Here is the whole index file thats giving me trouble...I'm starting to think that sessions are giving me the problems
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
?>
include("../include/common.php");
loginCheck('User');
<-----I'm starting to think this is the problem include("$config[template_path]/admin_top.html");
?>
Welcome This is the administrative area of the site!
LOGOUT when you are done with your session
include ("../footer.php");
?>
$conn->Close(); // close the db connection
?>
CloseTable();
include("../../../footer.php");
?>
------------------------------------------------------------here is the file login in check requires....------------------------------------------------------------ //Test
ini_set("arg_separator.output", "&");
session_start('PHPSESSID');
session_register("session");
// HANDLE SECURITY
function loginCheck($priv_level_needed)
//login authorization code
//handles everything to do with users logging in
{
global $conn, $config, $lang;
global $username, $userpassword, $userID;
global $user_name, $user_pass, $admin_privs, $active, $isAgent, $editForms, $viewLogs, $featureListings, $moderator;
if ($user_name == "" AND $username == "")
{
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
";
echo "
";
CloseTable();
include("../../../footer.php");
exit;
}
elseif ($user_name != "" OR $username != "")
{
$sql_user_name = make_db_safe($user_name);
$md5_pass = md5($user_pass);
$md5_pass = make_db_safe($md5_pass);
global $username, $userpassword, $userID, $user_name, $user_pass, $active, $isAgent, $editForms, $moderator;
$sql = "SELECT * FROM " . $config[table_prefix] . "UserDB WHERE user_name=$sql_user_name and user_password=$md5_pass";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$num = $recordSet->RecordCount();
if ($num == 1)
{
session_register("username");
session_register("user_name");
session_register("userpassword");
session_register("user_pass");
session_register("userID");
session_register("featureListings");
session_register("viewLogs");
session_register("admin_privs");
session_register("active");
session_register("isAgent");
session_register("editForms");
session_register("moderator");
while (!$recordSet->EOF)
{
$userID = $recordSet->fields[ID];
$username = $recordSet->fields[user_name];
$userpassword = $recordSet->fields[user_password];
$admin_privs = $recordSet->fields[isAdmin];
$active = $recordSet->fields[active];
$isAgent = $recordSet->fields[isAgent];
$editForms = $recordSet->fields[canEditForms];
$featureListings = $recordSet->fields[canFeatureListings];
$viewLogs = $recordSet->fields[canViewLogs];
$moderator = $recordSet->fields[canModerate];
$recordSet->MoveNext();
}
global $userID, $username, $userpassword, $admin_privs, $active, $isAgent, $editForms, $viewLogs, $canModerate;
echo "\r\n";
echo "\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
if ($active != "yes")
{
// make sure the person is active
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[priv_failure]
";
include("../../../footer.php");
CloseTable();
echo '';
die;
}
else
{
if ($isAgent != "yes")
{
// make sure the person is an agent
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[priv_failure]
";
include("../../../footer.php");
CloseTable();
die('');
}
else {
// now make sure that person can access the page
if ($priv_level_needed == "canEditForms")
{
// does the person have access to edit the master forms?
if ($editForms != "yes")
{
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[priv_failure]
";
CloseTable();
include("../../../footer.php");
die('');
} // end if
} // end if
if ($priv_level_needed == "Admin")
{ // does the person have access to do basic user/listings edits?
if ($admin_privs != "yes")
{
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[priv_failure]
";
CloseTable();
include("../../../footer.php");
die('');
} // end if
} // end if
if ($priv_level_needed == "canViewLogs")
{ // does the person have access to do basic user/listings edits?
if ($viewLogs != "yes")
{
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[priv_failure]
";
CloseTable();
include("../../../footer.php");
die('');
} // end if
} // end if
} //End Agent Check
} //End Active Check
} // end if ($num == 1)
elseif ($num == 0)
{
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[login_failed]
";
echo "
";
echo "
";
CloseTable();
include("../../../footer.php");
exit;
} // end elseif
} // end elseif
}// end function loginCheck
function loginCheckVisitor($priv_level_needed)
//login authorization code
//handles everything to do with visitors logging in
{
global $conn, $config, $lang;
global $username, $userpassword, $userID;
global $user_name, $user_pass, $admin_privs, $active, $isAgent, $editForms, $viewLogs, $featureListings, $moderator;
if ($user_name == "" AND $username == "")
{
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[visitor_alert_phrase]
";
echo "
";
echo "
";
CloseTable();
include("../../../footer.php");
exit;
}
elseif ($user_name != "" OR $username != "")
{
$sql_user_name = make_db_safe($user_name);
$md5_pass = md5($user_pass);
$md5_pass = make_db_safe($md5_pass);
global $username, $userpassword, $userID, $user_name, $user_pass, $active, $isAgent, $editForms, $moderator;
$sql = "SELECT * FROM " . $config[table_prefix] . "UserDB WHERE user_name=$sql_user_name and user_password=$md5_pass";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num = $recordSet->RecordCount();
if ($num == 1)
{
session_register("username");
session_register("user_name");
session_register("userpassword");
session_register("user_pass");
session_register("userID");
session_register("featureListings");
session_register("viewLogs");
session_register("admin_privs");
session_register("active");
session_register("isAgent");
session_register("editForms");
session_register("moderator");
while (!$recordSet->EOF)
{
$userID = $recordSet->fields[ID];
$username = $recordSet->fields[user_name];
$userpassword = $recordSet->fields[user_password];
$admin_privs = $recordSet->fields[isAdmin];
$active = $recordSet->fields[active];
$isAgent = $recordSet->fields[isAgent];
$editForms = $recordSet->fields[canEditForms];
$featureListings = $recordSet->fields[canFeatureListings];
$viewLogs = $recordSet->fields[canViewLogs];
$moderator = $recordSet->fields[canModerate];
$recordSet->MoveNext();
} // end while
global $userID, $username, $userpassword, $admin_privs, $active, $isAgent, $editForms, $viewLogs, $canModerate;
echo "\r\n";
echo "\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
echo "\r\n\r\n";
if ($active != "yes")
{ // make sure the person is active
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[admin_new_user_moderated]
";
include("../../../footer.php");
CloseTable();
die('');
}
else {
// now make sure that person can access the page
if ($priv_level_needed == "canEditForms")
{ // does the person have access to edit the master forms?
if ($editForms != "yes")
{
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[priv_failure]
";
CloseTable();
include("../../../footer.php");
die('');
} // end if
} // end if
} // end if active
} // end if ($num == 1)
elseif ($num == 0)
{
include("../../../mainfile.php");
include("../../../header.php");
OpenTable();
echo "
$lang[visitor_alert_phrase]
";
echo "
$lang[login_failed]
";
echo "
";
echo "
";
CloseTable();
include("../../../footer.php");
exit;
} // end elseif
} // end elseif
}// end function loginCheckVisitor
// DISPLAY FORM ELEMENTS
function renderFormElement($field_type, $field_name, $field_caption, $default_text, $field_elements, $required)
{
global $lang;
// handles the rendering of forms...
echo "
";
switch ($field_type)
{
case "date":
case "text": // handler for regular text boxes
echo "$field_caption "; if ($required == "Yes") { echo"*"; } static $js_added; if ($field_type == 'date' AND !$js_added) { echo ''; $js_added = true; } echo " | ";
echo " | ";
break;
case "textarea": // handler for textarea boxes
echo "$field_caption ";
if ($required == "Yes") { echo"*"; } echo " | ";
echo " | ";
break;
case "select": // handler for select boxes
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " | ";
echo " | ";
break;
case "select-multiple": // handler for select boxes where you can choose multiple items
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " | ";
echo " | ";
break;
case "divider": // dividers between items
echo "$field_caption | ";
break;
case "price": //handles price
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " | ";
echo "$money_sign .00 | ";
break;
case "url": // handles url input fields
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " ($lang[dont_forget_http]) | ";
echo " | ";
break;
case "email": // handles email input fields
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " ($lang[email_example]) | ";
echo " | ";
break;
case "checkbox": // handles check boxes
echo "$field_caption | ";
