app_controller.php | searchcode

/cake/app_controller.php

https://bitbucket.org/fxrialab/spsp_editor
PHP | 772 lines | 541 code | 135 blank | 96 comment | 81 complexity | fe48a5b19afcac01bc514ccf4d5bb74f MD5 | raw file
Possible License(s): LGPL-2.1, AGPL-1.0

<?php

/* SVN FILE: $Id: app_controller.php 4409 2007-02-02 13:20:59Z phpnut $ */

/**

 * Short description for file.

 *

 * This file is application-wide controller file. You can put all

 * application-wide controller-related methods here.

 *

 * PHP versions 4 and 5

 *

 * CakePHP(tm) :  Rapid Development Framework <http://www.cakephp.org/>

 * Copyright 2005-2007, Cake Software Foundation, Inc.

 *								1785 E. Sahara Avenue, Suite 490-204

 *								Las Vegas, Nevada 89104

 *

 * Licensed under The MIT License

 * Redistributions of files must retain the above copyright notice.

 *

 * @filesource

 * @copyright		Copyright 2005-2007, Cake Software Foundation, Inc.

 * @link				http://www.cakefoundation.org/projects/info/cakephp CakePHP(tm) Project

 * @package			cake

 * @subpackage		cake.cake

 * @since			CakePHP(tm) v 0.2.9

 * @version			$Revision: 4409 $

 * @modifiedby		$LastChangedBy: phpnut $

 * @lastmodified	$Date: 2007-02-02 07:20:59 -0600 (Fri, 02 Feb 2007) $

 * @license			http://www.opensource.org/licenses/mit-license.php The MIT License

 */

/**

 * This is a placeholder class.

 * Create the same file in app/app_controller.php

 *

 * Add your application-wide methods in the class below, your controllers

 * will inherit them.

 *

 * @package		cake

 * @subpackage	cake.cake

 */



class AppController extends Controller {

    var $components = array('RequestHandler','Gcheckout','Paypal');



    public $profileNameforTitle="";

    public $profileUserIdforQry = '';

    public $PROFILE_USER_ID = '';

    public $PROFILE_THEME = '';

    //the public variables are used for PAYPAL

    //put tha clock of code in

    public $returnUrl="";

    public $cancelUrl="";

    public $notifyUrl="";

    public $amountPay=NULL;

    public $userEmail=NULL;

    public $eventId=NULL;

    public $userId=NULL;

    public $merchantEmail=NULL;

    public $itemName=NULL;

    public $itemNumber=NULL;

    public $itemQuantity=NULL;

    public $invoice=NULL;

    public $custom=NULL;

    public $paypalUrl='https://www.paypal.com/cgi-bin/webscr';

    //public $paypalUrl='https://www.sandbox.paypal.com/cgi-bin/webscr';

    public $ticketPaymentMsg=NULL;

    function paypal() {

        //echo $this->merchantEmail;die();        

        if(isset($this->ticketPaymentMsg))

            $this->Paypal->ticketPayment=$this->ticketPaymentMsg;



        $this->Paypal->paypal_class();

        $this->Paypal->paypal_url = $this->paypalUrl;

        



        $this->Paypal->add_field('business', $this->merchantEmail);

        $this->Paypal->add_field('return', $this->returnUrl);

        //$this->Paypal->add_field('cancel_return', $this->cancelUrl);

        $this->Paypal->add_field('notify_url', $this->notifyUrl);

        $this->Paypal->add_field('item_name', $this->itemName);

        $this->Paypal->add_field('amount', $this->amountPay);

        $this->Paypal->add_field('quantity', $this->itemQuantity);

        $this->Paypal->add_field('custom', $this->custom);

        $this->Paypal->add_field('invoice',$this->invoice);

        $this->Paypal->add_field('cbt','Return to Xoimages.com to complete your purchase');

        $this->Paypal->submit_paypal_post(); // submit the fields to paypal

    }

    //-----

    function transactionMaster($transactionDesc = null,$transactionHead = null,$transactionTitle = null, $invoice = null,$invoiceId = null) {

        mysql_query("

				INSERT INTO 

				xouser_transactions(transaction_desc,transaction_head,transaction_title,invoice,invoice_id)

				VALUES('".$transactionDesc."','".$transactionHead."','".$transactionTitle."','".$invoice."','".$invoiceId."')") or die("Error on line ".__LINE__.mysql_error());



        return $xouserTransactionId=mysql_insert_id();

