Here is the "Ads for Xoops" .. modify.php ... code
From my experence (not much) .. I see all kinds of issues with the script ...
<?php // $Id: modify.php,v 2.1 02/08/2010 12:51:25 jlm69 Exp $ // // // // Classified Ads Module for Xoops // // Redesigned by John Mordo user jlm69 at http://www.xoops.org // // Find it or report problems at http://www.jlmzone.com // // // // Started with the MyAds module and made MANY, MANY changes // // // // ------------------------------------------------------------------------- // // Original credits below // // ------------------------------------------------------------------------- // // Original Author: Pascal Le Boustouller // // Author Website : pascal.e-xoops@perso-search.com // // Licence Type : GPL // // ------------------------------------------------------------------------- // include("header.php"); $mydirname = basename( dirname( __FILE__ ) ) ; $main_lang = '_' . strtoupper( $mydirname ) ; require_once( XOOPS_ROOT_PATH."/modules/$mydirname/include/gtickets.php" ) ; $myts =& MyTextSanitizer::getInstance(); $module_id = $xoopsModule->getVar('mid'); if (is_object($xoopsUser)) { $groups = $xoopsUser->getGroups(); } else { $groups = XOOPS_GROUP_ANONYMOUS; } $gperm_handler =& xoops_gethandler('groupperm'); if (isset($_POST['item_id'])) { $perm_itemid = intval($_POST['item_id']); } else { $perm_itemid = 0; } //If no access if (!$gperm_handler->checkRight("".$mydirname."_submit", $perm_itemid, $groups, $module_id)) { redirect_header(XOOPS_URL."/modules/$mydirname/index.php", 3, _NOPERM); exit(); } if (!$gperm_handler->checkRight("jobs_premium", $perm_itemid, $groups, $module_id)) { $premium = 0; } else { $premium = 1; } function ListingDel($lid, $ok) { global $xoopsDB, $xoopsUser, $xoopsConfig, $xoopsTheme, $xoopsLogger, $mydirname, $main_lang; $result = $xoopsDB->query("select usid, p.lid, p.url FROM ".$xoopsDB->prefix("".$mydirname."_listing")." l LEFT JOIN ".$xoopsDB->prefix("".$mydirname."_pictures")." p ON l.lid=p.lid where l.lid=".mysql_real_escape_string($lid).""); list($usid, $plid, $purl) = $xoopsDB->fetchRow($result); if ($xoopsUser) { $currentid = $xoopsUser->getVar("uid", "E"); if ($usid == $currentid) { if($ok==1) { $xoopsDB->queryf("delete from ".$xoopsDB->prefix("".$mydirname."_listing")." where lid=".mysql_real_escape_string($lid).""); if ($purl) { $destination = XOOPS_ROOT_PATH."/modules/$mydirname/photo"; if (file_exists("$destination/$purl")) { unlink("$destination/$purl"); } $destination2 = XOOPS_ROOT_PATH."/modules/$mydirname/photo/thumbs"; if (file_exists("$destination2/thumb_$purl")) { unlink("$destination2/thumb_$purl"); } $destination3 = XOOPS_ROOT_PATH."/modules/$mydirname/photo/resized"; if (file_exists("$destination3/resized_$purl")) { unlink("$destination3/resized_$purl"); } } redirect_header("index.php",3,constant($main_lang."_ANNDEL")); exit(); } else { echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>n"; echo "<br /><center>"; echo "<b>".constant($main_lang."_SURDELANN")."</b><br /><br />"; } echo "[ <a href="modify.php?op=ListingDel&lid=".addslashes($lid)."&ok=1">".constant($main_lang."_OUI")."</a> | <a href="viewad.php?lid=".addslashes($lid)."">".constant($main_lang."_NON")."</a> ]<br /><br />"; echo "</td></tr></table>"; } } } function DelReply($r_lid, $ok) { global $xoopsDB, $xoopsUser, $xoopsConfig, $xoopsTheme, $xoopsLogger, $mydirname, $main_lang; $result = $xoopsDB->query("select l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM ".$xoopsDB->prefix("".$mydirname."_listing")." l LEFT JOIN ".$xoopsDB->prefix("".$mydirname."