";
} // function getMainListingData
function getListingEmail($listingID)
{
// get the email address for the person who posted a listing
global $conn, $lang;
$listingID = make_db_extra_safe($listingID);
$sql = "SELECT UserDB.emailAddress FROM listingsDB, UserDB WHERE ((listingsDB.ID = $listingID) AND (UserDB.ID = listingsDB.user_ID))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// return the email address
while (!$recordSet->EOF)
{
$listing_emailAddress = make_db_unsafe ($recordSet->fields['emailAddress']);
$recordSet->MoveNext();
} // end while
echo "".$lang['user_email'].":$listing_emailAddress ";
} // function getMainListingData
function hitcount($listingID)
{
// counts hits to a given listing
global $conn, $lang;
$listingID = make_db_extra_safe($listingID);
$sql = "UPDATE listingsDB SET hitcount=hitcount+1 WHERE ID=$listingID";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$sql = "SELECT hitcount FROM listingsDB WHERE ID=$listingID";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
while (!$recordSet->EOF)
{
$hitcount = $recordSet->fields['hitcount'];
echo $lang['this_listing_has_been_viewed']." $hitcount". $lang['times'].".";
$recordSet->MoveNext();
} // end while
} // end function hitcount
function renderUserInfoOnListingsPage($listingID)
{
if ($listingID != "")
{
// grabs the information for a given user
// and displays it on a listings page
global $conn, $config, $lang;
$listingID = make_db_extra_safe($listingID);
$sql = "SELECT UserDB.ID, UserDB.user_name FROM listingsDB, UserDB WHERE ((listingsDB.ID = $listingID) AND (UserDB.ID = listingsDB.user_ID))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// get main listings data
while (!$recordSet->EOF)
{
$listing_user_ID = make_db_unsafe ($recordSet->fields['ID']);
$listing_user_name = make_db_unsafe ($recordSet->fields['user_name']);
$recordSet->MoveNext();
} // end while
echo "".$lang['listed_by']." $listing_user_name";
if ($listing_user_ID != "")
{
$sql = "SELECT UserDBElements.field_value, userFormElements.field_type, userFormElements.field_caption FROM UserDBElements, userFormElements WHERE ((UserDBElements.user_id = $listing_user_ID) AND (UserDBElements.field_name = userFormElements.field_name)) ORDER BY userFormElements.rank ASC";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
while (!$recordSet->EOF)
{
$field_value = make_db_unsafe ($recordSet->fields['field_value']);
$field_type = make_db_unsafe ($recordSet->fields['field_type']);
$field_caption = make_db_unsafe ($recordSet->fields['field_caption']);
if ($field_value != "")
{
if ($field_type == "select-multiple" OR $field_type == "option" OR $field_type == "checkbox")
{
// handle field types with multiple options
echo "$field_caption ";
$feature_index_list = explode("||", $field_value);
while (list($feature_list_Value, $feature_list_item) = each ($feature_index_list))
{
echo "$feature_list_item ";
} // end while
} // end if field type is a multiple type
elseif ($field_type == "price")
{
$money_amount = international_num_format($field_value);
echo " $field_caption: ".money_value($money_amount);
} // end elseif
elseif ($field_type == "number")
{
echo " $field_caption: ".international_num_format($field_value);
} // end elseif
elseif ($field_type == "url")
{
echo " $field_caption: $field_value";
}
elseif ($field_type == "email")
{
echo " $field_caption: $field_value";
}
else
{
if ($config['add_linefeeds'] == "yes")
{
$field_value = nl2br($field_value); //replace returns with
} // end if
echo " $field_caption: $field_value";
} // end else
} // end if ($field_value != "")
$recordSet->MoveNext();
} // end while
} // end if ($listing_user_ID != "")
} // end ($listingID != "")
} // end renderUserInfo
function renderFeaturedListingsVertical($num_of_listings)
{
echo "
";
// shows the images connected to a given image
global $conn, $lang, $config, $style;
// grab the images
$listingID = make_db_extra_safe($listingID);
$sql = "SELECT ID, Title FROM listingsDB WHERE (featured = 'yes')";
$recordSet = $conn->SelectLimit($sql, $num_of_listings, 0 );
if ($recordSet === false) log_error($sql);
$returned_num_listings = $recordSet->RecordCount();
if ($returned_num_listings > 0)
{
echo "
";
$recordSet2->MoveNext();
} // end while
$recordSet->MoveNext();
} // end while
echo "
";
} // end if ($num_images > 0)
echo "
";
} // end function renderFeaturedListingsVertical
// RENDER THE USER PAGE ELEMENTS
function renderUserImages($user)
{
// grabs the listings for a given user
global $conn, $lang, $config, $style;
$user = make_db_extra_safe($user);
// grab the images
$sql = "SELECT ID, caption, file_name, thumb_file_name FROM userImages WHERE (user_id = $user) ORDER BY rank";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num_images = $recordSet->RecordCount();
if ($num_images > 0)
{
echo "
";
} // end ($num_images > 0)
} // end function renderUserImages
function renderUserInfo($user)
{
// grabs the information for a given user
global $conn, $config;
$user = make_db_extra_safe($user);
$sql = "SELECT UserDBElements.field_value, userFormElements.field_type, userFormElements.field_caption FROM UserDBElements, userFormElements WHERE ((UserDBElements.user_id = $user) AND (UserDBElements.field_name = userFormElements.field_name)) ORDER BY userFormElements.rank ASC";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
while (!$recordSet->EOF)
{
$field_value = make_db_unsafe ($recordSet->fields['field_value']);
$field_type = make_db_unsafe ($recordSet->fields['field_type']);
$field_caption = make_db_unsafe ($recordSet->fields['field_caption']);
if ($field_value != "")
{
if ($field_type == "select-multiple" OR $field_type == "option" OR $field_type == "checkbox")
{
// handle field types with multiple options
echo "$field_caption ";
$feature_index_list = explode("||", $field_value);
while (list($feature_list_Value, $feature_list_item) = each ($feature_index_list))
{
echo "$feature_list_item ";
} // end while
} // end if field type is a multiple type
elseif ($field_type == "price")
{
