/Includes/configs/functions.php

<?PHP

//================================================================================

// PLEASE DO NOT REMOVE THIS HEADER!!!

//

// COPYRIGHT NOTICE

// This script is licensed under the GPL

// 

// Copyright 2007-2008 Alias 454 Studios and Brandon Keep (c) All rights reserved.

// Created 11/18/2007   

// Brandon Keep,    http://www.openautoclassifieds.com

//                  http://www.alias454studios.com/scripts/

//

// Last Modified 12-21-2008 by

// Brandon Keep,    http://alias454studios.com

//================================================================================

// This software IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

// THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR

// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,

// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR

// OTHER DEALINGS IN THE SOFTWARE.

//================================================================================



include_once 'env.inc.php';



//Check if magic qoutes is on then stripslashes if needed

function codeClean($var)

{

    if (is_array($var)) {

        foreach($var as $key=>$val) {

            $output[$key] = codeClean($val);

        }

    } else {

		$var = strip_tags($var);

		$output = mysql_real_escape_string((get_magic_quotes_gpc())? stripslashes($var): $var);

	}

	return $output;

}



function viewOnPage($var)

{

    $var = htmlentities(trim($var));

    if (get_magic_quotes_gpc()) 

        $var = stripslashes($var);

    return $var;

}



//Mail functions

function sendEmail($ToEmail,$Subject,$Body,$From,$FromEmail)

{

	$ver = phpversion();

	$Body = preg_replace("!<br \/>!","\n",$Body);



	$headers.="From: $From <$FromEmail>\n";

	$headers.="Reply-To: <$FromEmail>\n";

	$headers.="X-Sender: <$FromEmail>\n";

	$headers.="X-Mailer: PHP-$ver \n";

	$headers.="X-Priority: 3\n"; //1 UrgentMessage, 3 Normal

	$headers.="Return-Path: <$FromEmail> \n";



mail($ToEmail,$Subject,wordwrap($Body),$headers);

}



//check contact us form for submission errors

function checkSubmitForm($from_email,$from_name,$subject,$msg,$captcha,$security_code)

{

	if (!validateEmail($from_email)){

		return 1;

	} elseif (empty($from_name)) {

		return 2; 

	} elseif (empty($subject)) {

		return 3;

	} elseif (empty($msg)) {

		return 4;

	} elseif (!empty($security_code) && $security_code !== "$captcha") {

		return 5;

	} elseif (empty($captcha)) {

		return 6;

	} else {

		return 99;

	}

}



// function to check the referer for security reasons.

function checkReferer($referers) 

{

	$referer = getenv("HTTP_REFERER");

	list($remove,$stuff) = split('//',$referer,2);

	list($home,$stuff) = split('/',$stuff,2);



	for ($x = 0; $x < count($referers); $x++) {

		if (preg_match("!$referers[$x]!","$home")) {

			//print "$home <-home $referer <-referer";

			return true;

		}

	}



   	//if you get this far you have not met the criteria and will be redirected

	//if someone comes from a place other then in our referers list

	//set them in the right spot on our domain

	if (empty($referer)) {

		header("Location: index.php");

		$time = date('Y-m-d h:i');

		error_log(" $time Empty Referer. '".getenv("REMOTE_ADDR")."' \r\n", 3, "error.txt");

		return false;

	} else {

		header("Location: index.php");

		$time = date('Y-m-d h:i');

		error_log(" $time Illegal Referer. '".getenv("HTTP_REFERER")."' \r\n", 3, "error.txt");

		return false;

	}

}



//Login functions

function verifyLogin($user,$pass)

{

	//Encrypt password for database verification

	$salt = 's+(_a*';

	$pass = md5($pass.$salt);



	$sql = "SELECT pass FROM users WHERE pass = '" . $pass . "' AND user = '" . $user ."'";

	$res = mysql_query($sql);

	$num = mysql_num_rows($res);



	if ($num > 0)

		return true;

	return false;	

}



//Page auth function

function checkPrivs()

{

	if (!empty($_SESSION["admin"])){

		$status = 'admin';

		return $status;

	} elseif (!empty($_SESSION["seller"])){

		$status = 'seller';

		return $status;

	} else {

		$status = 'user';

		return $status;

	}

	return false;

}



function checkIfAdmin($user,$pass)

{

	$sql = "SELECT pass FROM users WHERE pass = '" . $pass . "' AND user = '" . $user ."' AND user_level = 9 ";