    }



    //'-1' entry implies that buyer has been charged

    //'+1' entry implies thar he has paid the amount that is charged

    //At the time of commission calculation we will make the charged entry against the user

    function transactionDetail($buyer = null,$amount = null,$DbCr = null,$lastTransactionId = null, $receipient = null,$statusoffee="",$pay_status=0,$paymentstatus="pending") {



        mysql_query("INSERT INTO

				xouser_transaction_details(user_id,amount,DrCr,xouser_transaction_id,payment_to,paystatus,statusfee,paymentstatus)

				VALUES('".$buyer."','".$amount."','".$DbCr."','".$lastTransactionId."','".$receipient."','".$pay_status."','".$statusoffee."','".$paymentstatus."')");



    }





    /* this function still not in use now. this you will use from notify_eventcommissionpayment() function of xoevents_controller instead of transactionDetail function call, as to make pending status finished */



    function transactionDetailPaid($buyer = null,$amount = null,$DbCr = null,$lastTransactionId = null, $receipient = null,$statusoffee="",$pay_status=0,$paymentstatus="pending") {



        /* for changing status to finished from pending */

        $query_check= mysql_query("select * from xouser_transaction_details where user_id='".$buyer."' and payment_to='".$receipient."' and statusfee='transactionfee' and paymentstatus='pending' order by id asc");

        $nuamt = $amount;

        while($result_check = mysql_fetch_array($query_check)) {

            if($result_check['amount'] < $nuamt) {

                //mysql_query("update xouser_transaction_details set paymentstatus='finished' where id='".$result_check['id']."'");

                $nuamt = $nuamt - $result_check['amount'];

            }

        }

        /* end */



        mysql_query("INSERT INTO

				xouser_transaction_details(user_id,amount,DrCr,xouser_transaction_id,payment_to,paystatus,statusfee,paymentstatus)

				VALUES('".$buyer."','".$amount."','".$DbCr."','".$lastTransactionId."','".$receipient."','".$pay_status."','".$statusoffee."','".$paymentstatus."')");







    }

    /* end of the function */





    function checkSession($signin=null) {

        // If the session info hasn't been set...

        if (!$this->Session->check('User')) {

            $this->redirect('/?id=1');

        }

        else {

            ######################################## CHECKING FOR VALIDATE EMAIL ############################

            $validateEmail = "SELECT is_validate FROM users where id='".$_SESSION['UserId']."'";

            $validateEmail_res = mysql_query($validateEmail);

            if($validateEmail_arr = mysql_fetch_array($validateEmail_res)) {

                if($validateEmail_arr['is_validate']=='0') {

                    $this->redirect('users/validateemail/'.$signin);

                }

            }



            ######################################## CHECKING FOR VALIDATE EMAIL ############################

        }



    }



    function userProfileLeftPanel($userId=0) {



        //echo $userId ;

        ########################################## BELOW CODE IS TO GET THE PROFILE DATA ######

        if(isset($_REQUEST['uid']) && $userId==0)

            $userId=$_REQUEST['uid'];







        if(isset($userId) && base64_decode($userId)>0) {

            $uid = base64_decode($userId);

            ##### Validate the user

            $string = addcslashes($uid,';%_:$&?-+=*[]()��"�`'); // step for stopping sql injection

            $validuser = "Select * from users where id='".$string."'";

            $validuser_res = mysql_query($validuser);

            if(mysql_num_rows($validuser_res) > 0) {

                $user_det_qry = "select user_details.* , users.username , users.user_group_master_id from user_details , users  where user_details.user_id = ".$uid."  and user_details.user_id = users.id";

                $user_det = mysql_fetch_array(mysql_query($user_det_qry));

                $profileName  = ucfirst(stripslashes($user_det['username'])) ;

                $profiletheme = $user_det['theme'] ;

                $profilebackimg = $user_det['theme'] ;



                $profileskype = $user_det['skype'] ;

                ################################################ BG IMAGE ###################################################################

                $user_imge = "select * from profile_background where bg_user=".$uid."" ;

                $user_imge_sql = mysql_query($user_imge);

                $res_user_img = mysql_fetch_array($user_imge_sql);

                if($res_user_img['bg_status']=='admin') {

                    $profilebackimg = "img/default_profile/".$res_user_img['bg_image_path'] ;

                }

                else {

                    if($res_user_img['bg_status']=='upload') {

                        $profilebackimg = "img/default_profile/".$res_user_img['bg_image_path'] ;

                    }

                    else {

                        if($res_user_img['bg_status']=='url') {

                            $profilebackimg = $res_user_img['bg_image_path'];

                        }

                    }

                }

                #####################################################################################

                $this->profileNameforTitle  = $profileName ;

                $this->profileUserIdforQry  = $uid ;

                $this->set('user_detail',$user_det);

                ############################### SCHOOL NAME #########################

                $this->set('profileskype',$profileskype);









                $this->set('profileName',$profileName);

                $this->set('profileuserid',$uid);



                if($profiletheme=='')

                    $profiletheme='blue';





                $this->set('profileusertheme',$profiletheme);

                $this->set('profilebackgroundImg',$profilebackimg);

                $this->PROFILE_THEME = $profiletheme;

                $this->PROFILE_USER_ID=$uid;

                $this->generateMusicList($this->profileUserIdforQry);







                if(isset($_SESSION['UserId']) && $_SESSION['UserId']!=$this->profileUserIdforQry) {

                    ####### CHECK FOR FRIEND STATUS ###########

                    $friendstatus = "select * from user_friends where  user_id='".$_SESSION['UserId']."' and friend_id='".$this->profileUserIdforQry."'";

                    $friendstatus_res = mysql_query($friendstatus);

                    $this->set('friendNum',mysql_num_rows($friendstatus_res));

                    ################################################



                    ####### CHECK FOR FAVORITE STATUS ###########

                    $friendstatus = "select * from user_favorite_friends where  user_id='".$_SESSION['UserId']."' and favorite_user_id='".$this->profileUserIdforQry."'";

                    $friendstatus_res = mysql_query($friendstatus);

                    $this->set('friendRequestNum',mysql_num_rows($friendstatus_res));

                    ################################################

                }



                ############LOCATION INFO #####

                $locationstr =  "select IFNULL(countries.country_name,'not set') as country ,IFNULL(state.Name,'not set') as state ,IFNULL(city_master.city_name,'not set') as city from user_details

			

			LEFT JOIN  countries ON user_details.c_id=countries.id 

			LEFT JOIN  state ON user_details.state=state.id 

			LEFT JOIN  city_master ON user_details.city=city_master.city_id

			where user_details.user_id='".$this->profileUserIdforQry."'";

                $locationstr_res =mysql_query($locationstr);

                $locationstr_arr = mysql_fetch_array($locationstr_res);

                $this->set('countryName',$locationstr_arr['country']);

                $this->set('stateName',$locationstr_arr['state']);

                $this->set('cityName',$locationstr_arr['city']);

                ################################







            }

            else

                $this->redirect('/?id=1&access=denied');

        }



        if(isset($_SESSION['UserId'])) {

            $myphotolink = $this->webroot.'user_albums/viewphoto?id='.time().'&uid='.base64_encode($_SESSION['UserId']).'&sessid='.base64_encode(1).'&act=edit';

            $myfriendlink = $this->webroot.'users/myfriend_top?id='.time().'&uid='.base64_encode($_SESSION['UserId']).'&sessid='.base64_encode(1).'&act=edit';



            $myinboxlink = $this->webroot.'emails/inbox?id='.time().'&uid='.base64_encode($_SESSION['UserId']).'&sessid='.base64_encode(1).'&act=edit';



            $mycalendarlink = $this->webroot.'calendars/today?id='.time().'&uid='.base64_encode($_SESSION['UserId']).'&sessid='.base64_encode(1).'&act=edit';



            $myfavlink = $this->webroot.'user_friends/myfavFriends?id='.time().'&uid='.base64_encode($_SESSION['UserId']).'&sessid='.base64_encode(1).'&act=edit';



            $mycustomprofile = $this->webroot.'users/editskin?uid='.base64_encode($_SESSION['UserId']);



            $managewebsite = $this->webroot.'users/managewebsite?uid='.base64_encode($_SESSION['UserId']);



            $this->set('myphotolink',$myphotolink);

            $this->set('myfriendlink',$myfriendlink);

            $this->set('myinboxlink',$myinboxlink);

            $this->set('mycalendarlink',$mycalendarlink);

            $this->set('myfavlink',$myfavlink);

            $this->set('editskin',$mycustomprofile);

            $this->set('managewebsite',$managewebsite);



            #### Unread Mail

            $mail = mysql_query("select * from emails where user_id=".$_SESSION['UserId']." and inbox_status='unread'");

            if($mail) {

                $mailQry = mysql_num_rows($mail);

            }

            $this->set('Noofunread',$mailQry);

            ###





        }



    }



    function checkSessionForPreview() {

        if (!$this->Session->check('User'))

            return true;

        else

            return false;

    }



    function generateMusicList($profileuserid) {

        $musicSQL = "Select music_path,music_title from musics where user_id='".$profileuserid."'";

        $musicSQL_res = mysql_query($musicSQL);

        if(mysql_num_rows($musicSQL_res) >0) {

            $mp3list = '';

            $mp3title ='';

            $confiG='';

            while($musicSQL_arr = mysql_fetch_array($musicSQL_res)) {

                if($musicSQL_arr['music_path']!='')

                    $mp3list .= $this->webroot.'user_music/'.$musicSQL_arr['music_path'].'|';



                if($musicSQL_arr['music_title']!='')

                    $mp3title .= $musicSQL_arr['music_title'].'|';

                else

                    $mp3title .= 'xoimages music'.'|';



            }

            if($this->PROFILE_THEME=='green')

                $confiG='mp3= '.substr($mp3list,0,(strlen($mp3list)-1)).'&amp;title= '.substr($mp3title,0,(strlen($mp3title)-1)).'^^'.'&amp;width=140&amp;height=150&amp;bgcolor=63A41D&amp;bgcolor1=AEB873&amp;bgcolor2=72CC11&amp;buttoncolor=325E04&amp;buttonovercolor=A3FF02&amp;slidercolor1=3B670D&amp;slidercolor2=cccccc&amp;sliderovercolor=f9bf37&amp;textcolor=2C5006&amp;playlistcolor=848181&amp;currentmp3color=AEFF00&amp;scrollbarcolor=69B135&amp;scrollbarovercolor=f9bf37&amp;showvolume=1';

            if($this->PROFILE_THEME=='black')

                $confiG='mp3= '.substr($mp3list,0,(strlen($mp3list)-1)).'&amp;title= '.substr($mp3title,0,(strlen($mp3title)-1)).'^^'.'&amp;width=140&amp;height=150&amp;bgcolor=000000&amp;bgcolor1=484848&amp;bgcolor2=000000&amp;buttoncolor=dddddd&amp;buttonovercolor=f9bf37&amp;slidercolor1=dddddd&amp;slidercolor2=cccccc&amp;sliderovercolor=f9bf37&amp;textcolor=dddddd&amp;playlistcolor=848181&amp;currentmp3color=f9bf37&amp;scrollbarcolor=cccccc&amp;scrollbarovercolor=f9bf37&amp;showvolume=1';

            if($this->PROFILE_THEME=='yellow')

                $confiG='mp3= '.substr($mp3list,0,(strlen($mp3list)-1)).'&amp;title= '.substr($mp3title,0,(strlen($mp3title)-1)).'^^'.'&amp;width=140&amp;height=150&amp;bgcolor=FFCE58&amp;bgcolor1=FFDC83&amp;bgcolor2=D4A22C&amp;buttoncolor=987D2A&amp;buttonovercolor=FF8A00&amp;slidercolor1=FFDC83&amp;slidercolor2=DDA52B&amp;sliderovercolor=f9bf37&amp;textcolor=685312&amp;playlistcolor=B1903C&amp;currentmp3color=FFE7A9&amp;scrollbarcolor=69B135&amp;scrollbarovercolor=f9bf37&amp;showvolume=1';

            if($this->PROFILE_THEME=='blue')

                $confiG='mp3= '.substr($mp3list,0,(strlen($mp3list)-1)).'&amp;title= '.substr($mp3title,0,(strlen($mp3title)-1)).'^^'.'&amp;width=140&amp;height=150&amp;bgcolor=4094CF&amp;bgcolor1=BEE4FF&amp;bgcolor2=4094CF&amp;buttoncolor=537993&amp;buttonovercolor=09D4FF&amp;slidercolor1=FFDC83&amp;slidercolor2=DDA52B&amp;sliderovercolor=f9bf37&amp;textcolor=134264&amp;playlistcolor=3F6F91&amp;currentmp3color=D8EFFF&amp;scrollbarcolor=69B135&amp;scrollbarovercolor=f9bf37&amp;showvolume=1';

            if($this->PROFILE_THEME=='red')

                $confiG='mp3= '.substr($mp3list,0,(strlen($mp3list)-1)).'&amp;title= '.substr($mp3title,0,(strlen($mp3title)-1)).'^^'.'&amp;width=140&amp;height=150&amp;bgcolor=EF7E34&amp;bgcolor1=F5B245&amp;bgcolor2=EF7E34&amp;buttoncolor=8C5F30&amp;buttonovercolor=FEE11B&amp;slidercolor1=FFDC83&amp;slidercolor2=DDA52B&amp;sliderovercolor=f9bf37&amp;textcolor=7E4819&amp;playlistcolor=BB7C53&amp;currentmp3color=FFD053&amp;scrollbarcolor=69B135&amp;scrollbarovercolor=f9bf37&amp;showvolume=1';



            $this->set("confiG",$confiG);

            $this->set("musicnum",mysql_num_rows($musicSQL_res));



        }





    }



    function getMyComments($profile_user_comment) {

        $this->set("test",1);

        $queryUserComments=mysql_query("

			SELECT UC.comment,UC.dt_time,U.username,USR.user_profile_img 

			FROM user_comments UC

			LEFT JOIN user_details USR ON(UC.friend_id=USR.user_id)

			LEFT JOIN users U ON(UC.friend_id=U.id)

			WHERE UC.user_id='".$profile_user_comment."'

			") or die("Error on line ".__LINE__.mysql_error());



        $this->set("queryUserComments",$queryUserComments);

    }



    function previewFeePayment($data) {

        $query="

					SELECT * 

					FROM xoevent_user_list 

					WHERE xoevent_id='".$data['Event']['headerEventId']."' AND user_id='".$_SESSION['UserId']."' AND pflag='1'";

        $qtemp=mysql_query($query) or die(mysql_error()." on 514");

        if(mysql_num_rows($qtemp)>0) {

            $this->redirect("xoevents/eventlist?id=".$data['Event']['headerEventId']."&uid=".base64_encode($_SESSION['UserId']));

            exit;

        }

        else {

            $q1="SELECT id,photo_preview_list_id FROM xoevents WHERE id=".$data['Event']['headerEventId'];

            $rsEvent=mysql_query($q1);

            $rowEvent=mysql_fetch_assoc($rsEvent);

            if($rowEvent['photo_preview_list_id']) {

                $q2="SELECT preview_fee FROM photo_preview_list WHERE id=".$rowEvent['photo_preview_list_id'];

                $rsPrev=mysql_query($q2);

                if(mysql_num_rows($rsPrev)>0) {

                    $rowPreview=mysql_fetch_assoc($rsPrev);

                    $this->set("previewFee",$rowPreview['preview_fee']);

                    $this->set("paymentMethods",$this->getPaymentMethodsEvent($data['Event']['headerEventId']));

                }



                $this->set("payment",1);

                $this->set("restricted",0);

                $this->set("wintype","pay");

                $this->set("returnController",1);

            }

            else {

                $this->redirect("xoevents/eventlist?id=".$data['Event']['headerEventId']."&uid=".base64_encode($_SESSION['UserId']));

                exit;

            }

        }

    }



    //this is the payment setup fetch against each events

    function getPaymentMethodsEvent($eventId) {

        $qPay=mysql_query("

				SELECT P.paypal_email,P.gcheckout_email 

				FROM user_payment_setup P,xoevents E

				WHERE P.user_id=E.user_id AND E.id=".$eventId) or die(mysql_error());

        $rowPayment=mysql_fetch_assoc($qPay);

        return $rowPayment;

    }



    //this is the payment method set against each ticket

    function getPaymentMethodTicket($eventId) {

        $qPay=mysql_query("

				SELECT P.paypal_email,P.gcheckout_email 

				FROM user_payment_setup P,tickets T

				WHERE P.user_id=T.user_id AND T.id=".$eventId) or die(mysql_error());

        $rowPayment=mysql_fetch_assoc($qPay);

        return $rowPayment;

    }





    //this function check whether to show the tooltip or not for the left panel of the photographer and organisations

    //control panel

    function checktooltip() {

        //Check whether to show tooltip or not

        if(isset($_SESSION['UserId'])) {

            $chkTooltip=mysql_query("SELECT id,tooltip FROM user_tooltip WHERE user_id='".$_SESSION['UserId']."'");

            $toolTip=0;

            if(mysql_num_rows($chkTooltip)>0) {

                $rwTooltip=mysql_fetch_assoc($chkTooltip);

                if($rwTooltip['tooltip']==1)

                    $toolTip=1;

            }



            $this->Session->write("toolTipSes",$toolTip);

        }



    }



    function userLogin($userName,$password) {

        $someone = $this->User->findByUsername($userName);//"http://adserver:8088/xoimage-115-07/Nnew/"

        if(!empty($someone['User']['password']) && $someone['User']['password'] == $password && $someone['User']['user_status']==1) {

            mysql_query("DELETE FROM xoevent_cart WHERE xoevent_pay_status='0' AND user_id='".$someone['User']['id']."' AND xoevent_sessionid!='".session_id()."'") or die(mysql_error());

            $this->Session->write('User', $someone['User']['username']);

            $this->Session->write('UserId', $someone['User']['id']);

            $this->Session->write('GrpId', $someone['User']['user_group_master_id']);