$money_amount = international_num_format($field_value);
echo " $field_caption: ".money_value($money_amount);
} // end elseif
elseif ($field_type == "number")
{
echo " $field_caption: ".international_num_format($field_value);
} // end elseif
elseif ($field_type == "url")
{
echo " $field_caption: $field_value";
}
elseif ($field_type == "email")
{
echo " $field_caption: $field_value";
}
else
{
if ($config['add_linefeeds'] == "yes")
{
$field_value = nl2br($field_value); //replace returns with
} // end if
echo " $field_caption: $field_value";
} // end else
} // end if ($field_value != "")
$recordSet->MoveNext();
} // end while
} // end renderUserInfo
function getMainUserData($user)
{
// grabs the main info for a given user
global $conn, $lang;
$user = make_db_extra_safe($user);
$sql = "SELECT user_name, emailAddress FROM UserDB WHERE (ID = $user)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// get main listings data
while (!$recordSet->EOF)
{
$name = make_db_unsafe ($recordSet->fields['user_name']);
$emailAddress = make_db_unsafe ($recordSet->fields['emailAddress']);
$recordSet->MoveNext();
} // end while
echo "
$name
";
} // function getMainListingData
function getUserEmail($user)
{
// grabs the main info for a given user
global $conn, $lang;
$user = make_db_extra_safe($user);
$sql = "SELECT emailAddress FROM UserDB WHERE (ID = $user)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// get main listings data
while (!$recordSet->EOF)
{
$emailAddress = make_db_unsafe ($recordSet->fields['emailAddress']);
$recordSet->MoveNext();
} // end while
echo "".$lang['user_email'].":$emailAddress";
} // function getMainListingData
function userHitcount($user)
{
// hit counter for user listings
global $conn, $lang;
$user = make_db_extra_safe($user);
$sql = "UPDATE UserDB SET hitcount=hitcount+1 WHERE ID=$user";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$sql = "SELECT hitcount FROM UserDB WHERE ID=$user";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
while (!$recordSet->EOF)
{
$hitcount = $recordSet->fields['hitcount'];
echo $lang['this_user_has_been_viewed']." $hitcount". $lang['times'].".";
$recordSet->MoveNext();
} // end while
} // end function userHitcount
function userListings($user)
{
// produces the rest of the listings for users
global $conn, $lang;
$user = make_db_extra_safe($user);
echo "Other listings from this user:
";
$sql = "SELECT ID, Title FROM listingsDB WHERE user_ID = $user";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
while (!$recordSet->EOF)
{
$ID = $recordSet->fields['ID'];
$Title = make_db_unsafe ($recordSet->fields['Title']);
echo "
";
} // end function userListings
// BROWSING PAGE ELEMENTS
function browse_all_listings()
{
global $conn, $config;
$sql = "SELECT " . $config['table_prefix'] . "listingsDB.Title FROM " . $config['table_prefix'] . "listingsDB WHERE active = 'yes'";
if ($config['use_expiration'] == "yes")
{
$sql .= " AND expiration > ".$conn->DBDate(time());
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$num_listings = $recordSet->RecordCount();
echo "Browse All Listings ($num_listings)";
} // end function browse_all_listings
function searchbox_select ($browse_caption, $browse_field_name, $rental = "no")
{
// builds a multiple choice select box for any given item you want
// to let users search by
global $conn, $config, $lang;
echo "
$browse_caption
";
echo "
";
} // end function searchbox_select
function searchbox_select_vert ($browse_caption, $browse_field_name, $rental = "no")
{
// builds a multiple choice select box for any given item you want
// to let users search by
global $conn, $config, $lang;
echo "
$browse_caption
";
echo "
";
} // end function searchbox_select_vert
function searchbox_pulldown ($browse_caption, $browse_field_name, $rental = "no")
{
// builds a pulldown menu for any given item you want
// to let users search by
global $conn, $config, $lang;
echo "
$browse_caption
";
echo "
";
} // end function searchbox_pulldown
function searchbox_pulldown_vert ($browse_caption, $browse_field_name, $rental = "no")
{
// builds a pulldown menu for any given item you want
// to let users search by
global $conn, $config, $lang;
echo "
$browse_caption
";
echo "
";
} // end function searchbox_pulldown_vert
function searchbox_checkbox ($browse_caption, $browse_field_name, $rental = "no")
{
// builds a series of checkboxes for any given item you want
// to let users search by
global $conn, $config, $lang;
echo "
$browse_caption
";
echo "
";
if ($rental == "yes")
{
$sql = "SELECT listing_id FROM " . $config['table_prefix'] . "listingsDBElements WHERE field_name = 'type' AND field_value = '".$lang['rental']."'";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$rental_str = " AND " . $config['table_prefix'] . "listingsDB.ID IN (";
$count = 0;
while (!$recordSet->EOF)
{
if ($count != 0)
$rental_str .= ", ";
$rental_str .= $recordSet->fields['listing_id'];
$recordSet->MoveNext();
$count++;
}
$rental_str .= ") ";
}
$sql = "SELECT " . $config['table_prefix'] . "listingsDBElements.field_value, " . $config['table_prefix'] . "listingsDB.ID, count(field_value) AS num_type FROM " . $config['table_prefix'] . "listingsDBElements, " . $config['table_prefix'] . "listingsDB WHERE " . $config['table_prefix'] . "listingsDBElements.field_name = '$browse_field_name' AND " . $config['table_prefix'] . "listingsDB.active = 'yes' AND " . $config['table_prefix'] . "listingsDBElements.listing_id = " . $config['table_prefix'] . "listingsDB.ID ".$rental_str;
if ($config['use_expiration'] == "yes")
{
$sql .= " AND expiration > ".$conn->DBDate(time());
}
$sql .= "GROUP BY " . $config['table_prefix'] . "listingsDBElements.field_value ORDER BY " . $config['table_prefix'] . "listingsDBElements.field_value";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$field_output = make_db_unsafe ($recordSet->fields['field_value']);
$num_type = $recordSet->fields['num_type'];
echo "$field_output ($num_type) ";
$recordSet->MoveNext();
} // end while
echo "
";
} // end function searchbox_checkbox
function searchbox_checkbox_vert ($browse_caption, $browse_field_name, $rental = "no")
{
// builds a series of checkboxes for any given item you want
// to let users search by
global $conn, $config, $lang;
echo "
$browse_caption
";
echo "
";
if ($rental == "yes")
{
$sql = "SELECT listing_id FROM " . $config['table_prefix'] . "listingsDBElements WHERE field_name = 'type' AND field_value = '".$lang['rental']."'";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$rental_str = " AND " . $config['table_prefix'] . "listingsDB.ID IN (";
$count = 0;
while (!$recordSet->EOF)
{
if ($count != 0)
$rental_str .= ", ";
$rental_str .= $recordSet->fields['listing_id'];
$recordSet->MoveNext();
$count++;
}
$rental_str .= ") ";
}
$sql = "SELECT " . $config['table_prefix'] . "listingsDBElements.field_value, " . $config['table_prefix'] . "listingsDB.ID, count(field_value) AS num_type FROM " . $config['table_prefix'] . "listingsDBElements, " . $config['table_prefix'] . "listingsDB WHERE " . $config['table_prefix'] . "listingsDBElements.field_name = '$browse_field_name' AND " . $config['table_prefix'] . "listingsDB.active = 'yes' AND " . $config['table_prefix'] . "listingsDBElements.listing_id = " . $config['table_prefix'] . "listingsDB.ID ".$rental_str;
if ($config['use_expiration'] == "yes")
{
$sql .= " AND expiration > ".$conn->DBDate(time());
}
$sql .= "GROUP BY " . $config['table_prefix'] . "listingsDBElements.field_value ORDER BY " . $config['table_prefix'] . "listingsDBElements.field_value";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$field_output = make_db_unsafe ($recordSet->fields['field_value']);
$num_type = $recordSet->fields['num_type'];
echo "$field_output ($num_type) ";
$recordSet->MoveNext();
} // end while
echo "
";
} // end function searchbox_checkbox_vert
//function searchbox_option ($browse_caption, $browse_field_name, $rental = "no")
//{
// builds a pulldown menu for any given item you want
// to let users search by
//global $conn, $config, $lang;
//echo "
";
//} // end function searchbox_option
function searchbox_option_vert ($browse_caption, $browse_field_name, $rental = "no")
{
// builds a pulldown menu for any given item you want
// to let users search by
global $conn, $config, $lang;
echo "
$browse_caption
";
echo "
";
if ($rental == "yes")
{
$sql = "SELECT listing_id FROM " . $config['table_prefix'] . "listingsDBElements WHERE field_name = 'type' AND field_value = '".$lang['rental']."'";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$rental_str = " AND " . $config['table_prefix'] . "listingsDB.ID IN (";
$count = 0;
while (!$recordSet->EOF)
{
if ($count != 0)
$rental_str .= ", ";
$rental_str .= $recordSet->fields['listing_id'];
$recordSet->MoveNext();
$count++;
}
$rental_str .= ") ";
}
$sql = "SELECT " . $config['table_prefix'] . "listingsDBElements.field_value, " . $config['table_prefix'] . "listingsDB.ID, count(field_value) AS num_type FROM " . $config['table_prefix'] . "listingsDBElements, " . $config['table_prefix'] . "listingsDB WHERE " . $config['table_prefix'] . "listingsDBElements.field_name = '$browse_field_name' AND " . $config['table_prefix'] . "listingsDB.active = 'yes' AND " . $config['table_prefix'] . "listingsDBElements.listing_id = " . $config['table_prefix'] . "listingsDB.ID ".$rental_str;
if ($config['use_expiration'] == "yes")
{
$sql .= " AND expiration > ".$conn->DBDate(time());
}
$sql .= "GROUP BY " . $config['table_prefix'] . "listingsDBElements.field_value ORDER BY " . $config['table_prefix'] . "listingsDBElements.field_value";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$field_output = make_db_unsafe ($recordSet->fields['field_value']);
$num_type = $recordSet->fields['num_type'];
echo "$field_output ($num_type) ";
$recordSet->MoveNext();
} // end while
echo "
";
} // end function searchbox_option_vert
function searchbox_minmax ($browse_caption, $browse_field_name, $rental = "no")
{
// builds a min/max combo box
// to let users search by
global $conn, $config, $lang;
echo "
$browse_caption
";
echo "
";
$sql = "SELECT search_step FROM " . $config['table_prefix'] . "listingsFormElements WHERE field_name = '$browse_field_name'";
// Get max, min and step
$step = $conn->getOne($sql);
$max = $conn->GetOne("select min(field_value +0) from " . $config['table_prefix'] . "listingsDBElements where field_name = '$browse_field_name'");
$min = round($conn->GetOne("select max(field_value +0) from " . $config['table_prefix'] . "listingsDBElements where field_name = '$browse_field_name'"), -3);
// echo "min $min max $max step $step";
if ($min > $max)
{
$temp = $min;
$min = $max;
$max = $temp;
}
//$max = $max + $step;
echo "from ';
echo " to ";
echo "\n\t
\n
\n";
} // end function
function searchbox_daterange ($caption, $field, $rental = "no")
{
global $conn, $config, $lang;
static $js_added;
if (!$js_added)
{
// add date
echo '';
$js_added = true;
}
echo "
$caption
\n\t
";
echo "from to
";
echo "\n\t
\n
\n";
}
function searchbox_optionlist ($caption, $field, $rental = "no")
{
global $conn, $config, $lang;
// start the row
$rental_str='';
echo "
$caption: ";
//echo "
";
if ($rental == "yes")
{
$sql = "SELECT listing_id FROM " . $config['table_prefix'] . "listingsDBElements WHERE field_name = 'type' AND field_value = '".$lang['rental']."'";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$rental_str = " AND " . $config['table_prefix'] . "listingsDB.ID IN (";
$count = 0;
while (!$recordSet->EOF)
{
if ($count != 0)
$rental_str .= ", ";
$rental_str .= $recordSet->fields['listing_id'];
$recordSet->MoveNext();
$count++;
}
$rental_str .= ") ";
}
$r = $conn->getOne("select f.field_elements from " . $config['table_prefix'] . "listingsFormElements f where field_name = '$field'".$rental_str);
// var_dump("select f.field_elements from " . $config['table_prefix'] . "listingsFormElements f where field_name = '$field'".$rental_str);
echo "
Most counselors will provide counseling by phone or email. Feel free to ask them about these options.