echo ""; $index_list = explode("||", $field_elements); while (list($indexValue, $list_item) = each ($index_list)) { echo "$list_item "; } echo " | ";
break;
case "option": // handles radio buttons
echo "$field_caption | ";
echo ""; $index_list = explode("||", $field_elements); while (list($indexValue, $list_item) = each ($index_list)) { echo "$list_item "; } echo " | ";
break;
case "number": // handles the input of numbers
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " | ";
echo " | ";
break;
case "submit": // handles submit buttons
echo " | ";
break;
default: // the default handler -- for errors, mostly
echo "no handler yet - $field_type | ";
} // end switch statement
echo "
";
} // end renderFormElement function
function updateUserData ($user_id)
{
// UPDATES THE USER INFORMATION
global $conn, $edit, $admin_privs, $lang, $config;
if ($admin_privs == "yes" && $edit != "")
{
$sql_edit = make_db_extra_safe($edit);
$sql = "DELETE FROM " . $config[table_prefix] . "UserDBElements WHERE user_id = $sql_edit";
}
else
{
$sql_user_id = make_db_extra_safe($user_id);
$sql = "DELETE FROM " . $config[table_prefix] . "UserDBElements WHERE user_id = $sql_user_id";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
global $HTTP_POST_VARS;
reset ($HTTP_POST_VARS);
while (list($ElementIndexValue, $ElementContents) = each($HTTP_POST_VARS))
{
// first, ignore all the stuff that's been taken care of above
if ($ElementIndexValue == "user_name")
{
// do nothing
}
elseif ($ElementIndexValue == "user_pass")
{
// do nothing
}
elseif ($ElementIndexValue == "user_pass2")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_user_pass")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_user_pass2")
{
// do nothing
}
elseif ($ElementIndexValue == "user_email")
{
// do nothing
}
elseif ($ElementIndexValue == "PHPSESSID")
{
// do nothing
}
elseif ($ElementIndexValue == "action")
{
// do nothing
}
elseif ($ElementIndexValue == "edit")
{
// do nothing
}
// this is currently set up to handle two feature lists
// it could easily handle more...
// just write handlers for 'em
elseif (is_array($ElementContents))
{
// deal with checkboxes & multiple selects elements
$feature_insert = "";
while (list($featureValue, $feature_item) = each ($ElementContents))
{
$feature_insert = "$feature_insert||$feature_item";
} // end while
// now remove the first two characters
$feature_insert_length = strlen($feature_insert);
$feature_insert_length = $feature_insert_length - 2;
$feature_insert = substr($feature_insert, 2, $feature_insert_length);
$sql_ElementIndexValue = make_db_safe($ElementIndexValue);
$sql_feature_insert = make_db_safe($feature_insert);
if ($admin_privs == "yes" && $edit != "")
{
$sql_edit = make_db_safe($edit);
$sql = "INSERT INTO " . $config[table_prefix] . "UserDBElements (field_name, field_value, user_id) VALUES ($sql_ElementIndexValue, $sql_feature_insert, $sql_edit)";
}
else
{
$sql_user_id = make_db_safe($user_id);
$sql = "INSERT INTO " . $config[table_prefix] . "UserDBElements (field_name, field_value, user_id) VALUES ($sql_ElementIndexValue, $sql_feature_insert, $sql_user_id)";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
} // end elseif
else
{
// it's time to actually insert the form data into the db
$sql_ElementIndexValue = make_db_safe($ElementIndexValue);
$sql_ElementContents = make_db_safe($ElementContents);
if ($admin_privs == "yes" && $edit != "")
{
$sql_edit = make_db_safe($edit);
$sql = "INSERT INTO " . $config[table_prefix] . "UserDBElements (field_name, field_value, user_id) VALUES ($sql_ElementIndexValue, $sql_ElementContents, $sql_edit)";
}
else
{
$sql_user_id = make_db_safe($user_id);
$sql = "INSERT INTO " . $config[table_prefix] . "UserDBElements (field_name, field_value, user_id) VALUES ($sql_ElementIndexValue, $sql_ElementContents, $sql_user_id)";
}
$recordSet = $conn->Execute($sql);
} // end else
} // end while
return "success";
} // end function updateUserData
function updateListingsData ($listing_id, $owner)
{
// UPDATES THE LISTINGS INFORMATION
global $conn, $lang, $config;
$sql_listing_id = make_db_safe($listing_id);
$sql = "DELETE FROM " . $config[table_prefix] . "listingsDBElements WHERE listing_id = $sql_listing_id";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
global $HTTP_POST_VARS;
reset ($HTTP_POST_VARS);
while (list($ElementIndexValue, $ElementContents) = each($HTTP_POST_VARS))
{
// first, ignore all the stuff that's been taken care of above
if ($ElementIndexValue == "title")
{
// do nothing
}
elseif ($ElementIndexValue == "notes")
{
// do nothing
}
elseif ($ElementIndexValue == "action")
{
// do nothing
}
elseif ($ElementIndexValue == "PHPSESSID")
{
// do nothing
}
elseif ($ElementIndexValue == "edit")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_active")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_expiration")
{
// do nothing
}
elseif ($ElementIndexValue == "featured")
{
// do nothing
}
// this is currently set up to handle two feature lists
// it could easily handle more...