	$res = mysql_query($sql);

	$num = mysql_num_rows($res);



	if ($num > 0)

		return true;

	return false;	

}



function checkIfSeller($user,$pass)

{

	$sql = "SELECT pass FROM users WHERE pass = '" . $pass . "' AND user = '" . $user ."' AND user_level = 2 ";

	$res = mysql_query($sql);

	$num = mysql_num_rows($res);



	if ($num > 0)

		return true;

	return false;	

}



function verifyCookie($user,$pass)

{

	$sql = "SELECT pass FROM users WHERE pass = '" . $pass . "' AND user = '" . $user ."'";

	$res = mysql_query($sql);

	$num = mysql_num_rows($res);

	

	if ($num > 0)

		return true;

	return false;	

}



function logoff()

{

	//mysql_query("DELETE FROM onlineusers WHERE user = '" . $_SESSION["username"] . "'");

	// kill session variables

	unset($_SESSION["user"]);

	unset($_SESSION["pass"]);

	unset($_SESSION["logged_in"]);

	unset($_SESSION["admin"]);



	session_destroy(); 

	setcookie("user", NULL, time()-3600);

	setcookie("pass", NULL, time()-3600); 

	setcookie("sessid", NULL, time()-3600); 

	

  // redirect them to anywhere you like.

  header("Location: index.php");

}



//Update account functions

function getUserRecords($user)

{

	$sql = "SELECT * FROM users WHERE user = '" . $user . "'"; 

	$res = mysql_query($sql);



	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		$records[$c]["id"] = $a_row["id"];

		$records[$c]["email"] = $a_row["email"];

		$records[$c]["user"] = $a_row["user"];

		$records[$c]["first_name"] = $a_row["first_name"];

		$records[$c]["last_name"] = $a_row["last_name"];

		$records[$c]["phone"] = $a_row["phone"];

		$records[$c]["alt_phone"] = $a_row["alt_phone"];

		$records[$c]["fax"] = $a_row["fax"];

		$records[$c]["image"] = $a_row["image"];

		$records[$c]["address"] = $a_row["address"];

		$records[$c]["city"] = $a_row["city"];

		$records[$c]["state"] = $a_row["state"];

		$records[$c]["zip"] = $a_row["zip"];

		$records[$c]["reg_date"] = $a_row["reg_date"];

		$records[$c]["image"] = $a_row["image"];

	$c++;

    }

	return $records;

}



function updateUser($user, $email, $first_name, $last_name, $phone, $alt_phone, $fax, $address, $city, $state, $zip)

{

	if (!validateEmail($email))	{

		return 1;

	} elseif (!validatePhone($phone)) {

		return 2;

	} elseif (!validateName($first_name)) {

		return 3;

	} elseif (!validateName($last_name)) {

		return 4;

	} else {

		// Get remote IP

		$ipaddress = getenv('REMOTE_ADDR');

		$sql = "UPDATE users SET ipaddress = INET_ATON('" . $ipaddress . "'), email = '" . $email . "', first_name = '" . $first_name . "', last_name = '" . $last_name . "', phone = '" . $phone . "', alt_phone = '" . $alt_phone . "', fax = '" . $fax . "', address = '". $address . "', city = '". $city . "', state = '". $state . "', zip = '". $zip . "' WHERE user = '" . $user . "'";		

		$res = mysql_query($sql);

	return 99;

	}

}



//Reset password functions

function updatePass($user,$pass)

{

	//Encrypt password for database

	$salt = 's+(_a*';

	$new_password = md5($pass.$salt);

	//if user logged in change their session password 

	if (isset($_SESSION["pass"])) {

		$_SESSION["pass"] = "$new_password";

	}



	//if remember me function already set

	//change cookie for remember me

	if (isset($_COOKIE["pass"])) {

		setcookie("pass", "$new_password", time() + (60*60*24*30));

	}



	//perform query and update user info in the database

	$sql = "UPDATE users SET pass = '" . $new_password . "' WHERE user = '" . $user . "'";

 	$res = mysql_query($sql);

}



function generatePassword($len)

{

	$password = "";

	$char = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';



	$count=0;

	while ($count <= $len) {

		$random = rand(1,strlen($char));

		$password.=substr($char,$random -1,1);

	$count++;

	} 



//echo $password;

return $password;

}



//Registration functions

function checkIfUser($user)

{

	$sql = "SELECT user FROM users WHERE user = '" . $user ."' ";

	$res = mysql_query($sql);

	$num = mysql_num_rows($res);



	if ($num > 0)

		return true;

	return false;	

}



function checkIfEmail($email)

{

	$sql = "SELECT COUNT(*) as NUMBER FROM users WHERE email = '" . $email ."' ";

	$res = mysql_query($sql);

	$num = mysql_result($res,0,"NUMBER");

	

	if ($num > 0)

		return true;

	return false;	

}



function validatePhone($phone)

{

	if (preg_match('!^((\+\d{1,3}(-| )?\(?\d\)?(-| )?\d{1,5})|(\(?\d{2,6}\)?))(-| )?(\d{3,4})(-| )?(\d{4})(( x| ext)\d{1,5}){0,1}$!', $phone))

		return true;

	return false;

}



function validateName($name)

{

	if (preg_match('!^([a-zA-Z]{3,60})$!', $name))

    	return true;

	return false;

}



function validateUsername($user)

{

	if (preg_match('!^\w+$!', $user))

    	return true;

	return false;

}



function validateEmail($email)

{

	if (preg_match("!^[a-zA-Z0-9]+([_\\.-][a-zA-Z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,4}$!", $email))

   		return true;

	return false;

}



function registerUser($user, $pass, $email, $first_name, $last_name, $phone, $alt_phone, $fax, $address, $city, $state, $zip, $agree)

{

	global $admin_name;

	global $admin_email;

	global $site_url;



	if (checkIfUser($user))	{

		return 1;

	} elseif (!validateEmail($email)) {

		return 2;

	} elseif (!validateUsername($user)) {

		return 3;

	} elseif (checkIfEmail($email)) {

		return 4;

	} elseif (empty($agree)) {

		return 5;

	} elseif (!validatePhone($phone)) {

		return 6;

	} elseif (!validateName($first_name)) {

		return 7;

	} elseif (!validateName($last_name)) {

		return 8;

	} else {

		

	//if blank password one is generated then the details are emailed

		if (empty($pass)) {

			$pass = generatePassword(6);

			

		//build email to be sent from lang file

			$body = preg_replace("!%USERNAME%!","$user",ACCT_SIGNUP_BODY);

			$body = preg_replace("!%PASSWORD%!","$pass", $body);

			$body = preg_replace("!%URL%!","$site_url/login.php", $body);

			$subject = preg_replace("!%URL%!","$site_url",ACCT_SIGNUP_SUBJECT);

			$subject = preg_replace("!%USERNAME%!","$user", $subject);



		sendEmail($email,$subject,$body,$admin_name,$admin_email);

		}

	

	  	// Get remote IP

			$ipaddress = getenv('REMOTE_ADDR');

			$reg_date = date("Y-m-d H:i:s");

	  

	  	//Encrypt password for database

	    	$salt = 's+(_a*';

			$pass = md5($pass.$salt);



			$sql = "INSERT INTO users (ipaddress,user,pass,email,first_name,last_name,phone,alt_phone,fax,address,city,state,zip,reg_date) VALUES (INET_ATON('" . $ipaddress . "'), '" . $user . "','" . $pass . "', '" . $email . "', '" . $first_name . "', '" . $last_name . "', '" . $phone . "', '" . $alt_phone . "', '" . $fax . "', '" . $address . "', '" . $city . "', '" . $state . "', '" . $zip . "', '" . $reg_date . "')"; 

			$res = mysql_query($sql);

		return 99;

	}

}



function lastActive($user)

{

	$last_active = date("Y-m-d H:i:s");



	$sql = "UPDATE users SET last_active = '" . $last_active . "' WHERE user = '" . $user . "' ";

	$res = mysql_query($sql);

}



//Admin Functions

function updateEnv($url, $admin_name, $admin_email, $site_mode, $listings_per_page, $users_per_page, $listings_stored_path, $users_stored_path, $site_name, $description, $keywords, $site_lang, $site_template)

{

	$sql = "UPDATE env_settings SET site_url = '" . $url . "', admin_name = '" . $admin_name . "', admin_email = '" . $admin_email . "', site_mode = '" . $site_mode . "', listings_per_page = " . $listings_per_page . ", users_per_page = " . $users_per_page . ", listings_stored_path = '" . $listings_stored_path . "', users_stored_path = '" . $users_stored_path . "', site_name = '" . $site_name . "', description = '" . $description . "', keywords = '" . $keywords . "', site_lang = '" . $site_lang . "', site_template = '" . $site_template . "' ";		