";
}
function searchbox_option ($caption, $field, $rental = "no")
{
global $conn, $config, $lang;
// start the row
echo "
BY $caption: Select up to 3
(Use Ctrl-click(PC) or Com-Click(Mac) to select multiple categories)
";
//echo "
";
if ($rental == "yes")
{
$sql = "SELECT listing_id FROM " . $config['table_prefix'] . "listingsDBElements WHERE field_name = 'type' AND field_value = '".$lang['rental']."'";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$rental_str = " AND " . $config['table_prefix'] . "listingsDB.ID IN (";
$count = 0;
while (!$recordSet->EOF)
{
if ($count != 0)
$rental_str .= ", ";
$rental_str .= $recordSet->fields['listing_id'];
$recordSet->MoveNext();
$count++;
}
$rental_str .= ") ";
}
echo '
";
}
function searchbox_fcheckbox ($caption, $field, $rental = "no")
{
global $conn, $config, $lang;
// start the row
?>
$caption:
";
echo "
";
$rental_str='';
if ($rental == "yes")
{
$sql = "SELECT listing_id FROM " . $config['table_prefix'] . "listingsDBElements WHERE field_name = 'type' AND field_value = '".$lang['rental']."'";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$rental_str = " AND " . $config['table_prefix'] . "listingsDB.ID IN (";
$count = 0;
while (!$recordSet->EOF)
{
if ($count != 0)
$rental_str .= ", ";
$rental_str .= $recordSet->fields['listing_id'];
$recordSet->MoveNext();
$count++;
}
$rental_str .= ") ";
}
$r = $conn->getOne("select f.field_elements from " . $config['table_prefix'] . "listingsFormElements f where field_name = '$field'".$rental_str);
foreach (explode('||', $r) as $f)
{
$f = htmlspecialchars($f);
echo "$f ";
}
echo "
";
echo "
";
}
function latestListings($num_of_listings)
{
// builds a list of X number of latest listings
global $conn, $config;
echo "
";
$sql = "SELECT ID, Title FROM " . $config['table_prefix'] . "listingsDB WHERE (" . $config['table_prefix'] . "listingsDB.active = 'yes') ORDER BY creation_date DESC";
$recordSet = $conn->SelectLimit($sql, $num_of_listings, 0);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$ID = make_db_unsafe ($recordSet->fields['ID']);
$Title = make_db_unsafe ($recordSet->fields['Title']);
echo "
$Title";
$recordSet->MoveNext();
} // end while
echo "
";
} // end function latestListings
?>
";
echo "";
include($config['template_path']."/admin_bottom.html");
exit;
}
elseif ($user_name != "" OR $username != "")
{
$sql_user_name = make_db_safe($user_name);
$md5_pass = md5($user_pass);
$md5_pass = make_db_safe($md5_pass);
global $username, $userpassword, $userID, $user_name, $user_pass, $editForms, $moderator;
$sql = "SELECT * FROM UserDB WHERE user_name=$sql_user_name and user_password=$md5_pass";
//var_dump($sql );
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num = $recordSet->RecordCount();
//var_dump($_SESSION,$_POST,$user_name,$num );
if ($num == 1)
{
/*
session_register("username");
session_register("user_name");
session_register("userpassword");
session_register("user_pass");
session_register("userID");
session_register("featureListings");
session_register("viewLogs");
session_register("admin_privs");
session_register("editForms");
session_register("moderator");
*/
while (!$recordSet->EOF)
{
$userID = $recordSet->fields['ID'];
$username = $recordSet->fields['user_name'];
$userpassword = $recordSet->fields['user_password'];
$admin_privs = $recordSet->fields['isAdmin'];
$editForms = $recordSet->fields['canEditForms'];
$featureListings = $recordSet->fields['canFeatureListings'];
$viewLogs = $recordSet->fields['canViewLogs'];
$moderator = $recordSet->fields['canModerate'];
$recordSet->MoveNext();
} // end while
$_SESSION["user_name"]=$user_name;
$_SESSION["user_pass"]=$user_pass;
$_SESSION["username"]=$username;
$_SESSION["userpassword"]=$userpassword;
$_SESSION["userID"]=$userID;
$_SESSION["featureListings"]=$featureListings;
$_SESSION["viewLogs"]=$viewLogs;
$_SESSION["admin_privs"]=$admin_privs;
$_SESSION["editForms"]=$editForms;
$_SESSION["moderator"]=$moderator;
//var_dump($_SESSION);
global $userID, $username, $userpassword, $admin_privs, $editForms, $viewLogs, $canModerate;
echo "\r\n";
echo "\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
// now make sure that person can access the page
if ($priv_level_needed == "canEditForms")
{ // does the person have access to edit the master forms?
if ($editForms != "yes")
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['priv_failure']."