// just write handlers for 'em
elseif (is_array($ElementContents))
{
// deal with checkboxes & multiple selects elements
$feature_insert = "";
while (list($featureValue, $feature_item) = each ($ElementContents))
{
$feature_insert = "$feature_insert||$feature_item";
} // end while
// now remove the first two characters
$feature_insert_length = strlen($feature_insert);
$feature_insert_length = $feature_insert_length - 2;
$feature_insert = substr($feature_insert, 2, $feature_insert_length);
$sql_ElementIndexValue = make_db_safe($ElementIndexValue);
$sql_feature_insert = make_db_safe($feature_insert);
$sql_owner = make_db_safe($owner);
$sql = "INSERT INTO " . $config[table_prefix] . "listingsDBElements (field_name, field_value, listing_id, user_id) VALUES ($sql_ElementIndexValue, $sql_feature_insert, $sql_listing_id, $sql_owner)";
$recordSet = $conn->Execute($sql);
if ($recordSet == false)
{
log_error($sql);
}
} // end elseif
else
{
// process the form
if ($ElementIndexValue == 'price')
{
for($i=0; $i
{
if(ereg('[0-9]', substr($ElementContents, $i,1)))
{
$returnValue.=substr($ElementContents,$i,1);
}
}
}
$sql_ElementIndexValue = make_db_safe($ElementIndexValue);
$sql_ElementContents = make_db_safe($ElementContents);
$sql_listing_id = make_db_safe($listing_id);
$sql_owner = make_db_safe($owner);
$sql = "INSERT INTO " . $config[table_prefix] . "listingsDBElements (field_name, field_value, listing_id, user_id) VALUES ($sql_ElementIndexValue, $sql_ElementContents, $sql_listing_id, $sql_owner)";
$recordSet = $conn->Execute($sql);
if ($recordSet == false)
{
log_error($sql);
}
} // end else
} // end while
return "success";
} // end function updateListingsData
function validateForm ($db_to_validate)
{
// Validates the info being put into the system
global $conn, $HTTP_POST_VARS, $pass_the_form, $lang, $config;
$pass_the_form ="Yes";
reset ($HTTP_POST_VARS);
// check to if the form should be passed
while (list($ElementIndexValue, $ElementContents) = each($HTTP_POST_VARS))
{
// this stuff is input that's already been dealt with
if ($ElementIndexValue == "title")
{
// do nothing
}
elseif ($ElementIndexValue == "notes")
{
// do nothing
}
elseif ($ElementIndexValue == "action")
{
// do nothing
}
elseif ($ElementIndexValue == "PHPSESSID")
{
// do nothing
}
elseif ($ElementIndexValue == "user_name")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_user_name")
{
// do nothing
}
elseif ($ElementIndexValue == "user_pass")
{
// do nothing
}
elseif ($ElementIndexValue == "user_pass2")
{
// do nothing
}
elseif ($ElementIndexValue == "user_email")
{
// do nothing
}
elseif ($ElementIndexValue == "action")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_user_pass")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_user_pass2")
{
// do nothing
}
elseif ($ElementIndexValue == "featured")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_isAdmin")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_canEditForms")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_canViewLogs")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_canModerate")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_canFeatureListings")
{
// do nothing
}
elseif ($ElementIndexValue == "edit_active")
{
// do nothing
}
else
{
$sql_ElementIndexValue= make_db_safe($ElementIndexValue);
$sql_ElementContents= make_db_safe($ElementContents);
$sql = "SELECT required, field_type from " . $config[table_prefix] . "$db_to_validate WHERE field_name = $sql_ElementIndexValue";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet == false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$required = $recordSet->fields[required];
$field_type = $recordSet->fields[field_type];
if ($required == "Yes" && $ElementContents == "")
{
$pass_the_form = "No";
} // end if
$recordSet->MoveNext();
} // end while
} // end else
} // end while
return $pass_the_form;
} // end function validateForm
function renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements)
{
// handles the rendering of already filled in user forms
global $lang;
echo "";
switch ($field_type)
