2($A) < 3) {
echo COM_refresh($_CLASSIFIEDS_CONF['site_url'] . "/index.php");
exit;
break;
}
} else {
echo COM_refresh($_CLASSIFIEDS_CONF['site_url'] . "/index.php");
exit;
break;
}
$sql = "catid = '{$_REQUEST['catid']}', " . "status = '{$status}', " . "type = '{$_REQUEST['type']}', " . "tel = '{$clean_tel}', " . "hide_tel = '{$hide_tel}', " . "title = '{$title}', " . "text = '{$text}', " . "price = '{$price}', " . "postcode = '{$_REQUEST['postcode']}', " . "city = '{$city}', " . "siren = '{$_REQUEST['siren']}', " . "modified = '{$modified}', " . "deleted = '{$_REQUEST['deleted']}'\n\t\t\t ";
$sql = "UPDATE {$_TABLES['cl']} SET {$sql} " . "WHERE clid = {$_REQUEST['clid']}";
DB_query($sql);
$last_pid = $_REQUEST['clid'];
if (DB_error()) {
$msg = $LANG_CLASSIFIEDS_2['save_fail'];
$vars = array('msg' => 'text', 'shipping' => 'text');
paypal_filterVars($vars, $_REQUEST);
/* valid price, access and active product only */
$items = array();
$i = 1;
$quantities = array();
$valid_prices = true;
foreach ($cart->get_contents() as $item) {
$realid = PAYPAL_realId($item['id']);
$item_id = $realid[0];
$items[$i] = $item['id'];
$namesfromcart[$i] = $item['name'];
$quantities[$i] = $item['qty'];
$item_price[$i] = $item['price'];
$A = DB_fetchArray(DB_query("SELECT * FROM {$_TABLES['paypal_products']} WHERE id = '{$item_id}' LIMIT 1"));
if ($item_price[$i] != PAYPAL_productPrice($A) || !SEC_hasAccess2($A) || $A['active'] != '1') {
$valid_prices = false;
}
$i++;
}
if ($valid_prices !== true) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
//Main
// EMPTY THE CART
$cart->empty_cart();
$display .= PAYPAL_siteHeader();
$display .= paypal_user_menu();
switch ($_REQUEST['mode']) {
default:
