/Includes/configs/functions.php
PHP | 1123 lines | 901 code | 138 blank | 84 comment | 132 complexity | e38194c5d2a366e9a07be17249658b9f MD5 | raw file
Possible License(s): GPL-2.0
- <?PHP
- //================================================================================
- // PLEASE DO NOT REMOVE THIS HEADER!!!
- //
- // COPYRIGHT NOTICE
- // This script is licensed under the GPL
- //
- // Copyright 2007-2008 Alias 454 Studios and Brandon Keep (c) All rights reserved.
- // Created 11/18/2007
- // Brandon Keep, http://www.openautoclassifieds.com
- // http://www.alias454studios.com/scripts/
- //
- // Last Modified 12-21-2008 by
- // Brandon Keep, http://alias454studios.com
- //================================================================================
- // This software IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- // THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
- // OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
- // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- // OTHER DEALINGS IN THE SOFTWARE.
- //================================================================================
-
- include_once 'env.inc.php';
-
- //Check if magic qoutes is on then stripslashes if needed
- function codeClean($var)
- {
- if (is_array($var)) {
- foreach($var as $key=>$val) {
- $output[$key] = codeClean($val);
- }
- } else {
- $var = strip_tags($var);
- $output = mysql_real_escape_string((get_magic_quotes_gpc())? stripslashes($var): $var);
- }
- return $output;
- }
-
- function viewOnPage($var)
- {
- $var = htmlentities(trim($var));
- if (get_magic_quotes_gpc())
- $var = stripslashes($var);
- return $var;
- }
-
- //Mail functions
- function sendEmail($ToEmail,$Subject,$Body,$From,$FromEmail)
- {
- $ver = phpversion();
- $Body = preg_replace("!<br \/>!","\n",$Body);
-
- $headers.="From: $From <$FromEmail>\n";
- $headers.="Reply-To: <$FromEmail>\n";
- $headers.="X-Sender: <$FromEmail>\n";
- $headers.="X-Mailer: PHP-$ver \n";
- $headers.="X-Priority: 3\n"; //1 UrgentMessage, 3 Normal
- $headers.="Return-Path: <$FromEmail> \n";
-
- mail($ToEmail,$Subject,wordwrap($Body),$headers);
- }
-
- //check contact us form for submission errors
- function checkSubmitForm($from_email,$from_name,$subject,$msg,$captcha,$security_code)
- {
- if (!validateEmail($from_email)){
- return 1;
- } elseif (empty($from_name)) {
- return 2;
- } elseif (empty($subject)) {
- return 3;
- } elseif (empty($msg)) {
- return 4;
- } elseif (!empty($security_code) && $security_code !== "$captcha") {
- return 5;
- } elseif (empty($captcha)) {
- return 6;
- } else {
- return 99;
- }
- }
-
- // function to check the referer for security reasons.
- function checkReferer($referers)
- {
- $referer = getenv("HTTP_REFERER");
- list($remove,$stuff) = split('//',$referer,2);
- list($home,$stuff) = split('/',$stuff,2);
-
- for ($x = 0; $x < count($referers); $x++) {
- if (preg_match("!$referers[$x]!","$home")) {
- //print "$home <-home $referer <-referer";
- return true;
- }
- }
-
- //if you get this far you have not met the criteria and will be redirected
- //if someone comes from a place other then in our referers list
- //set them in the right spot on our domain
- if (empty($referer)) {
- header("Location: index.php");
- $time = date('Y-m-d h:i');
- error_log(" $time Empty Referer. '".getenv("REMOTE_ADDR")."' \r\n", 3, "error.txt");
- return false;
- } else {
- header("Location: index.php");
- $time = date('Y-m-d h:i');
- error_log(" $time Illegal Referer. '".getenv("HTTP_REFERER")."' \r\n", 3, "error.txt");
- return false;
- }
- }
-
- //Login functions
- function verifyLogin($user,$pass)
- {
- //Encrypt password for database verification
- $salt = 's+(_a*';
- $pass = md5($pass.$salt);
-
- $sql = "SELECT pass FROM users WHERE pass = '" . $pass . "' AND user = '" . $user ."'";
- $res = mysql_query($sql);
- $num = mysql_num_rows($res);
-
- if ($num > 0)
- return true;
- return false;
- }
-
- //Page auth function
- function checkPrivs()
- {
- if (!empty($_SESSION["admin"])){
- $status = 'admin';
- return $status;
- } elseif (!empty($_SESSION["seller"])){
- $status = 'seller';
- return $status;
- } else {
- $status = 'user';
- return $status;
- }
- return false;
- }
-
- function checkIfAdmin($user,$pass)
- {
- $sql = "SELECT pass FROM users WHERE pass = '" . $pass . "' AND user = '" . $user ."' AND user_level = 9 ";
- $res = mysql_query($sql);
- $num = mysql_num_rows($res);
-
- if ($num > 0)
- return true;
- return false;
- }
-
- function checkIfSeller($user,$pass)
- {
- $sql = "SELECT pass FROM users WHERE pass = '" . $pass . "' AND user = '" . $user ."' AND user_level = 2 ";
- $res = mysql_query($sql);
- $num = mysql_num_rows($res);
-
- if ($num > 0)
- return true;
- return false;
- }
-
- function verifyCookie($user,$pass)
- {
- $sql = "SELECT pass FROM users WHERE pass = '" . $pass . "' AND user = '" . $user ."'";
- $res = mysql_query($sql);
- $num = mysql_num_rows($res);
-
- if ($num > 0)
- return true;
- return false;
- }
-
- function logoff()
- {
- //mysql_query("DELETE FROM onlineusers WHERE user = '" . $_SESSION["username"] . "'");
- // kill session variables
- unset($_SESSION["user"]);
- unset($_SESSION["pass"]);
- unset($_SESSION["logged_in"]);
- unset($_SESSION["admin"]);
-
- session_destroy();
- setcookie("user", NULL, time()-3600);
- setcookie("pass", NULL, time()-3600);
- setcookie("sessid", NULL, time()-3600);
-
- // redirect them to anywhere you like.
- header("Location: index.php");
- }
-
- //Update account functions
- function getUserRecords($user)
- {
- $sql = "SELECT * FROM users WHERE user = '" . $user . "'";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $records[$c]["id"] = $a_row["id"];
- $records[$c]["email"] = $a_row["email"];
- $records[$c]["user"] = $a_row["user"];
- $records[$c]["first_name"] = $a_row["first_name"];
- $records[$c]["last_name"] = $a_row["last_name"];
- $records[$c]["phone"] = $a_row["phone"];
- $records[$c]["alt_phone"] = $a_row["alt_phone"];
- $records[$c]["fax"] = $a_row["fax"];
- $records[$c]["image"] = $a_row["image"];
- $records[$c]["address"] = $a_row["address"];
- $records[$c]["city"] = $a_row["city"];
- $records[$c]["state"] = $a_row["state"];
- $records[$c]["zip"] = $a_row["zip"];
- $records[$c]["reg_date"] = $a_row["reg_date"];
- $records[$c]["image"] = $a_row["image"];
- $c++;
- }
- return $records;
- }
-
- function updateUser($user, $email, $first_name, $last_name, $phone, $alt_phone, $fax, $address, $city, $state, $zip)
- {
- if (!validateEmail($email)) {
- return 1;
- } elseif (!validatePhone($phone)) {
- return 2;
- } elseif (!validateName($first_name)) {
- return 3;
- } elseif (!validateName($last_name)) {
- return 4;
- } else {
- // Get remote IP
- $ipaddress = getenv('REMOTE_ADDR');
- $sql = "UPDATE users SET ipaddress = INET_ATON('" . $ipaddress . "'), email = '" . $email . "', first_name = '" . $first_name . "', last_name = '" . $last_name . "', phone = '" . $phone . "', alt_phone = '" . $alt_phone . "', fax = '" . $fax . "', address = '". $address . "', city = '". $city . "', state = '". $state . "', zip = '". $zip . "' WHERE user = '" . $user . "'";
- $res = mysql_query($sql);
- return 99;
- }
- }
-
- //Reset password functions
- function updatePass($user,$pass)
- {
- //Encrypt password for database
- $salt = 's+(_a*';
- $new_password = md5($pass.$salt);
- //if user logged in change their session password
- if (isset($_SESSION["pass"])) {
- $_SESSION["pass"] = "$new_password";
- }
-
- //if remember me function already set
- //change cookie for remember me
- if (isset($_COOKIE["pass"])) {
- setcookie("pass", "$new_password", time() + (60*60*24*30));
- }
-
- //perform query and update user info in the database
- $sql = "UPDATE users SET pass = '" . $new_password . "' WHERE user = '" . $user . "'";
- $res = mysql_query($sql);
- }
-
- function generatePassword($len)
- {
- $password = "";
- $char = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
-
- $count=0;
- while ($count <= $len) {
- $random = rand(1,strlen($char));
- $password.=substr($char,$random -1,1);
- $count++;
- }
-
- //echo $password;
- return $password;
- }
-
- //Registration functions
- function checkIfUser($user)
- {
- $sql = "SELECT user FROM users WHERE user = '" . $user ."' ";
- $res = mysql_query($sql);
- $num = mysql_num_rows($res);
-
- if ($num > 0)
- return true;
- return false;
- }
-
- function checkIfEmail($email)
- {
- $sql = "SELECT COUNT(*) as NUMBER FROM users WHERE email = '" . $email ."' ";
- $res = mysql_query($sql);
- $num = mysql_result($res,0,"NUMBER");
-
- if ($num > 0)
- return true;
- return false;
- }
-
- function validatePhone($phone)
- {
- if (preg_match('!^((\+\d{1,3}(-| )?\(?\d\)?(-| )?\d{1,5})|(\(?\d{2,6}\)?))(-| )?(\d{3,4})(-| )?(\d{4})(( x| ext)\d{1,5}){0,1}$!', $phone))
- return true;
- return false;
- }
-
- function validateName($name)
- {
- if (preg_match('!^([a-zA-Z]{3,60})$!', $name))
- return true;
- return false;
- }
-
- function validateUsername($user)
- {
- if (preg_match('!^\w+$!', $user))
- return true;
- return false;
- }
-
- function validateEmail($email)
- {
- if (preg_match("!^[a-zA-Z0-9]+([_\\.-][a-zA-Z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,4}$!", $email))
- return true;
- return false;
- }
-
- function registerUser($user, $pass, $email, $first_name, $last_name, $phone, $alt_phone, $fax, $address, $city, $state, $zip, $agree)
- {
- global $admin_name;