{
case "date":
case "text": // handles text input boxes
echo "$field_caption "; if ($required == "Yes") { echo"*"; } static $js_added; if ($field_type == 'date' AND !$js_added) { echo ''; $js_added = true; } echo " | ";
echo " if ($field_type == 'date') { echo ' onKeyUp="dateMask(this,event);" '; } echo "> | ";
break;
case "textarea": // handles textarea input
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " | ";
echo " | ";
break;
case "select": // handles single item select boxes
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " | ";
echo " | ";
break;
case "select-multiple": // handles multiple item select boxes
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " | ";
echo " | ";
break;
case "divider": // handles dividers in forms
echo "$field_caption | ";
break;
case "price": // handles price input
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " | ";
echo "$money_sign .00 | ";
break;
case "url": // handles url input fields
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " ($lang[dont_forget_http]) | ";
echo " | ";
break;
case "email": // handles email input
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " ($lang[email_example]) | ";
echo " | ";
break;
case "checkbox": // handles checkboxes
echo "$field_caption | ";
echo ""; $feature_index_list = explode("||", $field_elements); while (list($feature_list_Value, $feature_list_item) = each ($feature_index_list)) { echo " // now, compare it against the list of currently selected feature items $field_value_list = explode("||", $field_value); while (list($field_value_list_Value, $field_value_list_item) = each ($field_value_list)) { if ($field_value_list_item == $feature_list_item) { echo "CHECKED"; } // end if } // end while echo " >$feature_list_item "; } // end while echo " | ";
break;
case "option": // handles options
echo "$field_caption | ";
echo ""; $feature_index_list = explode("||", $field_elements); while (list($feature_list_Value, $feature_list_item) = each ($feature_index_list)) { echo " // now, compare it against the list of currently selected feature items
if ($feature_list_item == $field_value) { echo "CHECKED "; } // end if echo " >$feature_list_item "; } // end while echo " | ";
break;
case "number": // deals with numbers
echo "$field_caption "; if ($required == "Yes") { echo"*"; } echo " | ";
echo " | ";
break;
case "submit": // handles submit buttons
echo " | ";
break;
default: // the catch all... mostly for errors and whatnot
echo "no handler yet";
} // end switch statement echo " |
";
} // end renderExistingUserFormElement function
function next_prev($num_rows, $cur_page, $guidestring)
{ // handles multiple page listings
global $lang, $config, $style;
if ($cur_page == "")
{
$cur_page = 0;
}
$page_num = $cur_page + 1;
$total_num_page = ceil($num_rows/$config[listings_per_page]);
echo ""; if ($num_rows == 1) { echo "$lang[there_is_currently] $num_rows $lang[listing]. "; } else { echo "$lang[there_are_currently] $num_rows $lang[listings] $lang[that_match_search]. "; } echo ""; if ($total_num_page != 0) { echo "$lang[this_is_page] $page_num $lang[of] $total_num_page "; $prevpage = $cur_page-1; $nextpage = $cur_page+1; if ($page_num != 1) // previous page { echo "$lang[prev_page] "; } // end if if ($total_num_page > 2) { if ($page_num != 1) { echo " | "; } echo "Page: "; if( $total_num_page > 8 ) { // list first three for($i = 1; $i < 4; $i++) { if ($i == $cur_page + 1) { echo "$i"; } else { echo "$i"; } if( $i < 3) { echo ", "; } else { echo "... "; } } // end for($i = 1; $i < $init_page_max + 1; $i++)
// list current +/- 1 OR the middle ones, depending if ($cur_page < 3 OR $cur_page > ($total_num_page - 4)) { // list the middle ones $middle_page = ($num_rows/$config[listings_per_page]); $middle_page = ceil($middle_page/2); for($i = $middle_page - 1; $i <$middle_page + 2; $i++) { if ($i == $cur_page + 1) { echo "$i"; } else { echo "$i"; } if($i < $middle_page + 1) { echo ", "; } else { echo "... "; } } // end for($i = 1; $i < $init_page_max + 1; $i++) } // end if ($cur_page < 4 OR $cur_page > $total_num_page - 2) else { // list the immediately surrounding numbers