            $this->checktooltip();

            return $someone;

        }

        else {

            return false;

        }

    }



    function Login($data) {

        $eventId=$data['Event']['headerEventId'];

        $this->set("eventId",$eventId);

        $data['Event']['username']=trim($data['Event']['headerLoginName']);

        $data['Event']['password']=base64_encode(trim($data['Event']['headerLoginPass']));





        $someone=$this->userLogin($data['Event']['username'],$data['Event']['password']);

        if($someone) {

            //This section is for the project section NOTHING TO DO WITH EVENT SECTION

            if($data['Event']['headerFav']=="EVENTACT") {

                $this->redirect("calendars/editevent?id=".time()."&uid=&sessid=".base64_encode(1)."&evid=".base64_encode($eventId));

                exit;

            }



            if($data['Event']['headerFav']=="ACTIVITY") {

                $this->redirect("calendars/showactivity?id=".time()."&uid=&sessid=".base64_encode(1)."&evid=".base64_encode($eventId));

                exit;

            }



            if($data['Event']['headerFav']=="PROJECT") {

                if($someone['User']['user_group_master_id']==1) {

                    return "NOT AUTH";

                    exit;

                }

                else {

                    $this->redirect("organization_projects/project_detail?id=".base64_encode($eventId)."=&uid=".base64_encode($someone['User']['id'])."&sessid=MQ==&project=uij4");

                    exit;

                }

            }



            ################### ORGANISATION WEBPAGE Calender event and activity

            if($data['Event']['headerFav']=="Calevent" || $data['Event']['headerFav']=="Calactivity") {

                if($data['Event']['headerFav']=="Calevent")

                    $this->redirect("calendars/editevent?id=".time()."&uid=&sessid=MQ==&evid=".base64_encode($eventId));

                if($data['Event']['headerFav']=="Calactivity")

                    $this->redirect("calendars/showactivity?id=".time()."&uid=&sessid=MQ==&evid=".base64_encode($eventId));

                exit;



            }

            ################### ORGANISATION WEBPAGE Calender event and activity

            if($data['Event']['headerFav']!="FAV") {

                $q1=mysql_query("SELECT access_password,photo_preview_list_id FROM xoevents WHERE id=".$data['Event']['headerEventId']);

                if(mysql_num_rows($q1)>0) {

                    $row=mysql_fetch_assoc($q1);

                    if($row['access_password']=="") {

                        $eventUserList=0;

                        if(isset($row['photo_preview_list_id']) && $row['photo_preview_list_id']!=0) {

                            $query="SELECT * FROM xoevent_user_list WHERE xoevent_id=".$data['Event']['headerEventId']." AND user_id=".$someone['User']['id'];

                            $qtemp=mysql_query($query) or die(mysql_error()." on 300");

                            if(mysql_num_rows($qtemp)>0)

                                $eventUserList=1;

                        }

                        else

                            $eventUserList=1;



                        if(isset($eventUserList) && $eventUserList==1) {

                            $this->redirect("xoevents/eventlist?id=".$data['Event']['headerEventId']."&uid=".base64_encode($someone['User']['id']));

                            exit;

                        }

                    }



                }



            }

            else {

                $wintype="DONT";

                return $wintype;

            }

        }

        else {

            $this->set("wrongPwd","Please provide a valid username and password.");

            $wintype="pwd";

            $this->set("returnController",1);

            return $wintype;

        }

    }



    function winType($eventId) {

        //print "From function winType - ".$eventId;

        $this->set("restricted",0);

        $this->set("payment",0);

        $this->set("previewFee",0);

        $this->set("accessDenied",0);

        $this->set("eventId",$eventId);

        $q1=mysql_query("SELECT access_password FROM xoevents WHERE id='".$eventId."'");

        if(mysql_num_rows($q1)>0) {

            $row=mysql_fetch_assoc($q1);

            if($row['access_password']!="" || $row['access_password']!=0) {

                $this->set("wintype","pevt");

                $this->set("restricted",1);

                $this->set("returnController",1);

            }

            else {



                if(isset($_SESSION['UserId'])) {

                    $this->set("paymentMethods",$this->getPaymentMethodsEvent($eventId));

                }



                $this->set("payment",1);

                $this->set("restricted",0);

                $this->set("wintype","pay");

                $this->set("returnController",1);

            }

        }



        //print "from wintype".$eventId;



    }



    function paymentWindow($data) {

        //print "from payment window";

        $payment=0;

        if(isset($data['Event']['password1'])) {

            //print "From payment function";

            $this->set("eventId",$data['Event']['headerEventId']);

            $q1="