- global $admin_email;
- global $site_url;
-
- if (checkIfUser($user)) {
- return 1;
- } elseif (!validateEmail($email)) {
- return 2;
- } elseif (!validateUsername($user)) {
- return 3;
- } elseif (checkIfEmail($email)) {
- return 4;
- } elseif (empty($agree)) {
- return 5;
- } elseif (!validatePhone($phone)) {
- return 6;
- } elseif (!validateName($first_name)) {
- return 7;
- } elseif (!validateName($last_name)) {
- return 8;
- } else {
-
- //if blank password one is generated then the details are emailed
- if (empty($pass)) {
- $pass = generatePassword(6);
-
- //build email to be sent from lang file
- $body = preg_replace("!%USERNAME%!","$user",ACCT_SIGNUP_BODY);
- $body = preg_replace("!%PASSWORD%!","$pass", $body);
- $body = preg_replace("!%URL%!","$site_url/login.php", $body);
- $subject = preg_replace("!%URL%!","$site_url",ACCT_SIGNUP_SUBJECT);
- $subject = preg_replace("!%USERNAME%!","$user", $subject);
-
- sendEmail($email,$subject,$body,$admin_name,$admin_email);
- }
-
- // Get remote IP
- $ipaddress = getenv('REMOTE_ADDR');
- $reg_date = date("Y-m-d H:i:s");
-
- //Encrypt password for database
- $salt = 's+(_a*';
- $pass = md5($pass.$salt);
-
- $sql = "INSERT INTO users (ipaddress,user,pass,email,first_name,last_name,phone,alt_phone,fax,address,city,state,zip,reg_date) VALUES (INET_ATON('" . $ipaddress . "'), '" . $user . "','" . $pass . "', '" . $email . "', '" . $first_name . "', '" . $last_name . "', '" . $phone . "', '" . $alt_phone . "', '" . $fax . "', '" . $address . "', '" . $city . "', '" . $state . "', '" . $zip . "', '" . $reg_date . "')";
- $res = mysql_query($sql);
- return 99;
- }
- }
-
- function lastActive($user)
- {
- $last_active = date("Y-m-d H:i:s");
-
- $sql = "UPDATE users SET last_active = '" . $last_active . "' WHERE user = '" . $user . "' ";
- $res = mysql_query($sql);
- }
-
- //Admin Functions
- function updateEnv($url, $admin_name, $admin_email, $site_mode, $listings_per_page, $users_per_page, $listings_stored_path, $users_stored_path, $site_name, $description, $keywords, $site_lang, $site_template)
- {
- $sql = "UPDATE env_settings SET site_url = '" . $url . "', admin_name = '" . $admin_name . "', admin_email = '" . $admin_email . "', site_mode = '" . $site_mode . "', listings_per_page = " . $listings_per_page . ", users_per_page = " . $users_per_page . ", listings_stored_path = '" . $listings_stored_path . "', users_stored_path = '" . $users_stored_path . "', site_name = '" . $site_name . "', description = '" . $description . "', keywords = '" . $keywords . "', site_lang = '" . $site_lang . "', site_template = '" . $site_template . "' ";
- $res = mysql_query($sql);
- return 99;
- }
-
- function deleteUser($id)
- {
- $sql = "DELETE FROM users WHERE id = " . $id . "";
- $res = mysql_query($sql);
- return 99;
- }
-
- function updateUserDetails($user, $email, $first_name, $last_name, $phone, $alt_phone, $fax, $address, $city, $state, $zip, $user_level, $admin_notes, $id)
- {
- $sql = "UPDATE users SET user = '" . $user . "', email = '" . $email . "', first_name = '" . $first_name . "', last_name = '" . $last_name . "', phone = '" . $phone . "', alt_phone = '" . $alt_phone . "', fax = '" . $fax . "', address = '" . $address . "', city = '" . $city . "', state = '" . $state . "', zip = '" . $zip . "', user_level = '" . $user_level . "', admin_notes = '" . $admin_notes . "' WHERE id = " . $id . "";
- $res = mysql_query($sql);
- return 99;
- }
-
- //function to convert from INET_ATON http://www.ipligence.com/en/faq/
- //select INET_NTOA('3515134258');
- function ipConvert($ip)
- {
- $b = array(0,0,0,0);
- $c = 16777216.0;
- $ip += 0.0;
- for ($i = 0; $i < 4; $i++) {
- $k = (int)($ip / $c);
- $ip -= $c * $k;
- $b[$i]= $k;
- $c /=256.0;
- }
- $d = join('.', $b);
- return $d;
- }
-
- function getUserDetails($id)
- {
- if (!empty($id) && $id == "all") {
- $sql = "SELECT * FROM users";
- } else {
- $sql = "SELECT * FROM users WHERE id = " . $id . "";
- }
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $records[$c]["id"] = $a_row["id"];
- $records[$c]["ipaddress"] = ipConvert($a_row["ipaddress"]);
- $records[$c]["user"] = $a_row["user"];
- $records[$c]["email"] = $a_row["email"];
- $records[$c]["first_name"] = $a_row["first_name"];
- $records[$c]["last_name"] = $a_row["last_name"];
- $records[$c]["phone"] = $a_row["phone"];
- $records[$c]["alt_phone"] = $a_row["alt_phone"];
- $records[$c]["fax"] = $a_row["fax"];
- $records[$c]["address"] = $a_row["address"];
- $records[$c]["city"] = $a_row["city"];
- $records[$c]["state"] = $a_row["state"];
- $records[$c]["zip"] = $a_row["zip"];
- $records[$c]["reg_date"] = $a_row["reg_date"];
- $records[$c]["last_active"] = $a_row["last_active"];
- $records[$c]["user_level"] = $a_row["user_level"];
- $records[$c]["notes"] = $a_row["notes"];
- $records[$c]["image"] = $a_row["image"];
- $records[$c]["admin_notes"] = $a_row["admin_notes"];
- $c++;
- }
- if (!empty($id) && $id == "all") {
- //smarty paginate class used for users list in admin and also vehicle listings
- $paginate = new SmartyPaginate();
- $paginate->setTotal(count($records));
- return array_slice($records, $paginate->getCurrentIndex(),
- $paginate->getLimit());
- } elseif (isset($records)) {
- return $records;
- }
- }
-
- function checkImageSize($tmpfile, $max)
- {
- //check the tmpimage file size and see if it is to big returns true if to large
- $size = filesize($tmpfile);
- if ($size > $max)
- return true;
- return false;
- }
-
- function checkAllowedExt($file)
- {
- //check file for allowed extensions returns true if wrong type
- $temp = strtolower($file);
- $ext_split = split("\.",$temp);
- $ext = $ext_split[1];
- $allowed = array('gif', 'jpg', 'jpeg', 'png');
- if (!in_array($ext, $allowed))
- return true;
- return false;
- }
-
- function deleteUserImage($user)
- {
- //look up old image path then remove the file before preceding with the new image upload
- $sql = "SELECT image FROM users WHERE user = '" . $user . "'";
- $res = mysql_query($sql);
- $del = mysql_result($res,0,"image");
- if ($del != "") {
- $ext_split = split("\.",$del);
- $ext = $ext_split[1];
- $base = $ext_split[0];
-
- unlink("$del");
- unlink("$base" . "_thumb" . "." . "$ext");
-
- $sql = "UPDATE users SET image = '' WHERE user = '" . $user . "'";
- $res = mysql_query($sql);
- return true;
- }
- return false;
- }
-
- function openImage($file)
- {
- // Get extension and return it
- $temp = strtolower($file);
- $ext_split = split("\.",$temp);
- $ext = $ext_split[1];
- switch($ext) {
- case 'jpg':
- case 'jpeg':
- $im = @imagecreatefromjpeg($file);
- break;
- case 'gif':
- $im = @imagecreatefromgif($file);
- break;
- case 'png':
- $im = @imagecreatefrompng($file);
- break;
- default:
- $im = false;
- break;
- }
- return $im;
- }
-
- function createThumb($file, $ext, $width)
- {
- $im = openImage($file);
- $old_x = imageSX($im);
- $old_y = imageSY($im);
- $new_w = (int)($width);
-
- if (($new_w <= 0) or ($new_w>$old_x)) {
- $new_w=$old_x;
- }
-
- $new_h = ($old_x*($new_w/$old_x));
-
- if ($old_x > $old_y) {
- $thumb_w = $new_w;
- $thumb_h = $old_y*($new_h/$old_x);
- }
- if ($old_x < $old_y) {
- $thumb_w = $old_x*($new_w/$old_y);
- $thumb_h = $new_h;
- }
- if ($old_x == $old_y) {
- $thumb_w = $new_w;
- $thumb_h = $new_h;
- }
-
- $thumb = ImageCreateTrueColor($thumb_w,$thumb_h);
-
- if ($ext == 'png' || 'PNG') {
- imagealphablending($thumb, false);
- $colorTransparent = imagecolorallocatealpha($thumb, 0, 0, 0, 127);
- imagefill($thumb, 0, 0, $colorTransparent);
- imagesavealpha($thumb, true);
- } elseif ($ext == 'gif' || 'GIF') {
- $trnprt_indx = imagecolortransparent($im);
- if ($trnprt_indx >= 0) {
- //its transparent
- $trnprt_color = imagecolorsforindex($im, $trnprt_indx);
- $trnprt_indx = imagecolorallocate($thumb, $trnprt_color['red'], $trnprt_color['green'], $trnprt_color['blue']);
- imagefill($thumb, 0, 0, $trnprt_indx);
- imagecolortransparent($thumb, $trnprt_indx);
- }
- }
-
- imagecopyresampled($thumb,$im,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y);
-
- //choose which image program to use
- if ($ext == 'jpeg' || 'jpg' || 'JPEG' || 'JPG') {
- imagejpeg($thumb,$file,75);
- } elseif ($ext == 'png' || 'PNG') {
- imagepng($thumb,$file,75);
- } elseif ($ext == 'gif' || 'GIF') {
- imagegif($thumb,$file,75);
- }
- imagedestroy($thumb);
- }
-
- function moveUploadImage($path, $file, $tmpfile, $max, $user)
- {
- //upload your image and give it a random name so no conflicts occour
- $rand = mt_rand(1,3000);
- $save_path = $path . $user . $rand . $file;
-
- //move the temp file to the proper place
- if (move_uploaded_file($tmpfile, $save_path)) {
- $ext_split = split("\.",$save_path);
- $ext = $ext_split[1];
- $base = $ext_split[0];
-
- copy($save_path, "$base" . "_thumb" . "." . "$ext");
- createThumb("$base" . "_thumb" . "." . "$ext", $ext, 150);
- createThumb("$base" . "." . "$ext", $ext, 350);
-
- //chmod("$base" . "_thumb" . "." . "$ext", 0644);
- //chmod("$base" . "." . "$ext", 0644);
-
- return $save_path;
- }
- return false;
- }
-
- //upload the images for the members page
- function uploadUserImage($path, $file, $tmpfile, $max, $user)
- {
- if (empty($file))
- return false;
- if (checkImageSize($tmpfile, $max))
- return 1;
- if (checkAllowedExt($file))
- return 2;
-
- //look up old image path then remove the file before preceding with the new image upload
- $sql = "SELECT image FROM users WHERE user = '" . $user . "'";
- $res = mysql_query($sql);
- $del = mysql_result($res,0,"image");
- if (!empty($del)) {
- $ext_split = split("\.",$del);
- $ext = $ext_split[1];
- $base = $ext_split[0];
-
- unlink("$del");
- unlink("$base" . "_thumb" . "." . "$ext");
- }
-
- $save_path = moveUploadImage($path, $file, $tmpfile, $max, $user);
- if (isset($save_path)) {
- $sql = "UPDATE users SET image = '" . $save_path . "' WHERE user = '" . $user . "'";
- $res = mysql_query($sql);
- return 99;
- }
- return false;
- }
-
- //upload the images for the listings pages
- function uploadListImage($path, $file, $tmpfile, $max, $listingid, $user, $owner)
- {
- if (empty($file))
- return false;
- if (checkImageSize($tmpfile, $max))
- return 1;
- if (checkAllowedExt($file))
- return 2;
-
- //see if listing already has main image set if not set image as main
- $sql = "SELECT COUNT(*) as NUMBER FROM listimages WHERE listingid = " . $listingid ." AND mainimage = 1";
- $res = mysql_query($sql);
- $num = mysql_result($res,0,"NUMBER");
-
- $save_path = moveUploadImage($path, $file, $tmpfile, $max, $user);
- $ext_split = split("\.",$save_path);
- $ext = $ext_split[1];
- $base = $ext_split[0];
- $save_thumb_path = "$base" . "_thumb" . "." . "$ext";
-
- if ($num > 0) {
- if (isset($save_path)) {
- $sql = "INSERT INTO listimages (imagepath,imagethumbpath,listingid,owner) VALUES ('" . $save_path . "','" . $save_thumb_path . "', " . $listingid . ", '" . $owner . "')";
- $res = mysql_query($sql);
- return 99;
- }
- } else {
- if (isset($save_path)) {
- $sql = "INSERT INTO listimages (imagepath,imagethumbpath,mainimage,listingid,owner) VALUES ('" . $save_path . "','" . $save_thumb_path . "',1, " . $listingid . ", '" . $owner . "')";
- $res = mysql_query($sql);
- return 99;
- }
- }
- return false;
- }
-
- function markImageMain($listingid, $imageid, $owner)
- {
- if (isset($listingid) && isset($imageid) && !empty($owner)) {
- //check if already main and unset
- $sql = "SELECT * FROM listimages WHERE listingid = " . $listingid . " AND owner = '" . $owner . "' AND mainimage = 1";
- $res = mysql_query($sql);
- $num = mysql_num_rows($res);
- if (!empty($num)) {
- $setimageid = mysql_result($res,0,"id");
- $sql = "UPDATE listimages SET mainimage = 0 WHERE id = " . $setimageid . "";
- $res = mysql_query($sql);
- } else {
- //return false;
- // Possibly, this happens when mainimage is deleted
- // Correct approach would be to mark this image as main!
- $sql = "UPDATE listimages SET mainimage = 1 WHERE id = " . $imageid . "";
- $res = mysql_query($sql);
- if (!$res)
- return false;
-
- return 99;
- }
-
- $sql = "UPDATE listimages SET mainimage = 1 WHERE id = " . $imageid . "";
- $res = mysql_query($sql);
- return 99;
- }
- }
-
- function deleteFullListing($listingid)
- {
- $sql = "DELETE FROM listings WHERE id = " . $listingid . "";
- $res = mysql_query($sql);
-
- $sql = "SELECT * FROM listimages WHERE listingid = " . $listingid . "";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- if (!empty($a_row["imagepath"]))
- unlink($a_row["imagepath"]);
- if (!empty($a_row["imagethumbpath"]))
- unlink($a_row["imagethumbpath"]);
- $c++;
- }
-
- $sql = "DELETE FROM listimages WHERE listingid = " . $listingid . "";
- $res = mysql_query($sql);
- return 99;
- }
-
- function deleteListingsImage($id, $imageid, $owner)
- {
- if (isset($id) && isset($imageid) && !empty($owner)) {
- //look up image path then remove the files before preceding
- $sql = "SELECT imagepath,imagethumbpath FROM listimages WHERE id = " . $imageid . " AND owner = '" . $owner . "' LIMIT 1";
- $res = mysql_query($sql);
- $num = mysql_num_rows($res);
- if (!empty($num)) {
- $imagepath = mysql_result($res,0,"imagepath");
- $imagethumbpath = mysql_result($res,0,"imagethumbpath");
- } else {
- return false;
- }
- }
-
- if (!empty($imagepath)) {
- unlink("$imagepath");
- unlink("$imagethumbpath");
-
- $sql = "DELETE FROM listimages WHERE id = " . $imageid . " AND owner = '" . $owner . "'";
- $res = mysql_query($sql);
- return 99;
- }
- return false;
- }
-
- function getListingTitle ($listingid)
- {
- $sql = "SELECT ad_title FROM listings WHERE id = " . $listingid . " LIMIT 1";
- $res = mysql_query($sql);
-
- $title = mysql_result($res,0,"ad_title");
- return $title;
- }
-
- function getRandomImage()
- {
- $limit = 6;
- $sql = "SELECT * FROM listimages, listings WHERE listings.id = listimages.listingid AND listings.sold !=1 AND listimages.mainimage = 1 ORDER BY RAND() LIMIT $limit";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $records[$c]["ad_title"] = getListingTitle($a_row["listingid"]);
- $records[$c]["listingid"] = $a_row["listingid"];
- $records[$c]["imagepath"] = $a_row["imagepath"];
- $records[$c]["imagethumbpath"] = $a_row["imagethumbpath"];
- $c++;
- }
- return $records;
- }
-
- function getListImages($listingid)
- {
- //look up image path for listing
- $sql = "SELECT * FROM listimages WHERE listingid = " . $listingid . "";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $records[$c]["id"] = $a_row["id"];
- $records[$c]["imagepath"] = $a_row["imagepath"];
- $records[$c]["imagethumbpath"] = $a_row["imagethumbpath"];
- $records[$c]["mainimage"] = $a_row["mainimage"];
- $records[$c]["listingid"] = $a_row["listingid"];
- $c++;
- }
- return $records;
- }
-
- function getListing($id='all', $addOnSQL="", $sellerid="", $sort="")
- {
- if (empty($sort))
- $sort = "ORDER BY sold,id DESC";
-
- if (!empty($id) && $id == "all") {
- $sql = "SELECT * FROM listings $sort";
- } elseif (!empty($id) && !empty($sellerid)) {
- $sql = "SELECT * FROM listings WHERE id = " . $id . " AND sellerid = '" . $sellerid . "'";
- } elseif (!empty($addOnSQL)){
- $sql = "SELECT * FROM listings WHERE $addOnSQL $sort";
- } else {
- $sql = "SELECT * FROM listings WHERE id = " . $id . " LIMIT 1";
- }
-
- //print "$sql";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $records[$c]["id"] = $a_row["id"];
- $records[$c]["sold"] = $a_row["sold"];
- $records[$c]["featured"] = $a_row["featured"];
- $records[$c]["ad_title"] = $a_row["ad_title"];
- $records[$c]["make"] = $a_row["make"];
- $records[$c]["model"] = $a_row["model"];
- $records[$c]["vehicle_type"] = $a_row["vehicle_type"];
- $records[$c]["doors"] = $a_row["doors"];
- $records[$c]["color"] = $a_row["color"];
- $records[$c]["mileage"] = $a_row["mileage"];
- $records[$c]["year"] = $a_row["year"];
- $records[$c]["listing_condition"] = $a_row["listing_condition"];
- $records[$c]["engine"] = $a_row["engine"];
- $records[$c]["trans"] = $a_row["trans"];
- $records[$c]["drive_train"] = $a_row["drive_train"];
- $records[$c]["mpg"] = $a_row["mpg"];