";
include($config['template_path']."/admin_bottom.html");
die('');
} // end if
} // end if
if ($priv_level_needed == "Admin")
{ // does the person have access to do basic user/listings edits?
if ($admin_privs != "yes")
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['priv_failure']."
";
include($config['template_path']."/admin_bottom.html");
die('');
} // end if
} // end if
if ($priv_level_needed == "canViewLogs")
{ // does the person have access to do basic user/listings edits?
if ($viewLogs != "yes")
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['priv_failure']."
";
include($config['template_path']."/admin_bottom.html");
die('');
} // end if
} // end if
} // end if ($num == 1)
elseif ($num == 0)
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['login_failed']."
";
echo "";
echo "";
include($config['template_path']."/admin_bottom.html");
exit;
} // end elseif
} // end elseif
}// end function loginCheck
function loginChecka($priv_level_needed)
//login authorization code
//handles everything to do with users logging in
{
global $conn, $config, $lang;
global $username, $userpassword, $userID;
global $user_name, $user_pass, $admin_privs, $editForms, $viewLogs, $featureListings, $moderator;
if (isset($_POST['user_name']))
{
$user_name = trim($_POST['user_name']);
}
if (isset($_POST['user_pass']))
{
$user_pass = trim($_POST['user_pass']);
}
//var_dump($_SESSION);
//unset($_SESSION['user_name']);
if (isset($_SESSION['username'])) {
$username = $_SESSION["username"];
$user_name = $_SESSION["user_name"];
$userpassword = $_SESSION["userpassword"];
$user_pass = $_SESSION["user_pass"];
$userID = $_SESSION["userID"];
$featureListings = $_SESSION["featureListings"];
$viewLogs = $_SESSION["viewLogs"];
$admin_privs = $_SESSION["admin_privs"];
$editForms = $_SESSION["editForms"];
$moderator = $_SESSION["moderator"];
}
if ($user_name == "" AND $username == "")
{
include($config['template_path']."/add_top.html");
echo "";
echo "";
echo "
";
include($config['template_path']."/admin_bottom.html");
exit;
}
elseif ($user_name != "" OR $username != "")
{
$sql_user_name = make_db_safe($user_name);
$md5_pass = md5($user_pass);
$md5_pass = make_db_safe($md5_pass);
global $username, $userpassword, $userID, $user_name, $user_pass, $editForms, $moderator;
$sql = "SELECT * FROM UserDB WHERE user_name=$sql_user_name and user_password=$md5_pass";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num = $recordSet->RecordCount();
if ($num == 1)
{
/*
session_register("username");
session_register("user_name");
session_register("userpassword");
session_register("user_pass");
session_register("userID");
session_register("featureListings");
session_register("viewLogs");
session_register("admin_privs");
session_register("editForms");
session_register("moderator");
*/
while (!$recordSet->EOF)
{
$userID = $recordSet->fields['ID'];
$username = $recordSet->fields['user_name'];
$userpassword = $recordSet->fields['user_password'];
$admin_privs = $recordSet->fields['isAdmin'];
$editForms = $recordSet->fields['canEditForms'];
$featureListings = $recordSet->fields['canFeatureListings'];
$viewLogs = $recordSet->fields['canViewLogs'];
$moderator = $recordSet->fields['canModerate'];
$recordSet->MoveNext();
} // end while
$_SESSION["user_name"]=$user_name;
$_SESSION["user_pass"]=$user_pass;
$_SESSION["username"]=$username;
$_SESSION["userpassword"]=$userpassword;
$_SESSION["userID"]=$userID;
$_SESSION["featureListings"]=$featureListings;
$_SESSION["viewLogs"]=$viewLogs;
$_SESSION["admin_privs"]=$admin_privs;
$_SESSION["editForms"]=$editForms;
$_SESSION["moderator"]=$moderator;
global $userID, $username, $userpassword, $admin_privs, $editForms, $viewLogs, $canModerate;
echo "\r\n";
echo "\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
// now make sure that person can access the page
if ($priv_level_needed == "canEditForms")
{ // does the person have access to edit the master forms?
if ($editForms != "yes")
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['priv_failure']."
";
include($config['template_path']."/admin_bottom.html");
die('');
} // end if
} // end if
if ($priv_level_needed == "Admin")
{ // does the person have access to do basic user/listings edits?
if ($admin_privs != "yes")
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['priv_failure']."
";
include($config['template_path']."/admin_bottom.html");
die('');
} // end if
} // end if
if ($priv_level_needed == "canViewLogs")
{ // does the person have access to do basic user/listings edits?
if ($viewLogs != "yes")
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['priv_failure']."
";
include($config['template_path']."/admin_bottom.html");
die('');
} // end if
} // end if
} // end if ($num == 1)
elseif ($num == 0)
{
include($config['template_path']."/add_top.html");
echo "
".$lang['login_failed']."