// gotta make sure you have the numbers correct if ($cur_page == 3) { $start_page = 4; } elseif ($cur_page == $total_num_page - 4) { $start_page = $total_num_page - 5; } else { $start_page = $cur_page; } for($i = $start_page; $i < $start_page + 3; $i++) {
if ($i == $cur_page + 1) { echo "$i"; } else { echo "$i"; } if($i < $start_page + 2) { echo ", "; } else { echo "... "; } } // end for($i = $cur_page - 1; $i < $cur_page + 2; $i++) } // end else
// list last three for($i = $total_num_page - 2; $i < $total_num_page + 1; $i++) { if ($i == $cur_page + 1) {echo "$i";} else {echo "$i";} if($i < $total_num_page) {echo ", ";} } // end for($i = 1; $i < $init_page_max + 1; $i++) } // end if( $total_pages > 8 ) else { for($i = 1; $i < $total_num_page + 1; $i++) { if ($i == $cur_page + 1) { echo "$i"; } else { echo "$i"; } if( $i < $total_num_page) { echo ", "; } } // end for($i = 1; $i < $init_page_max + 1; $i++) } // end else if ($page_num != $total_num_page) { echo " | "; } } if ($page_num != $total_num_page) // next page { echo " $lang[next_page] "; } // end if } // end if echo " |
";
} // end function next_prev
function make_db_safe ($input)
{ // handles data going into the db
global $config, $conn;
if ($config[strip_html] = "yes")
{
$output = strip_tags($input, $config[allowed_html_tags]); // strips out disallowed tags
}
$output = $conn->qstr($output, get_magic_quotes_gpc());
return $output;
} // end make_db_safe
function make_db_extra_safe ($input)
{ // handles data going into the db
global $conn;
$output = strip_tags($input); // strips out all tags
$output = ereg_replace (";","",$output);
$output = $conn->qstr($output, get_magic_quotes_gpc());
return $output;
} // end make_db_extra_safe
function make_db_unsafe ($input)
{ // handles data coming out of the db
$output = stripslashes($input); // strips out slashes
$output = ereg_replace ("''","'",$output); // strips out double quotes from m$ db's
return $output;
} // end make_db_unsafe
function handleUpload($type,$edit,$owner)
{
// deals with incoming uploads
global $HTTP_POST_FILES, $config, $conn, $lang, $userID;
if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name']))
{
$realname = strtolower($HTTP_POST_FILES['userfile']['name']);
$filename = $HTTP_POST_FILES['userfile']['tmp_name'];
print "";
$filetype = $HTTP_POST_FILES['userfile']['type'];
print "";
// checking the filetype to make sure it's what we had in mind
$pass_the_upload = "true";
if (!in_array($HTTP_POST_FILES['userfile']['type'],$config[allowed_upload_types]))
{
$pass_the_upload = "$realname $lang[upload_is_an_invalid_file_type]: $filetype";
}
// check size
$filesize=$HTTP_POST_FILES['userfile']['size'];
if ($max_upload!=0 && $filesize>$config[max_upload])
{
$pass_the_upload = "$lang[upload_too_large].";
}
// check file extensions
$extension = substr(strrchr($realname,"."),1);
// invalid extension
if (!in_array($extension,$config[allowed_upload_extensions]))
{
$pass_the_upload = "$lang[upload_invalid_extension] ($extension).";
}
//security error
if (strstr($HTTP_POST_FILES['userfile']['name'],"..")!="")
{
$pass_the_upload = "$lang[upload_security_violation]!";
}
//make sure the file hasn't already been uploaded...
if ($type == "listings")
{
$save_name = "$edit"."_"."$realname";
$sql = "SELECT file_name FROM " . $config[table_prefix] . "listingsImages WHERE file_name = '$save_name'";
}
elseif ($type == "vTour")
{
$save_name = "$edit"."_"."$realname";
$sql = "SELECT file_name FROM " . $config[table_prefix] . "listingsImages WHERE file_name = '$save_name'";
}
elseif ($type == "user")
{
$save_name = "$owner"."_"."$realname";
$sql = "SELECT file_name FROM " . $config[table_prefix] . "userImages WHERE file_name = '$save_name'";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$num = $recordSet->RecordCount();
if ($num > 0)
{
$pass_the_upload = "$lang[file_exists]!";
}
if ($pass_the_upload == "true")
{
// the upload has passed the tests!
if ($type == "listings")
{
// if it's a listing pic we're dealing with...