	$res = mysql_query($sql);

	return 99;

}



function deleteUser($id)

{

	$sql = "DELETE FROM users WHERE id = " . $id . ""; 

	$res = mysql_query($sql);

	return 99;

}



function updateUserDetails($user, $email, $first_name, $last_name, $phone, $alt_phone, $fax, $address, $city, $state, $zip, $user_level, $admin_notes, $id)

{

	$sql = "UPDATE users SET user = '" . $user . "', email = '" . $email . "', first_name = '" . $first_name . "', last_name = '" . $last_name . "', phone = '" . $phone . "', alt_phone = '" . $alt_phone . "', fax = '" . $fax . "', address = '" . $address . "', city = '" . $city . "', state = '" . $state . "', zip = '" . $zip . "', user_level = '" . $user_level . "', admin_notes = '" . $admin_notes . "'  WHERE id = " . $id . "";		

	$res = mysql_query($sql);

	return 99;

}



//function to convert from INET_ATON http://www.ipligence.com/en/faq/

//select INET_NTOA('3515134258');

function ipConvert($ip)

{

	$b = array(0,0,0,0);

	$c = 16777216.0;

	$ip += 0.0;

	for ($i = 0; $i < 4; $i++) {

		$k = (int)($ip / $c);

		$ip -= $c * $k;

		$b[$i]= $k;

		$c /=256.0;

	}

	$d = join('.', $b);

	return $d;

}



function getUserDetails($id)

{

	if (!empty($id) && $id == "all") {

		$sql = "SELECT * FROM users";

	} else {

		$sql = "SELECT * FROM users WHERE id = " . $id . "";  

	}

	$res = mysql_query($sql);



	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		 $records[$c]["id"] = $a_row["id"];

		 $records[$c]["ipaddress"] = ipConvert($a_row["ipaddress"]);

		 $records[$c]["user"] = $a_row["user"];

		 $records[$c]["email"] = $a_row["email"];

		 $records[$c]["first_name"] = $a_row["first_name"];

		 $records[$c]["last_name"] = $a_row["last_name"];

		 $records[$c]["phone"] = $a_row["phone"];

		 $records[$c]["alt_phone"] = $a_row["alt_phone"];

		 $records[$c]["fax"] = $a_row["fax"];

		 $records[$c]["address"] = $a_row["address"];

		 $records[$c]["city"] = $a_row["city"];

		 $records[$c]["state"] = $a_row["state"];

		 $records[$c]["zip"] = $a_row["zip"];

		 $records[$c]["reg_date"] = $a_row["reg_date"];

		 $records[$c]["last_active"] = $a_row["last_active"];

		 $records[$c]["user_level"] = $a_row["user_level"];

		 $records[$c]["notes"] = $a_row["notes"];

		 $records[$c]["image"] = $a_row["image"];

		 $records[$c]["admin_notes"] = $a_row["admin_notes"];

	$c++;

	}

	if (!empty($id) && $id == "all") {

		//smarty paginate class used for users list in admin and also vehicle listings

		$paginate = new SmartyPaginate();

		$paginate->setTotal(count($records));

    	return array_slice($records, $paginate->getCurrentIndex(),

		$paginate->getLimit());

	} elseif (isset($records)) {

		return $records; 

	}

}



function checkImageSize($tmpfile, $max)

{

	//check the tmpimage file size and see if it is to big returns true if to large

	$size = filesize($tmpfile);

	if ($size > $max)

		return true;

	return false;

}



function checkAllowedExt($file)

{

	//check file for allowed extensions returns true if wrong type

	$temp = strtolower($file);

	$ext_split = split("\.",$temp);

	$ext = $ext_split[1];

	$allowed = array('gif', 'jpg', 'jpeg', 'png');

	if (!in_array($ext, $allowed))

		return true;

	return false;

}



function deleteUserImage($user)

{

	//look up old image path then remove the file before preceding with the new image upload

	$sql = "SELECT image FROM users WHERE user = '" . $user . "'";

	$res = mysql_query($sql);

	$del = mysql_result($res,0,"image");

	if ($del != "") {

		$ext_split = split("\.",$del);

		$ext = $ext_split[1];

		$base = $ext_split[0];



		unlink("$del");

		unlink("$base" . "_thumb" . "." . "$ext");

		

		$sql = "UPDATE users SET image = ''  WHERE user = '" . $user . "'";

		$res = mysql_query($sql);

		return true;

	}

	return false;

}



function openImage($file)

{

	// Get extension and return it

	$temp = strtolower($file);

	$ext_split = split("\.",$temp);

	$ext = $ext_split[1];

	switch($ext) {

		case 'jpg':

		case 'jpeg':

			$im = @imagecreatefromjpeg($file);

			break;

		case 'gif':

			$im = @imagecreatefromgif($file);

			break;

		case 'png':

			$im = @imagecreatefrompng($file);

			break;

		default:

			$im = false;

			break;

	}

	return $im;

}



function createThumb($file, $ext, $width)

{

	$im    = openImage($file);

    $old_x = imageSX($im);

    $old_y = imageSY($im);

    $new_w = (int)($width);

    

	if (($new_w <= 0) or ($new_w>$old_x)) {

		$new_w=$old_x;

    }



    $new_h = ($old_x*($new_w/$old_x));



    if ($old_x > $old_y) {

        $thumb_w = $new_w;

        $thumb_h = $old_y*($new_h/$old_x);

    }

    if ($old_x < $old_y) {

        $thumb_w = $old_x*($new_w/$old_y);

        $thumb_h = $new_h;

    }

    if ($old_x == $old_y) {

		$thumb_w = $new_w;

		$thumb_h = $new_h;

    }

	

	$thumb = ImageCreateTrueColor($thumb_w,$thumb_h);

	

	if ($ext == 'png' || 'PNG') {

    	imagealphablending($thumb, false);

        $colorTransparent = imagecolorallocatealpha($thumb, 0, 0, 0, 127);

        imagefill($thumb, 0, 0, $colorTransparent);

        imagesavealpha($thumb, true);

	} elseif ($ext == 'gif' || 'GIF') {

    	$trnprt_indx = imagecolortransparent($im);

        if ($trnprt_indx >= 0) {

        	//its transparent

            $trnprt_color = imagecolorsforindex($im, $trnprt_indx);

            $trnprt_indx = imagecolorallocate($thumb, $trnprt_color['red'], $trnprt_color['green'], $trnprt_color['blue']);

            imagefill($thumb, 0, 0, $trnprt_indx);

            imagecolortransparent($thumb, $trnprt_indx);

		}

	}



    imagecopyresampled($thumb,$im,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y);



	//choose which image program to use

	if ($ext == 'jpeg' || 'jpg' || 'JPEG' || 'JPG') {

		imagejpeg($thumb,$file,75);

	} elseif ($ext == 'png' || 'PNG') {

		imagepng($thumb,$file,75);

	} elseif ($ext == 'gif' || 'GIF') {

		imagegif($thumb,$file,75);

	}

    imagedestroy($thumb);

}



function moveUploadImage($path, $file, $tmpfile, $max, $user)

{

	//upload your image and give it a random name so no conflicts occour

	$rand = mt_rand(1,3000);

	$save_path = $path . $user . $rand . $file;



	//move the temp file to the proper place

	if (move_uploaded_file($tmpfile, $save_path)) {

		$ext_split = split("\.",$save_path);

		$ext = $ext_split[1];

		$base = $ext_split[0];



		copy($save_path, "$base" . "_thumb" . "." . "$ext");

		createThumb("$base" . "_thumb" . "." . "$ext", $ext, 150);

		createThumb("$base" . "." . "$ext", $ext, 350);



		//chmod("$base" . "_thumb" . "." . "$ext", 0644);

		//chmod("$base" . "." . "$ext", 0644);



		return $save_path;

	}

	return false;

}



//upload the images for the members page

function uploadUserImage($path, $file, $tmpfile, $max, $user)

{

	if (empty($file))

		return false;

	if (checkImageSize($tmpfile, $max))

		return 1;

	if (checkAllowedExt($file))

		return 2;



	//look up old image path then remove the file before preceding with the new image upload

	$sql = "SELECT image FROM users WHERE user = '" . $user . "'";

	$res = mysql_query($sql);

	$del = mysql_result($res,0,"image");

	if (!empty($del)) {

		$ext_split = split("\.",$del);

		$ext = $ext_split[1];

		$base = $ext_split[0];



		unlink("$del");

		unlink("$base" . "_thumb" . "." . "$ext");

	}

	

	$save_path = moveUploadImage($path, $file, $tmpfile, $max, $user);

	if (isset($save_path)) {

		$sql = "UPDATE users SET image = '" . $save_path . "'  WHERE user = '" . $user . "'";

		$res = mysql_query($sql);

		return 99;

	}

	return false;

}



//upload the images for the listings pages

function uploadListImage($path, $file, $tmpfile, $max, $listingid, $user, $owner)

{

	if (empty($file))

		return false;

	if (checkImageSize($tmpfile, $max))

		return 1;

	if (checkAllowedExt($file))

		return 2;



	//see if listing already has main image set if not set image as main

	$sql = "SELECT COUNT(*) as NUMBER FROM listimages WHERE listingid = " . $listingid ." AND mainimage = 1";

	$res = mysql_query($sql);

	$num = mysql_result($res,0,"NUMBER");



	$save_path = moveUploadImage($path, $file, $tmpfile, $max, $user);

	$ext_split = split("\.",$save_path);

	$ext = $ext_split[1];

	$base = $ext_split[0];

	$save_thumb_path = "$base" . "_thumb" . "." . "$ext";

	

	if ($num > 0) {

		if (isset($save_path)) {

			$sql = "INSERT INTO listimages (imagepath,imagethumbpath,listingid,owner) VALUES ('" . $save_path . "','" . $save_thumb_path . "', " . $listingid . ", '" . $owner . "')"; 

			$res = mysql_query($sql);

			return 99;

		}

	} else {

		if (isset($save_path)) {

			$sql = "INSERT INTO listimages (imagepath,imagethumbpath,mainimage,listingid,owner) VALUES ('" . $save_path . "','" . $save_thumb_path . "',1, " . $listingid . ", '" . $owner . "')"; 

			$res = mysql_query($sql);

			return 99;

		}

	}

	return false;

}



function markImageMain($listingid, $imageid, $owner)

{

	if (isset($listingid) && isset($imageid) && !empty($owner)) {

		//check if already main and unset

		$sql = "SELECT * FROM listimages WHERE listingid = " . $listingid . " AND owner = '" . $owner . "' AND mainimage = 1";

		$res = mysql_query($sql);

		$num = mysql_num_rows($res);

		if (!empty($num)) {

			$setimageid = mysql_result($res,0,"id");

			$sql = "UPDATE listimages SET mainimage = 0 WHERE id = " . $setimageid . "";

			$res = mysql_query($sql);

		} else {

			//return false;

			// Possibly, this happens when mainimage is deleted

            // Correct approach would be to mark this image as main!

			$sql = "UPDATE listimages SET mainimage = 1  WHERE id = " . $imageid . "";

			$res = mysql_query($sql);

			if (!$res)

				return false;

			

			return 99;

		}

	

		$sql = "UPDATE listimages SET mainimage = 1  WHERE id = " . $imageid . "";

		$res = mysql_query($sql);

		return 99;

	}

}



function deleteFullListing($listingid)

{

	$sql = "DELETE FROM listings WHERE id = " . $listingid . ""; 

	$res = mysql_query($sql);

	

	$sql = "SELECT * FROM listimages WHERE listingid = " . $listingid . ""; 

	$res = mysql_query($sql);



	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		if (!empty($a_row["imagepath"]))

			unlink($a_row["imagepath"]);

		if (!empty($a_row["imagethumbpath"]))

			unlink($a_row["imagethumbpath"]);

	$c++;

    }

	

	$sql = "DELETE FROM listimages WHERE listingid = " . $listingid . ""; 

	$res = mysql_query($sql);

	return 99;	

}



function deleteListingsImage($id, $imageid, $owner)

{

	if (isset($id) && isset($imageid) && !empty($owner)) {

		//look up image path then remove the files before preceding

		$sql = "SELECT imagepath,imagethumbpath FROM listimages WHERE id = " . $imageid . " AND owner = '" . $owner . "' LIMIT 1";

		$res = mysql_query($sql);

		$num = mysql_num_rows($res);

		if (!empty($num)) {

			$imagepath = mysql_result($res,0,"imagepath");

			$imagethumbpath = mysql_result($res,0,"imagethumbpath");

		} else {

			return false;

		}

	}

	

	if (!empty($imagepath)) {

		unlink("$imagepath");

		unlink("$imagethumbpath");

		

		$sql = "DELETE FROM listimages WHERE id = " . $imageid . "  AND owner = '" . $owner . "'";

		$res = mysql_query($sql);

		return 99;

	}

	return false;

}



function getListingTitle ($listingid) 

{

	$sql = "SELECT ad_title FROM listings WHERE id = " . $listingid . " LIMIT 1";