";
echo "";
echo "";
include($config['template_path']."/admin_bottom.html");
exit;
} // end elseif
} // end elseif
}// end function loginChecka
function loginCheckb($priv_level_needed)
//login authorization code
//handles everything to do with users logging in
{
global $conn, $config, $lang;
global $username, $userpassword, $userID;
global $user_name, $user_pass, $admin_privs, $editForms, $viewLogs, $featureListings, $moderator;
if (isset($_POST['user_name']))
{
$user_name = trim($_POST['user_name']);
}
if (isset($_POST['user_pass']))
{
$user_pass = trim($_POST['user_pass']);
}
if (isset($_SESSION['username'])) {
$username = $_SESSION["username"];
$user_name = $_SESSION["user_name"];
$userpassword = $_SESSION["userpassword"];
$user_pass = $_SESSION["user_pass"];
$userID = $_SESSION["userID"];
$featureListings = $_SESSION["featureListings"];
$viewLogs = $_SESSION["viewLogs"];
$admin_privs = $_SESSION["admin_privs"];
$editForms = $_SESSION["editForms"];
$moderator = $_SESSION["moderator"];
}
if ($user_name == "" AND $username == "")
{
include($config['template_path']."/add_top.html");
echo "
";
include($config['template_path']."/admin_bottom.html");
exit;
}
elseif ($user_name != "" OR $username != "")
{
$sql_user_name = make_db_safe($user_name);
$md5_pass = md5($user_pass);
$md5_pass = make_db_safe($md5_pass);
global $username, $userpassword, $userID, $user_name, $user_pass, $editForms, $moderator;
$sql = "SELECT * FROM UserDB WHERE user_name=$sql_user_name and user_password=$md5_pass";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num = $recordSet->RecordCount();
if ($num == 1)
{
/*
session_register("username");
session_register("user_name");
session_register("userpassword");
session_register("user_pass");
session_register("userID");
session_register("featureListings");
session_register("viewLogs");
session_register("admin_privs");
session_register("editForms");
session_register("moderator");
*/
while (!$recordSet->EOF)
{
$userID = $recordSet->fields['ID'];
$username = $recordSet->fields['user_name'];
$userpassword = $recordSet->fields['user_password'];
$admin_privs = $recordSet->fields['isAdmin'];
$editForms = $recordSet->fields['canEditForms'];
$featureListings = $recordSet->fields['canFeatureListings'];
$viewLogs = $recordSet->fields['canViewLogs'];
$moderator = $recordSet->fields['canModerate'];
$recordSet->MoveNext();
} // end while
$_SESSION["user_name"]=$user_name;
$_SESSION["user_pass"]=$user_pass;
$_SESSION["username"]=$username;
$_SESSION["userpassword"]=$userpassword;
$_SESSION["userID"]=$userID;
$_SESSION["featureListings"]=$featureListings;
$_SESSION["viewLogs"]=$viewLogs;
$_SESSION["admin_privs"]=$admin_privs;
$_SESSION["editForms"]=$editForms;
$_SESSION["moderator"]=$moderator;
global $userID, $username, $userpassword, $admin_privs, $editForms, $viewLogs, $canModerate;
echo "\r\n";
echo "\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
// now make sure that person can access the page
if ($priv_level_needed == "canEditForms")
{ // does the person have access to edit the master forms?
if ($editForms != "yes")
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['priv_failure']."
";
include($config['template_path']."/admin_bottom.html");
die('');
} // end if
} // end if
if ($priv_level_needed == "Admin")
{ // does the person have access to do basic user/listings edits?
if ($admin_privs != "yes")
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['priv_failure']."
";
include($config['template_path']."/admin_bottom.html");
die('');
} // end if
} // end if
if ($priv_level_needed == "canViewLogs")
{ // does the person have access to do basic user/listings edits?
if ($viewLogs != "yes")
{
include($config['template_path']."/admin_top.html");
echo "
".$lang['priv_failure']."
";
include($config['template_path']."/admin_bottom.html");
die('');
} // end if
} // end if
} // end if ($num == 1)
elseif ($num == 0)
{
include($config['template_path']."/add_top.html");
echo "
".$lang['login_failed']."
";
echo "";
echo "";
include($config['template_path']."/admin_bottom.html");
exit;
} // end elseif
} // end elseif
}// end function loginCheckb
// DISPLAY FORM ELEMENTS
function renderFormElement($field_type, $field_name, $field_caption, $default_text, $field_elements, $required)
{
//RICH EDITOR
$class_path = "re/source/class/";
require_once($class_path."class.rich.php");
//RICH EDITOR
global $lang;
// handles the rendering of forms...
echo "
";
switch ($field_type)
{
case "text": // handler for regular text boxes
echo "
";
break;
case "submit": // handles submit buttons
echo "
";
break;
default: // the catch all... mostly for errors and whatnot
echo "
no handler yet";
} // end switch statement
echo "
";
} // end renderExistingUserFormElement function
function next_prev($num_rows, $cur_page, $guidestring)
{ // handles multiple page listings
global $lang, $config;
if ($cur_page == "") {$cur_page = 0;}
$page_num = $cur_page + 1;
$total_num_page = ceil($num_rows/$config['listings_per_page']);
echo "
";
echo "
Counselors fitting your search criteria are listed below. Results may be sorted by clicking on a column heading.
Note an asterisk (*) indicates this counselor serves in a leadership role within CCC
";
} // end function next_prev
function next_preva($num_rows, $cur_page, $guidestring)
{ // handles multiple page listings
global $lang, $config;
if ($cur_page == "") {$cur_page = 0;}
$page_num = $cur_page + 1;
$total_num_page = ceil($num_rows/$config['listings_per_page']);
echo "
";
echo "
Counselors fitting your search criteria are listed below. Results may be sorted by clicking on a column heading.