$check_size="";
// move the file so we can check the width
move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'],"$config[listings_upload_path]/$save_name");
$imagesize = filesize("$config[listings_upload_path]/$save_name");
if ($imagesize == "" || $imagesize > $config[max_listings_upload_size])
{
$check_size="$lang[upload_too_large].";
if(!unlink("$config[listings_upload_path]/$save_name"))
{
DIE ("Can't delete the file!");
}
DIE ("$check_size");
}
move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'],"$config[listings_upload_path]/$save_name");
// check width
$check_width="";
$imagedata = GetImageSize("$config[listings_upload_path]/$save_name");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
if ($imagewidth == "" || $imagewidth < 2 || $imagewidth > $config[max_listings_upload_width])
{
$check_width = "$lang[upload_too_wide].";
if (!unlink("$config[listings_upload_path]/$save_name"))
{
DIE ("Can't delete the file!");
}
}
if ($check_width == "")
{
// assuming the image passes the width check...
$thumb_name = $save_name; // by default -- no difference... unless...
if ($config[make_thumbnail] == "yes")
{
// if the option to make a thumbnail is activated...
include ("$config[path_to_thumbnailer]");
$thumb_name = make_thumb ($save_name, $config[listings_upload_path]);
} // end if $config[make_thumbnail] == "yes"
$caption = make_db_safe($caption);
$sql = "INSERT INTO " . $config[table_prefix] . "listingsImages (listing_id, user_id, file_name, thumb_file_name) VALUES ('$edit', '$owner', '$save_name', '$thumb_name')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
log_action ("$lang[log_uploaded_listing_image] $save_name");
chmod("$config[listings_upload_path]/$save_name",0777);
} // end if ($check_width != "")
} // end if $type == "listings"
if ($type == "vTour")
{
// if it's a listing pic we're dealing with...
$check_size="";
// move the file so we can check the width
move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'],"$config[vTour_upload_path]/$save_name");
$imagesize = filesize("$config[vTour_upload_path]/$save_name");
if ($imagesize == "" || $imagesize > $config[max_vTour_upload_size])
{
$check_size="$lang[upload_too_large].";
if(!unlink("$config[vTour_upload_path]/$save_name"))
{
DIE ("Can't delete the file!");
}
DIE ("$check_size");
}
move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'],"$config[vTour_upload_path]/$save_name");
// check width
$check_width="";
$imagedata = GetImageSize("$config[vTour_upload_path]/$save_name");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
if ($imagewidth == "" || $imagewidth < 2 || $imagewidth > $config[max_vTour_upload_width])
{
$check_width = "$lang[upload_too_wide].";
if (!unlink("$config[vTour_upload_path]/$save_name"))
{
DIE ("Can't delete the file!");
}
}
if ($check_width == "")
{
// assuming the image passes the width check...
$thumb_name = $save_name; // by default -- no difference... unless...
$caption = make_db_safe($caption);
$sql = "INSERT INTO " . $config[table_prefix] . "vTourImages (listing_id, user_id, file_name, thumb_file_name) VALUES ('$edit', '$owner', '$save_name', '$thumb_name')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
log_action ("$lang[log_uploaded_listing_vtour] $save_name");
chmod("$config[vTour_upload_path]/$save_name",0777);
} // end if ($check_width != "")
} // end if $type == "vTour"
if ($type == "user")
{
// if it's a user pic we're dealing with...
$check_size="";
// move the file so we can check the width
move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'],"$config[user_upload_path]/$save_name");
$imagesize = filesize("$config[user_upload_path]/$save_name");
if ($imagesize == "" || $imagesize > $config[max_user_upload_size])
{
$check_size="$lang[upload_too_large].";
if(!unlink("$config[user_upload_path]/$save_name"))
{
DIE ("Can't delete the file!");
}
DIE ("$check_size");
}
$check_width="";
// move the file so we can check the width
move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'],"$config[user_upload_path]/$save_name");
$imagedata = GetImageSize("$config[user_upload_path]/$save_name");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
if ($imagewidth == "" || $imagewidth < 2 || $imagewidth > $config[max_user_upload_width])
{
$check_width = "$lang[upload_too_wide].";
if(!unlink("$config[user_upload_path]/$save_name"))
{
DIE ("Can't delete the file!");
}
}
if ($check_width == "")
{
$thumb_name = $save_name; // by default -- no difference... unless...
if ($config[make_thumbnail] == "yes")
{
// if the option to make a thumbnail is activated...
include ("$config[path_to_thumbnailer]");
$thumb_name = make_thumb ($save_name, $config[user_upload_path]);
} // end if $config[make_thumbnail] == "yes"
$caption = make_db_safe($caption);
$sql = "INSERT INTO " . $config[table_prefix] . "userImages (user_id, file_name, thumb_file_name) VALUES ('$owner', '$save_name', '$thumb_name')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
log_action ("$lang[log_uploaded_user_image] $save_name");
chmod("$config[user_upload_path]/$save_name",0777);
} // end if ($check_width == "")
} // end if $type == "user"
if ($check_width == "")
{
echo "$realname $lang[upload_success].