	$res = mysql_query($sql);

	

	$title = mysql_result($res,0,"ad_title");

	return $title;

}



function getRandomImage()

{

	$limit = 6;

	$sql = "SELECT * FROM listimages, listings WHERE listings.id = listimages.listingid AND listings.sold !=1 AND listimages.mainimage = 1 ORDER BY RAND() LIMIT $limit";

	$res = mysql_query($sql);

	

	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		$records[$c]["ad_title"] = getListingTitle($a_row["listingid"]);

		$records[$c]["listingid"] = $a_row["listingid"];

		$records[$c]["imagepath"] = $a_row["imagepath"];

		$records[$c]["imagethumbpath"] = $a_row["imagethumbpath"];

	$c++;

    }

	return $records;

}



function getListImages($listingid)

{

	//look up image path for listing

	$sql = "SELECT * FROM listimages WHERE listingid = " . $listingid . "";

	$res = mysql_query($sql);



	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		 $records[$c]["id"] = $a_row["id"];

		 $records[$c]["imagepath"] = $a_row["imagepath"];

		 $records[$c]["imagethumbpath"] = $a_row["imagethumbpath"];

		 $records[$c]["mainimage"] = $a_row["mainimage"];

		 $records[$c]["listingid"] = $a_row["listingid"];

	$c++;

	}

	return $records;

}



function getListing($id='all', $addOnSQL="", $sellerid="", $sort="")

{

	if (empty($sort))

		$sort = "ORDER BY sold,id DESC";



	if (!empty($id) && $id == "all") {

		$sql = "SELECT * FROM listings $sort";

	} elseif (!empty($id) && !empty($sellerid)) {

		$sql = "SELECT * FROM listings WHERE id = " . $id . " AND sellerid = '" . $sellerid . "'";  

	} elseif (!empty($addOnSQL)){

		$sql = "SELECT * FROM listings WHERE $addOnSQL $sort";

	} else {

		$sql = "SELECT * FROM listings WHERE id = " . $id . " LIMIT 1";  

	}

	

	//print "$sql";

	$res = mysql_query($sql);



	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		$records[$c]["id"] = $a_row["id"];

		$records[$c]["sold"] = $a_row["sold"];

		$records[$c]["featured"] = $a_row["featured"];

		$records[$c]["ad_title"] = $a_row["ad_title"];

		$records[$c]["make"] = $a_row["make"];

		$records[$c]["model"] = $a_row["model"];

		$records[$c]["vehicle_type"] = $a_row["vehicle_type"];

		$records[$c]["doors"] = $a_row["doors"];

		$records[$c]["color"] = $a_row["color"];

		$records[$c]["mileage"] = $a_row["mileage"];

		$records[$c]["year"] = $a_row["year"];

		$records[$c]["listing_condition"] = $a_row["listing_condition"];

		$records[$c]["engine"] = $a_row["engine"];

		$records[$c]["trans"] = $a_row["trans"];

		$records[$c]["drive_train"] = $a_row["drive_train"];

		$records[$c]["mpg"] = $a_row["mpg"];

		$records[$c]["fuel_type"] = $a_row["fuel_type"];

		$records[$c]["price"] = $a_row["price"];

		$records[$c]["adddesc"] = $a_row["adddesc"];

		$records[$c]["features"] = unserialize($a_row["features"]);

		$records[$c]["vin"] = $a_row["vin"];

		$records[$c]["stock"] = $a_row["stock"];

		$records[$c]["state"] = $a_row["state"];

		$records[$c]["zip"] = $a_row["zip"];

		$records[$c]["sellerid"] = $a_row["sellerid"];

		$records[$c]["seller"] = $a_row["seller"];

		$records[$c]["added_on"] = $a_row["added_on"];

		$records[$c]["last_updated"] = $a_row["last_updated"];

		$records[$c]["images"] = getListImages($a_row["id"]);

	$c++;

	}

	if (!empty($id) && $id == "all" || !empty($addOnSQL)) {

		//smarty paginate class used for users list in admin and also vehicle listings

		$paginate = new SmartyPaginate();

		$paginate->setTotal(count($records));

		if (!empty($records))

    		return array_slice($records, $paginate->getCurrentIndex(), $paginate->getLimit());

	} elseif (isset($records)) {

		return $records; 

	}

}



//add classifieds options

function addOption($option, $table)

{

	//check if empty if empty return no good

	if (empty($option))

		return false;