				SELECT id,photo_preview_list_id 

				FROM xoevents 

				WHERE access_password='".base64_encode(strtoupper($data['Event']['password1']))."' AND id=".$data['Event']['headerEventId'];

            $rsEvent=mysql_query($q1) or die("Error on line :".__LINE__.mysql_error());

            if(mysql_num_rows($rsEvent)>0) {

                $payment=1;

                $this->previewFeePayment($data);

            }

            else {

                $this->set("wrongPwd","Event password provided does not match.");

                $this->set("wintype","pevt");

                $this->set("returnController",1);

            }

        }



//

//			if(isset($_SESSION['UserId']) && $payment==0)

//				{

//					$this->previewFeePayment($data);

//					$this->set("paymentMethods",$this->getPaymentMethods($data['Event']['headerEventId']));

//				}

    }



    function notautho() {

        $userName="testorganisation";

        $queryUsers=mysql_query("SELECT UDTL.user_id userId,U.user_group_master_id GrpId FROM users U,user_details UDTL WHERE U.id=UDTL.user_id AND U.username='".$userName."'") or die(" Error on line ".__LINE__.mysql_error());

        $fetchUsers=mysql_fetch_array($queryUsers);

        $this->pageTitle = ucfirst($userName) .' Projects';

        $this->Websitetemplateinfo($fetchUsers['userId']);

        $this->layout=$this->filelayoutName;

        $this->set('profileviewUid',$fetchUsers['userId']);

        $this->set('profileviewUgrpId',$fetchUsers['GrpId']);

    }



    //This function can be removesd when all the testing completes

    //we can use getConfigAmount instead of this function

    function getFeaturedAmount($configName) {



        $queryAdminPaymentConfig=mysql_query("SELECT config_value FROM admin_payment_config WHERE config_name='".$configName."'") or die("Error on line :".__LINE__.mysql_error());

        $fetchAdminPaymentConfig=mysql_fetch_assoc($queryAdminPaymentConfig);



        return $fetchAdminPaymentConfig;

    }



    function getConfigAmount($config) {

        $queryAdminPaymentConfig=mysql_query("SELECT config_value FROM admin_payment_config WHERE config_name='".$config."'") or die("Error on line : ".__LINE__.mysql_error());

        $fetchAdminPaymentConfig=mysql_fetch_assoc($queryAdminPaymentConfig);

        return $fetchAdminPaymentConfig;

    }



    function getPaymentMethods($userId) {

        /*$queryAdminPaymentSetup=mysql_query("SELECT paypal_email,gcheckout_email FROM admin_payment_setup WHERE admin_id='".$userId."'") or die("Error on line :".__LINE__.mysql_error());*/

        $queryAdminPaymentSetup=mysql_query("SELECT paypal_email FROM admin_payment_setup WHERE admin_id='".$userId."'") or die("Error on line :".__LINE__.mysql_error());

        $fetchAdminPaymentSetup=mysql_fetch_assoc($queryAdminPaymentSetup);

        return $fetchAdminPaymentSetup;

    }



    function getPaymentMethodsUsers($userId) {

        $fetchAdminPaymentSetup=array();

        $queryAdminPaymentSetup=mysql_query("SELECT paypal_email,gcheckout_email FROM user_payment_setup WHERE user_id='".$userId."'") or die("Error on line :".__LINE__.mysql_error());

        

        if(mysql_num_rows($queryAdminPaymentSetup)>0)

            $fetchAdminPaymentSetup=mysql_fetch_assoc($queryAdminPaymentSetup);



        return $fetchAdminPaymentSetup;



    }



    function parseXmlArray($xmlData) {

        $data = $xmlData;

        $xml_parser = xml_parser_create();

        xml_parse_into_struct($xml_parser, $data, $vals, $index);

        xml_parser_free($xml_parser);



        $params = array();

        $level = array();

        foreach ($vals as $xml_elem) {

            if ($xml_elem['type'] == 'open') {

                if (array_key_exists('attributes',$xml_elem)) {

                    list($level[$xml_elem['level']],$extra) = array_values($xml_elem['attributes']);

                }

                else {

                    $level[$xml_elem['level']] = $xml_elem['tag'];

                }

            }



            if ($xml_elem['type'] == 'complete') {

                $start_level = 1;

                $php_stmt = '$params';

                while($start_level < $xml_elem['level']) {

                    $php_stmt .= '[$level['.$start_level.']]';

                    $start_level++;

                }

                $php_stmt .= '[$xml_elem[\'tag\']] = $xml_elem[\'value\'];';

                eval($php_stmt);