- $records[$c]["fuel_type"] = $a_row["fuel_type"];
- $records[$c]["price"] = $a_row["price"];
- $records[$c]["adddesc"] = $a_row["adddesc"];
- $records[$c]["features"] = unserialize($a_row["features"]);
- $records[$c]["vin"] = $a_row["vin"];
- $records[$c]["stock"] = $a_row["stock"];
- $records[$c]["state"] = $a_row["state"];
- $records[$c]["zip"] = $a_row["zip"];
- $records[$c]["sellerid"] = $a_row["sellerid"];
- $records[$c]["seller"] = $a_row["seller"];
- $records[$c]["added_on"] = $a_row["added_on"];
- $records[$c]["last_updated"] = $a_row["last_updated"];
- $records[$c]["images"] = getListImages($a_row["id"]);
- $c++;
- }
- if (!empty($id) && $id == "all" || !empty($addOnSQL)) {
- //smarty paginate class used for users list in admin and also vehicle listings
- $paginate = new SmartyPaginate();
- $paginate->setTotal(count($records));
- if (!empty($records))
- return array_slice($records, $paginate->getCurrentIndex(), $paginate->getLimit());
- } elseif (isset($records)) {
- return $records;
- }
- }
-
- //add classifieds options
- function addOption($option, $table)
- {
- //check if empty if empty return no good
- if (empty($option))
- return false;
-
- //check if option already exists if it does return an error
- $sql = "SELECT COUNT(*) as NUMBER FROM $table WHERE $table = '" . $option ."' ";
- $res = mysql_query($sql);
- $num = mysql_result($res,0,"NUMBER");
- if ($num > 0) {
- return 1;
- //if the option is not empty and does not exist then add it
- } else {
- $sql = "INSERT INTO $table ($table) VALUES ('" . $option . "')";
- $res = mysql_query($sql);
- return 99;
- }
- }
-
- //get search list data for search page
- function getSearchList($table)
- {
- $sql = "SELECT DISTINCT $table FROM listings ORDER by $table";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $searchlist[$c]["$table"] = $a_row["$table"];
- $c++;
- }
- return $searchlist;
- }
-
- //Get option information lists
- function getStatesList()
- {
- $sql = "SELECT * FROM states ORDER by state_name";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $stateslist[$c]["state_prefix"] = $a_row["state_prefix"];
- $stateslist[$c]["state_name"] = $a_row["state_name"];
- $c++;
- }
- return $stateslist;
- }
-
- function getManufacturersList()
- {
- $sql = "SELECT * FROM manufacturer ORDER by manufacturer";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $manufacturerslist[$c]["id"] = $a_row["id"];
- $manufacturerslist[$c]["manufacturer"] = $a_row["manufacturer"];
- $c++;
- }
- return $manufacturerslist;
- }
-
- function getFeaturesList()
- {
- $sql = "SELECT * FROM features ORDER by features";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $featurelist[$c]["id"] = $a_row["id"];
- $featurelist[$c]["features"] = $a_row["features"];
- $featurelist[$c]["lists_default"] = $a_row["lists_default"];
- $c++;
- }
- return $featurelist;
- }
-
- function getDriveTrainsList()
- {
- $sql = "SELECT * FROM drive_train ORDER by drive_train";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $drivetrainlist[$c]["id"] = $a_row["id"];
- $drivetrainlist[$c]["drive_train"] = $a_row["drive_train"];
- $c++;
- }
- return $drivetrainlist;
- }
-
- function getTypesList()
- {
- $sql = "SELECT * FROM vehicle_type ORDER by vehicle_type";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $typeslist[$c]["id"] = $a_row["id"];
- $typeslist[$c]["vehicle_type"] = $a_row["vehicle_type"];
- $c++;
- }
- return $typeslist;
- }
-
- function getSingleOption($table, $id)
- {
- $sql = "SELECT * FROM $table WHERE id = " . $id . "";
- $res = mysql_query($sql);
- $row = mysql_fetch_row($res);
- if (isset($row))
- return $row;
- return false;
- }
-
- function updateSingleOption($table, $data, $id, $lists_default)
- {
- //check if var for default list is set
- if (isset($lists_default)) {
- $sql = "UPDATE $table SET lists_default = '" . $lists_default . "', $table = '" . $data . "' WHERE id = " . $id . "";
- $res = mysql_query($sql);
- return 99;
- //otherwise update without it
- } else {
- $sql = "UPDATE $table SET $table = '" . $data . "' WHERE id = " . $id . "";
- $res = mysql_query($sql);
- return 99;
- }
- }
-
- function deleteOption($table, $id)