_replies")." r ON l.lid=r.lid where r.r_lid=".mysql_real_escape_string($r_lid).""); list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result); if ($xoopsUser) { $currentid = $xoopsUser->getVar("uid", "E"); if ($usid == $currentid) { if($ok==1) { $xoopsDB->queryf("delete from ".$xoopsDB->prefix("".$mydirname."_replies")." where r_lid=".mysql_real_escape_string($r_lid).""); redirect_header("members.php?usid=".addslashes($usid)."",3,constant($main_lang."_REPLYDEL")); exit(); } else { echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>n"; echo "<br /><center>"; echo "<b>".constant($main_lang."_SURDELANN")."</b><br /><br />"; } echo "[ <a href="modify.php?op=DelReply&r_lid=".addslashes($r_lid)."&ok=1">".constant($main_lang."_OUI")."</a> | <a href="members.php?usid=".addslashes($usid)."">".constant($main_lang."_NON")."</a> ]<br /><br />"; echo "</td></tr></table>"; } } } function ModAd($lid) { global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsModuleConfig, $xoopsUser, $xoopsTheme, $myts, $xoopsLogger, $mydirname, $main_lang; include_once XOOPS_ROOT_PATH."/class/xoopsformloader.php"; include_once XOOPS_ROOT_PATH."/modules/$mydirname/include/functions.php"; echo "<script language="javascript">nfunction CLA(CLA) { var MainWindow = window.open (CLA, "_blank","width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no");}n</script>"; include_once(XOOPS_ROOT_PATH."/modules/$mydirname/class/classifiedstree.php"); $mytree = new ClassifiedsTree($xoopsDB->prefix("".$mydirname."_categories"),"cid","pid"); $result = $xoopsDB->query("select lid, cid, title, status, expire, type, desctext, tel, price, typeprice, date, email, submitter, usid, town, country, contactby, premium, valid from ".$xoopsDB->prefix("".$mydirname."_listing")." where lid=".mysql_real_escape_string($lid).""); list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result); $categories = classifieds_MygetItemIds("".$mydirname."_submit"); if(is_array($categories) && count($categories) > 0) { if(!in_array($cide, $categories)) { redirect_header(XOOPS_URL."/modules/$mydirname/index.php", 3, _NOPERM); exit(); } } else { // User can't see any category redirect_header(XOOPS_URL.'/index.php', 3, _NOPERM); exit(); } if ($xoopsUser) { $calusern = $xoopsUser->uid(); if ($usid == $calusern) { echo "<fieldset><legend style='font-weight: bold; color: #900;'>".constant($main_lang."_MODIFANN")."</legend><br /><br />"; $title = $myts->htmlSpecialChars($title); $status = $myts->htmlSpecialChars($status); $expire = $myts->htmlSpecialChars($expire); $type = $myts->htmlSpecialChars($type); if ($xoopsModuleConfig["".$mydirname."_form_options"] == 'dhtmltextarea') { $desctext = $myts->displayTarea($desctext,0,0,0,0,0); } else { $desctext = $myts->displayTarea($desctext, 1,0,1,1,1); } $tel = $myts->htmlSpecialChars($tel); $price = number_format($price, 2, ".", ","); $typeprice = $myts->htmlSpecialChars($typeprice); $submitter = $myts->htmlSpecialChars($submitter); $town = $myts->htmlSpecialChars($town); $country = $myts->htmlSpecialChars($country); $contactby = $myts->htmlSpecialChars($contactby); $premium = $myts->htmlSpecialChars($premium); $useroffset = ""; if($xoopsUser) { $timezone = $xoopsUser->timezone(); if(isset($timezone)){ $useroffset = $xoopsUser->timezone(); }else{ $useroffset = $xoopsConfig['default_TZ']; } } $dates = ($useroffset*3600) + $date; $dates = formatTimestamp($date,"s"); echo "<form action="modify.php" method=post enctype="multipart/form-data"> <table><tr class="head" border="2"> <td class="head">".constant($main_lang."_NUMANNN")." </td><td class="head" border="1">$lid ".constant($main_lang."_DU")." $dates</td> </tr><tr>"; if ($xoopsModuleConfig["".$mydirname."_diff_name"] == "1") { echo "<td class="head">".constant($main_lang."