            }

        }



        return $params;

    }



    function getCityList($stateId) {

        $cityList=array();

        $cityList['0']="Select a city";

        $qryCityMaster = mysql_query("SELECT * FROM city_master WHERE state_id='".$stateId."' order by city_name ");

        while($fetchCityMaster = mysql_fetch_array($qryCityMaster)) {

            $cityList[$fetchCityMaster['city_id']]=preg_replace('/[^0-9a-z ]+/i', '', $fetchCityMaster['city_name']);



        }



        return $cityList;

    }



    function getStateList($countryId) {

        $stateSList=array();

        $stateSList['0']="Select a state";

        $qry3 = mysql_query("SELECT * FROM state WHERE c_id='".$countryId."' order by Name");

        while($state = mysql_fetch_array($qry3)) {



            $stateSList[$state['id']]=preg_replace('/[^0-9a-z ]+/i', '', $state['Name']);





        }



        return $stateSList;

    }



    function getCountryList() {

        $coutryList=array();

        $countryList['0']="Select Country";

        $qry = mysql_query("SELECT * FROM countries");

        while($country = mysql_fetch_array($qry)) {



            $countryList[$country['id']]=preg_replace('/[^0-9a-z ]+/i', '', $country['country_name']);

        }



        return $countryList;

    }



    function getUserDetails($userId) {

        $qry2=mysql_query("SELECT UD.*,U.* FROM user_details UD,users U WHERE UD.user_id=U.id AND U.id='".$userId."'");

        $rowQry=mysql_fetch_assoc($qry2);



        return $rowQry;

    }



    function getSiteownerDetails() {

        $qry2=mysql_query("SELECT U.* FROM admins U WHERE U.role_id='1'");

        $rowQry=mysql_fetch_assoc($qry2);

        return $rowQry;

    }



    function getStateMaster($stateId) {

        $queryStateMaster=mysql_query("SELECT Name FROM state WHERE id='".$stateId."' order by Name") or die(mysql_error());

        $fetchStateMaster=mysql_fetch_assoc($queryStateMaster);



        return $fetchStateMaster;

    }



    function getCityMaster($cityId) {

        $queryCityMaster=mysql_query("SELECT city_name FROM city_master WHERE city_id='".$cityId."' order by city_name") or die(mysql_error());

        $fetchCityMaster=mysql_fetch_assoc($queryCityMaster);

        return $fetchCityMaster;

    }



    function senderMail($sender=null,$receiver=null,$subject=null,$body=null) {

        $mailQry = "

			INSERT INTO sent_mails(user_id, reciever_id, email_subject, email_body) 

			VALUES(".$sender.", ".$receiver.", '".$subject."', '".addslashes($body)."')";

        $sentMailUpdate = mysql_query($mailQry) or die("1 - ".mysql_error());

    }



    function receiverMail($receiver=null,$sender=null,$subject=null,$body=null) {

        $eMailQry = "

			INSERT INTO 

			emails(user_id, email_creater, email_subject, email_body) 

			VALUES(".$receiver.", ".$sender.", '".$subject."', '".addslashes($body)."')";

        $inboxUpdate = mysql_query($eMailQry) or die("2 - ".mysql_error());

    }



    ############################ home page slide ######################

    function homepageslideInfo($catName=null) {

        //$catName = 'Projects';

        $selectTextimg = " SELECT * FROM homepage_texts  where category='".$catName."'";

        $categorysql_res = mysql_query($selectTextimg);

        $categorysql_num = mysql_num_rows($categorysql_res);

        if($categorysql_num>0) {

            $listarr=array();

            while($categorysql_array = mysql_fetch_array($categorysql_res)) {

                $listarr[]=array('categoryName'=>$categorysql_array['category'],'helpimage'=>$categorysql_array['helpimage'],'helptitle'=>$categorysql_array['helptitle'],'helpdescription'=>$categorysql_array['helpdescription'],'morelink'=>$categorysql_array['morelink']) ;

            }

            $this->set('slideInfo',$listarr);



        }

        $this->set('slideNumber',$categorysql_num);

        $this->set('categoryslide',$catName);

    }



    ##################################################################

    ##################################################################



    ###### FOR INAPPROPRIATE URL ######

    function verifyserverUrl($txturl=NULL) {

        if($txturl) {

            $selectUrl = "SELECT * from report_abuse where abuse_url='".$txturl."' and admin_block='1' ";

            $selectUrl_res = mysql_query($selectUrl);

            if(mysql_num_rows($selectUrl_res)>0) {

                $this->redirect('/error');

            }

        }

    }





    ###############################











}

?>