Note an asterisk (*) indicates this counselor serves in a leadership role within CCC
";
//echo "
";
//if ($num_rows == 1){echo $lang['there_is_currently']." $num_rows ".$lang['listing'].". ";}
//else {echo $lang['there_are_currently']." $num_rows $lang['listings'] ".$lang['that_match_search'].". ";}
if ($total_num_page != 0)
{
echo $lang['this_is_page']." $page_num ".$lang['of']." $total_num_page ";
$prevpage = $cur_page-1;
$nextpage = $cur_page+1;
if ($page_num != 1) // previous page
{
echo "".$lang['prev_page']." ";
} // end if
if ($total_num_page > 2)
{
if ($page_num != 1) { echo " | "; }
echo "Page: ";
if( $total_num_page > 8 )
{
// list first three
for($i = 1; $i < 4; $i++)
{
if ($i == $cur_page + 1) {echo "$i";}
else {echo "$i";}
if( $i < 3) {echo ", ";}
else {echo "... ";}
} // end for($i = 1; $i < $init_page_max + 1; $i++)
// list current +/- 1 OR the middle ones, depending
if ($cur_page < 3 OR $cur_page > ($total_num_page - 4))
{
// list the middle ones
$middle_page = ($num_rows/$config['listings_per_page']);
$middle_page = ceil($middle_page/2);
for($i = $middle_page - 1; $i <$middle_page + 2; $i++)
{
if ($i == $cur_page + 1) {echo "$i";}
else {echo "$i";}
if($i < $middle_page + 1) {echo ", ";}
else {echo "... ";}
} // end for($i = 1; $i < $init_page_max + 1; $i++)
} // end if ($cur_page < 4 OR $cur_page > $total_num_page - 2)
else
{
// list the immediately surrounding numbers
// gotta make sure you have the numbers correct
if ($cur_page == 3){$start_page = 4;}
elseif ($cur_page == $total_num_page - 4){$start_page = $total_num_page - 5;}
else {$start_page = $cur_page;}
for($i = $start_page; $i < $start_page + 3; $i++)
{
if ($i == $cur_page + 1) {echo "$i";}
else {echo "$i";}
if($i < $start_page + 2) {echo ", ";}
else {echo "... ";}
} // end for($i = $cur_page - 1; $i < $cur_page + 2; $i++)
} // end else
// list last three
for($i = $total_num_page - 2; $i < $total_num_page + 1; $i++)
{
if ($i == $cur_page + 1) {echo "$i";}
else {echo "$i";}
if($i < $total_num_page) {echo ", ";}
} // end for($i = 1; $i < $init_page_max + 1; $i++)
} // end if( $total_pages > 8 )
else
{
for($i = 1; $i < $total_num_page + 1; $i++)
{
if ($i == $cur_page + 1) {echo "$i";}
else {echo "$i";}
if( $i < $total_num_page) {echo ", ";}
} // end for($i = 1; $i < $init_page_max + 1; $i++)
} // end else
if ($page_num != $total_num_page) {echo " | "; }
}
if ($page_num != $total_num_page) // next page
{
echo " ".$lang['next_page']." ";
} // end if
echo "
";
} // end if
} // end function next_prev
function make_db_safe ($input)
{ // handles data going into the db
global $config, $conn;
//if ($config['strip_html'] == "yes")
//{
//$output = strip_tags($input, $config['allowed_html_tags']); // strips out disallowed tags
//}
$output = $conn->qstr($input, get_magic_quotes_gpc());
return $output;
} // end make_db_safe
function make_db_extra_safe ($input)
{ // handles data going into the db
global $conn;
$output = strip_tags($input); // strips out all tags
$output = str_replace(";", "", $output);;
$output = $conn->qstr($output, get_magic_quotes_gpc());
return $output;
} // end make_db_extra_safe
function make_db_unsafe ($input)
{ // handles data coming out of the db
$output = stripslashes($input); // strips out slashes
$output = preg_replace ("/''/","'",$output); // strips out double quotes from m$ db's
return $output;
} // end make_db_unsafe
function handleUpload($type,$edit,$owner)
{
// deals with incoming uploads
global $_FILES, $config, $conn, $lang, $userID;
if (is_uploaded_file($_FILES['userfile']['tmp_name']))
{
$realname = strtolower($_FILES['userfile']['name']);
$filename = $_FILES['userfile']['tmp_name'];
print "";
$filetype = $_FILES['userfile']['type'];
print "";
// checking the filetype to make sure it's what we had in mind
$pass_the_upload = "true";
if (!in_array($_FILES['userfile']['type'],$config['allowed_upload_types']))
{
$pass_the_upload = "$realname ".$lang['upload_is_an_invalid_file_type'].": $filetype";
}
// check size
$filesize=$_FILES['userfile']['size'];
if ($max_upload!=0 && $filesize>$config['max_upload'])
{
$pass_the_upload = $lang['upload_too_large'].":.";
}
// check file extensions
$extension = substr(strrchr($realname,"."),1);
// invalid extension
if (!in_array($extension,$config['allowed_upload_extensions']))
{
$pass_the_upload = $lang['upload_invalid_extension'].": ($extension).";
}
//security error
if (strstr($_FILES['userfile']['name'],"..")!="")
{
$pass_the_upload = $lang['upload_security_violation'].":!";
}
//make sure the file hasn't already been uploaded...
if ($type == "listings")
{
$save_name = "$edit"."_"."$realname";
$sql = "SELECT file_name FROM listingsImages WHERE file_name = '$save_name'";
}
elseif ($type == "user")
{
$save_name = "$owner"."_"."$realname";
$sql = "SELECT file_name FROM userImages WHERE file_name = '$save_name'";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num = $recordSet->RecordCount();
if ($num > 0)
{
$pass_the_upload = $lang['file_exists'].":!";
}
if ($pass_the_upload == "true")
{
// the upload has passed the tests!
if ($type == "listings")
{
// if it's a listing pic we're dealing with...
move_uploaded_file($_FILES['userfile']['tmp_name'],$config['listings_upload_path']."/$save_name");
// check width
$check_width="";
$imagedata = GetImageSize($config['listings_upload_path']."/$save_name");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
if ($imagewidth == "" || $imagewidth < 2 || $imagewidth > $config['max_listings_upload_width'])
{
$check_width = $lang['upload_too_wide'].":.";
if(!unlink($config['listings_upload_path']."/$save_name")) DIE ("Can't delete the file!");
}
if ($check_width == "")
{
// assuming the image passes the width check...