_SENDBY")." </td><td class="head"><input type="text" name="submitter" size="50" value="$submitter" /></td>"; }else{ echo "<td class="head">".constant($main_lang."_SENDBY")." </td><td class="head"><input type="hidden" name="submitter" value="$submitter">$submitter</td>"; } echo "</tr><tr>"; echo " <td class='head'>".constant($main_lang."_CONTACTBY")." </td><td class='head'><select name="contactby"> <option value="".$contactby."">".$contactby."</option> <option value="".constant($main_lang."_CONTACT_BY_EMAIL")."">".constant($main_lang."_CONTACT_BY_EMAIL")."</option> <option value="".constant($main_lang."_CONTACT_BY_PM")."">".constant($main_lang."_CONTACT_BY_PM")."</option> <option value="".constant($main_lang."_CONTACT_BY_BOTH")."">".constant($main_lang."_CONTACT_BY_BOTH")."</option> <option value="".constant($main_lang."_CONTACT_BY_PHONE")."">".constant($main_lang."_CONTACT_BY_PHONE")."</option></select></td></tr>"; if ($xoopsModuleConfig["".$mydirname."_diff_email"] == '1') { echo "<tr><td class="head">".constant($main_lang."_EMAIL")." </td><td class="head"><input type="text" name="email" size="50" value="$email" /></td>"; } else { echo "<tr><td class="head">".constant($main_lang."_EMAIL")." </td><td class="head">$email<input type="hidden" name="email" value="$email" /></td>"; } echo "</tr><tr> <td class="head">".constant($main_lang."_TEL")." </td><td class="head"><input type="text" name="tel" size="50" value="$tel" /></td> </tr>"; echo "<tr> <td class="head">".constant($main_lang."_TOWN")." </td><td class="head"><input type="text" name="town" size="50" value="$town" /></td> </tr>"; if ($xoopsModuleConfig["".$mydirname."_use_country"] == '1') { echo "<tr> <td class="head">".constant($main_lang."_COUNTRY")." </td><td class="head"><input type="text" name="country" size="50" value="$country" /></td> </tr>"; } else { echo "<input type="hidden" name="country" value="">"; } echo "<tr><td class='head'>".constant($main_lang."_STATUS")."</td><td class='head'><input type="radio" name="status" value="0""; if ($status == "0") { echo "checked"; } echo ">".constant($main_lang."_ACTIVE")." <input type="radio" name="status" value="1""; if ($status == "1") { echo "checked"; } echo ">".constant($main_lang."_INACTIVE")." <input type="radio" name="status" value="2""; if ($status == "2") { echo "checked"; } echo ">".constant($main_lang."_SOLD")."</td></tr>"; echo "<tr> <td class="head">".constant($main_lang."_TITLE2")." </td><td class="head"><input type="text" name="title" size="50" value="$title" /></td> </tr>"; echo "<tr><td class="head">".constant($main_lang."_PRICE2")." </td><td class="head">". $xoopsModuleConfig["".$mydirname."_money"]."<input type="text" name="price" size="20" value="$price" />"; $result3 = $xoopsDB->query("select nom_price from ".$xoopsDB->prefix("".$mydirname."_price")." order by id_price"); echo " <select name="typeprice"><option value="$typeprice">$typeprice</option>"; while(list($nom_price) = $xoopsDB->fetchRow($result3)) { echo "<option value="$nom_price">$nom_price</option>"; } echo "</select></td></tr>"; if ($premium == "1") { echo "<tr> <td width='30%' class='head'>".constant($main_lang."_WILL_LAST")." </td><td class='head'>$expire ".constant($main_lang."_DAY")."</td> </tr>"; echo "<input type="hidden" name="expire" value="$expire" />"; } else { echo "<tr> <td width='30%' class='head'>".constant($main_lang."_HOW_LONG")." </td><td class='head'><input type="text" name="expire" size="3" maxlength="3" value="$expire" /> ".constant($main_lang."_DAY")."</td> </tr>"; } echo "<tr> <td class="head">".constant($main_lang."_TYPE")." </td><td class="head"><select name="type">"; $result5=$xoopsDB->query("select nom_type from ".