- {
- $sql = "DELETE FROM $table WHERE id = " . $id . "";
- $res = mysql_query($sql);
- return 99;
- }
-
- function getSellers()
- {
- $sql = "SELECT * FROM users WHERE user_level = 2";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $records[$c]["id"] = $a_row["id"];
- $records[$c]["user"] = $a_row["user"];
- $c++;
- }
- return $records;
- }
-
- function updateListing($id, $ad_title, $make, $model, $vehicle_type, $doors, $color, $mileage, $year, $listing_condition, $engine, $trans, $drive_train, $mpg, $fuel_type, $price, $adddesc, $features, $vin, $stock, $state, $zip, $sold, $sellerid, $seller)
- {
- if (empty($model))
- return false;
-
- if (strpos($adddesc, "&") !== false) {
- return false;
- } elseif (strlen(strip_tags($adddesc)) < strlen($adddesc)) {
- return false;
- }
-
- if (!empty($model)) {
- $sql = "UPDATE listings SET ad_title = '" . $ad_title . "', make = '" . $make . "', model = '" . $model . "', vehicle_type = '" . $vehicle_type . "', doors = '" . $doors . "', color = '" . $color . "', mileage = '" . $mileage . "', year = '" . $year . "', listing_condition = '" . $listing_condition . "', engine = '" . $engine . "', trans = '" . $trans . "', drive_train = '" . $drive_train . "', mpg = '" . $mpg . "', fuel_type = '" . $fuel_type . "', price = '" . $price . "', adddesc = '" . $adddesc . "', features = '" . $features . "', vin = '" . $vin . "', stock = '" . $stock . "', state = '" . $state . "', zip = '" . $zip . "', sold = '" . $sold . "', sellerid = '" . $sellerid . "', seller = '" . $seller . "' WHERE id = " . $id . "";
- $res = mysql_query($sql);// or die(mysql_error());
- return 99;
- }
- return false;
- }
-
- function addListing($ad_title, $make, $model, $vehicle_type, $doors, $color, $mileage, $year, $listing_condition, $engine, $trans, $drive_train, $mpg, $fuel_type, $price, $adddesc, $features, $vin, $stock, $state, $zip, $sellerid, $seller)
- {
- if (empty($model))
- return false;
-
- if (strpos($adddesc, "&") !== false) {
- return false;
- } elseif (strlen(strip_tags($adddesc)) < strlen($adddesc)) {
- return false;
- }
-
- $added_on = date('Y-m-d h:i');
-
- if (!empty($model)) {
- $sql = "INSERT INTO listings (ad_title, make, model, vehicle_type, doors, color, mileage, year, listing_condition, engine, trans, drive_train, mpg, fuel_type, price, adddesc, features, vin, stock, state, zip, sellerid, seller, added_on) VALUES ('" . $ad_title . "', '" . $make . "', '" . $model . "', '" . $vehicle_type . "', '" . $doors . "', '" . $color . "', '" . $mileage . "', '" . $year . "', '" . $listing_condition . "', '" . $engine . "', '" . $trans . "', '" . $drive_train . "', '" . $mpg . "', '" . $fuel_type . "', '" . $price . "', '" . $adddesc . "', '" . $features . "', '" . $vin . "', '" . $stock . "', '" . $state . "', '" . $zip . "', '" . $sellerid . "', '" . $seller . "', '" . $added_on . "')";
- $res = mysql_query($sql);// or die(mysql_error());
- return 99;
- }
- return false;
- }
-
- function getAllSellers()
- {
- $sql = "SELECT user,id,first_name,last_name FROM users WHERE user_level = 2";
- $res = mysql_query($sql);
-
- $c=0;
- while ($a_row = mysql_fetch_array($res)) {
- $records[$c]["id"] = $a_row["id"];
- $records[$c]["user"] = $a_row["user"];
- $records[$c]["first_name"] = $a_row["first_name"];
- $records[$c]["last_name"] = $a_row["last_name"];
- $c++;
- }
- return $records;
- }
-
- function getSellerId($user)
- {
- $sql = "SELECT id FROM users WHERE user = '" . $user . "' AND user_level = 2 LIMIT 1";
- $res = mysql_query($sql);
-
- if (!empty($res)) {
- $id = mysql_result($res,0,"id");
- return $id;
- } else {
- return false;
- }
- }
-
- function getSellerEmail($seller)
- {
- $sql = "SELECT email FROM users WHERE id = " . $seller . " AND user_level = 2 LIMIT 1";
- $res = mysql_query($sql);
-
- if (!empty($res)) {
- $email = mysql_result($res,0,"email");
- return $email;
- } else {
- return false;
- }
- }
-
- function getUserId($user)
- {
- $sql = "SELECT id FROM users WHERE user = '" . $user . "' LIMIT 1";
- $res = mysql_query($sql);
-
- if (!empty($res)) {
- $id = mysql_result($res,0,"id");
- return $id;
- } else {
- return false;
- }
- }
-
- ?>