$thumb_name = $save_name; // by default -- no difference... unless...
if ($config['make_thumbnail'] == "yes")
{
// if the option to make a thumbnail is activated...
include ($config['path_to_thumbnailer']);
$thumb_name = make_thumb ($save_name, $config['listings_upload_path']);
} // end if $config['make_thumbnail'] == "yes"
$caption = make_db_safe($caption);
$sql = "INSERT INTO listingsImages (listing_id, user_id, file_name, thumb_file_name) VALUES ('$edit', '$owner', '$save_name', '$thumb_name')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
log_action ($lang['log_uploaded_listing_image']." $save_name");
} // end if ($check_width != "")
} // end if $type == "listings"
if ($type == "user")
{
// if it's a user pic we're dealing with...
$check_width="";
// move the file so we can check the width
move_uploaded_file($_FILES['userfile']['tmp_name'],$config['user_upload_path']."/$save_name");
$imagedata = GetImageSize($config['user_upload_path']."/$save_name");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
if ($imagewidth == "" || $imagewidth < 2 || $imagewidth > $config['max_listings_upload_width'])
{
$check_width = $lang['upload_too_wide'].":.";
if(!unlink($config['user_upload_path']."/$save_name")) DIE ("Can't delete the file!");
}
if ($check_width == "")
{
$thumb_name = $save_name; // by default -- no difference... unless...
if ($config['make_thumbnail'] == "yes")
{
// if the option to make a thumbnail is activated...
include ($config['path_to_thumbnailer']);
$thumb_name = make_thumb ($save_name, $config['user_upload_path']);
} // end if $config['make_thumbnail'] == "yes"
$caption = make_db_safe($caption);
$sql = "INSERT INTO userImages (user_id, file_name, thumb_file_name) VALUES ('$owner', '$save_name', '$thumb_name')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
log_action ($lang['log_uploaded_user_image']." $save_name");
} // end if ($check_width == "")
} // end if $type == "user"
if ($check_width == "") {echo "
$realname ".$lang['upload_success'].".
";}
else { echo "
$check_width
";}
} // end if $pass_the_upload == "true"
else
{
// the upload has failed... here's why...
echo "
".$lang['upload_failed']." $pass_the_upload
";
}
} // end if
else
{
echo $lang['upload_attack'].": filename" .
$_FILES['userfile']['name'] . ".";
}
} // end function handleUpload
// Deleting the comment below is violation of the GPL
// You get this for free... all we ask for is a little hidden credit
echo "";
echo "";
echo "";
// Thanks! Versions under different licenses and without this code ARE available -- contact jon if you'd like to know more
function log_action($log_action)
{
// logs user actions
global $conn, $userID;
$sql = "INSERT INTO activityLog (log_date, user, action, ip_address) VALUES (".$conn->DBTimeStamp(time()).", '$userID', '$log_action', '".$_SERVER['REMOTE_ADDR']."')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
} // end function log_action
function log_error($sql)
{
// logs SQL errrors for later inspection
global $config, $lang;
$message = $_SERVER['REMOTE_ADDR']. " -- ".date("F j, Y, g:i:s a")." -- ".$sql."\r\n";
mail($config['admin_email'], "SQL Error", $message,"From: ".$config['admin_email'], "-f".$config['admin_email']);
die($lang['alert_site_admin']);
} // end function log_action
function checkActive($listingID)
{
// checks whether a given listing is active
global $conn, $lang, $userID, $admin_privs, $config;
$show_listing = "yes";
$sql_listingID = make_db_safe($listingID);
$sql = "SELECT active, user_ID FROM listingsDB WHERE ID = $sql_listingID";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
while (!$recordSet->EOF)
{
$is_active = $recordSet->fields['active'];
$user_ID = $recordSet->fields['user_ID'];
$recordSet->MoveNext();
} // end while
if ($is_active != "yes")
{
// if the listing isn't active
if ($userID != $user_ID || $admin_privs != "yes")
{
// if this isn't a specific user's listing or the user
// isn't an admin
echo $lang['this_listing_is_not_yet_active']."";
$show_listing = "no";
} // end if ($userID != $user_ID || $admin_privs != "yes")
} // end if ($is_active != "yes")
if ($config['use_expiration'] == "yes")
{
$sql = "SELECT expiration FROM listingsDB WHERE ((ID = $sql_listingID) AND (listingsDB.expiration > ".$conn->DBDate(time())."))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num = $recordSet->RecordCount();
if ($num == 0)
{
if ($userID != $user_ID || $admin_privs != "yes")
{
// if this isn't a specific user's listing or the user
// isn't an admin
echo $lang['this_listing_is_not_yet_active']."";
$show_listing = "no";
} // end if ($userID != $user_ID || $admin_privs != "yes")
} // end if($num == 0)
} // end if ($config['use_expiration'] == "yes")
return $show_listing;
} // end function checkActive
function international_num_format($input)
{
// internationalizes numbers on the site
global $config;
switch ($config['number_format_style'])
{
case 1: // usa, england
$output = number_format($input, 2, '.', ',');
break;
case 2: // spain, germany
$output = number_format($input, 2, ',', '.');
break;
case 3: // estonia
$output = number_format($input, 2, '.', ' ');
break;
case 4: // france, norway
$output = number_format($input, 2, ',', ' ');
break;
case 5: // switzerland
$output = number_format($input, 2, ",", "'");
break;
case 6: // kazahistan
$output = number_format($input, 2, "-", " ");
break;
default:
$output = number_format($input, 2, '.', ',');
break;
} // end switch
return $output;
} // end international_num_format($input)
?>