$xoopsDB->prefix("".$mydirname."_type")." order by nom_type"); while(list($nom_type) = $xoopsDB->fetchRow($result5)) { $sel = ""; if ($nom_type == $type) { $sel = "selected"; } echo "<option value="$nom_type" $sel>$nom_type</option>"; } echo "</select></td>"; echo "</tr><tr> <td class="head">".constant($main_lang."_CAT")." </td><td class="head">"; $mytree->makeMySelBox('title','title', $cide,'','cid'); echo "</td> </tr><tr> <td class="head">".constant($main_lang."_DESC")." </td><td class="head">"; $wysiwyg_text_area= classifieds_getEditor( constant($main_lang."_DESC"), "desctext", $desctext, '100%', '200px'); echo $wysiwyg_text_area->render(); echo "</td></tr><tr>"; echo "<td colspan=2><br /><input type="submit" value="".constant($main_lang."_MODIFANN")."" /></td> </tr></table>"; echo "<input type="hidden" name="op" value="ModAdS" />"; if ($premium == "0") { { if ($xoopsModuleConfig["".$mydirname."_moderated"] == '1') { echo "<input type="hidden" name="valid" value="No" />"; echo "<br />".constant($main_lang."_MODIFBEFORE")."<br />"; } else { echo "<input type="hidden" name="valid" value="Yes" />"; } } else { echo "<input type="hidden" name="valid" value="Yes" />"; } echo "<input type="hidden" name="lid" value="$lid" />"; echo "<input type="hidden" name="premium" value="$premium" />"; echo "<input type="hidden" name="date" value="$date" /> ".$GLOBALS['xoopsGTicket']->getTicketHtml( __LINE__ , 1800 , 'token').""; echo "</form><br /></fieldset><br />"; } } } function ModAdS($lid, $cat, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid) { global $xoopsDB, $xoopsConfig, $xoopsModuleConfig, $myts, $xoopsLogger, $mydirname, $main_lang, $xoopsGTicket; if ( ! $xoopsGTicket->check( true , 'token' ) ) { redirect_header(XOOPS_URL."/modules/$mydirname/index.php", 3,$xoopsGTicket->getErrors()); } $title = $myts->addSlashes($title); $status = $myts->addSlashes($status); $expire = $myts->addSlashes($expire); $type = $myts->addSlashes($type); if ($xoopsModuleConfig["".$mydirname."_form_options"] == 'dhtmltextarea') { $desctext = $myts->displayTarea($desctext,0,0,0,0,0); } else { $desctext = $myts->displayTarea($desctext, 1,0,1,1,1); } $tel = $myts->addSlashes($tel); $price = str_replace(array(','), '', $price); $typeprice = $myts->addSlashes($typeprice); $submitter = $myts->addSlashes($submitter); $town = $myts->addSlashes($town); $country = $myts->addSlashes($country); $contactby = $myts->addSlashes($contactby); $premium = $myts->addSlashes($premium); $xoopsDB->query("update ".$xoopsDB->prefix("".$mydirname."_listing")." set cid='$cat', title='$title', status='$status', expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' where lid=$lid"); redirect_header("index.php",3,constant($main_lang."_ANNMOD2")); exit(); } #################################################### foreach ($_POST as $k => $v) { ${$k} = $v; } $ok = isset( $_GET['ok'] ) ? $_GET['ok'] : '' ; if(!isset($_POST['lid']) && isset($_GET['lid']) ) { $lid = $_GET['lid'] ; } if(!isset($_POST['r_lid']) && isset($_GET['r_lid']) ) { $r_lid = $_GET['r_lid'] ; } if(!isset($_POST['op']) && isset($_GET['op']) ) { $op = $_GET['op'] ; } switch ($op) { case "ModAd": include(XOOPS_ROOT_PATH."/header.php"); ModAd($lid); include(XOOPS_ROOT_PATH."/footer.php"); break; case "ModAdS": ModAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid); break; case "ListingDel": include(XOOPS_ROOT_PATH."/header.php"); ListingDel($lid, $ok); include(XOOPS_ROOT_PATH."/footer.php"); break; case "DelReply": include(XOOPS_ROOT_PATH."/header.php"); DelReply($r_lid, $ok); include(XOOPS_ROOT_PATH."/footer.php"); break; default: redirect_header("index.php",3,""._RETURNANN.""); break; } ?>