";
}
else
{
echo "$check_width
";
}
} // end if $pass_the_upload == "true"
else
{
// the upload has failed... here's why...
echo "$lang[upload_failed] $pass_the_upload
";
}
} // end if
else
{
echo "$lang[upload_attack]: filename" .
$HTTP_POST_FILES['userfile']['name'] . ".";
}
} // end function handleUpload
// Deleting the comment below is violation of the GPL
// You get this for free... all we ask for is a little hidden credit
echo " ";
echo " ";
echo " ";
echo " ";
echo " ";
// Thanks! Versions under different licenses and without this code ARE available -- contact jon if you'd like to know more
function log_action($log_action)
{
// logs user actions
global $conn, $config, $userID;
$sql = "INSERT INTO " . $config[table_prefix] . "activityLog (log_date, user, action, ip_address) VALUES (".$conn->DBTimeStamp(time()).", '$userID', '$log_action', '$_SERVER[REMOTE_ADDR]')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
} // end function log_action
function log_error($sql)
{
// logs SQL errrors for later inspection
global $config, $lang;
$message = $_SERVER[REMOTE_ADDR]. " -- ".date("F j, Y, g:i:s a")." -- ".$sql."\r\n";
$header = "From: ".$config['admin_email']." <".$config['admin_email'].">\r\n";
$header .= "X-Sender: $config[admin_email]\r\n";
$header .= "Return-Path: $config[admin_email]\r\n";
mail("$config[admin_email]", "SQL Error", $message, $header);
die("$lang[alert_site_admin]");
} // end function log_action
function checkActive($listingID)
{
// checks whether a given listing is active
global $conn, $lang, $userID, $admin_privs, $config;
$show_listing = "yes";
$sql_listingID = make_db_safe($listingID);
$sql = "SELECT active, user_ID FROM " . $config[table_prefix] . "listingsDB WHERE ID = $sql_listingID";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$is_active = $recordSet->fields[active];
$user_ID = $recordSet->fields[user_ID];
$recordSet->MoveNext();
} // end while
if ($is_active != "yes")
{
// if the listing isn't active
if ($userID != $user_ID || $admin_privs != "yes")
{
// if this isn't a specific user's listing or the user
// isn't an admin
echo "$lang[this_listing_is_not_yet_active]";
$show_listing = "no";
} // end if ($userID != $user_ID || $admin_privs != "yes")
} // end if ($is_active != "yes")
if ($config[use_expiration] == "yes")
{
$sql = "SELECT expiration FROM " . $config[table_prefix] . "listingsDB WHERE ((ID = $sql_listingID) AND (" . $config[table_prefix] . "listingsDB.expiration > ".$conn->DBDate(time())."))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num = $recordSet->RecordCount();
if ($num == 0)
{
if ($userID != $user_ID || $admin_privs != "yes")
{
// if this isn't a specific user's listing or the user
// isn't an admin
echo "$lang[this_listing_is_not_yet_active]";
$show_listing = "no";
} // end if ($userID != $user_ID || $admin_privs != "yes")
} // end if($num == 0)
} // end if ($config[use_expiration] == "yes")
return $show_listing;
} // end function checkActive
function international_num_format($input,$decimals = 2)
{
// internationalizes numbers on the site
global $config;
switch ($config[number_format_style])
{
case 1: // usa, england
$output = number_format($input, $decimals, '.', ',');
break;
case 2: // spain, germany
$output = number_format($input, $decimals, ',', '.');
break;
case 3: // estonia
$output = number_format($input, $decimals, '.', ' ');
break;
case 4: // france, norway
$output = number_format($input, $decimals, ',', ' ');
break;
case 5: // switzerland
$output = number_format($input, $decimals, ",", "'");
break;
case 6: // kazahistan
$output = number_format($input, $decimals, "-", " ");
break;
default:
$output = number_format($input, $decimals, '.', ',');
break;
} // end switch
return $output;
} // end international_num_format($input)
?>