	//check if option already exists if it does return an error

	$sql = "SELECT COUNT(*) as NUMBER FROM $table WHERE $table = '" . $option ."' ";

	$res = mysql_query($sql);

	$num = mysql_result($res,0,"NUMBER");

	if ($num > 0) {

		return 1;

	//if the option is not empty and does not exist then add it

	} else {

		$sql = "INSERT INTO $table ($table) VALUES ('" . $option . "')"; 

		$res = mysql_query($sql);

		return 99;

	}

}



//get search list data for search page

function getSearchList($table)

{

	$sql = "SELECT DISTINCT $table FROM listings ORDER by $table"; 

	$res = mysql_query($sql);

	

	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		 $searchlist[$c]["$table"] = $a_row["$table"];

	$c++;

    }

	return $searchlist;

}



//Get option information lists

function getStatesList()

{

	$sql = "SELECT * FROM states ORDER by state_name"; 

	$res = mysql_query($sql);

	

	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		 $stateslist[$c]["state_prefix"] = $a_row["state_prefix"];

		 $stateslist[$c]["state_name"] = $a_row["state_name"];

	$c++;

    }

	return $stateslist;

}



function getManufacturersList()

{

	$sql = "SELECT * FROM manufacturer ORDER by manufacturer"; 

	$res = mysql_query($sql);

	

	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		 $manufacturerslist[$c]["id"] = $a_row["id"];

		 $manufacturerslist[$c]["manufacturer"] = $a_row["manufacturer"];

	$c++;

    }

	return $manufacturerslist;

}



function getFeaturesList()

{

	$sql = "SELECT * FROM features ORDER by features"; 

	$res = mysql_query($sql);

	

	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		 $featurelist[$c]["id"] = $a_row["id"];

		 $featurelist[$c]["features"] = $a_row["features"];

		 $featurelist[$c]["lists_default"] = $a_row["lists_default"];

	$c++;

    }

	return $featurelist;

}



function getDriveTrainsList()

{

	$sql = "SELECT * FROM drive_train ORDER by drive_train"; 

	$res = mysql_query($sql);

	

	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		 $drivetrainlist[$c]["id"] = $a_row["id"];

		 $drivetrainlist[$c]["drive_train"] = $a_row["drive_train"];

	$c++;

    }

	return $drivetrainlist;

}



function getTypesList()

{

	$sql = "SELECT * FROM vehicle_type ORDER by vehicle_type"; 

	$res = mysql_query($sql);

	

	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		 $typeslist[$c]["id"] = $a_row["id"];

		 $typeslist[$c]["vehicle_type"] = $a_row["vehicle_type"];

	$c++;

    }

	return $typeslist;

}



function getSingleOption($table, $id)

{

	$sql = "SELECT * FROM $table WHERE id = " . $id . ""; 

	$res = mysql_query($sql);

	$row = mysql_fetch_row($res);

	if (isset($row)) 

		return $row;

	return false;

}



function updateSingleOption($table, $data, $id, $lists_default)

{

	//check if var for default list is set

	if (isset($lists_default)) {

		$sql = "UPDATE $table SET lists_default = '" . $lists_default . "', $table = '" . $data . "' WHERE id = " . $id . "";		

		$res = mysql_query($sql);

		return 99;

	//otherwise update without it

	} else {

		$sql = "UPDATE $table SET $table = '" . $data . "' WHERE id = " . $id . "";		

		$res = mysql_query($sql);

		return 99;

	}

}



function deleteOption($table, $id)

{

		$sql = "DELETE FROM $table WHERE id = " . $id . "";		

		$res = mysql_query($sql);

		return 99;

}



function getSellers()

{

	$sql = "SELECT * FROM users WHERE user_level = 2"; 

	$res = mysql_query($sql);



	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		$records[$c]["id"] = $a_row["id"];

		$records[$c]["user"] = $a_row["user"];

	$c++;

    }

	return $records;

}



function updateListing($id, $ad_title, $make, $model, $vehicle_type, $doors, $color, $mileage, $year, $listing_condition, $engine, $trans, $drive_train, $mpg, $fuel_type, $price, $adddesc, $features, $vin, $stock, $state, $zip, $sold, $sellerid, $seller)

{

	if (empty($model))

		return false;

   

	if (strpos($adddesc, "&") !== false) {

    	return false;

	} elseif (strlen(strip_tags($adddesc)) < strlen($adddesc)) {

    	return false;

	}

   

	if (!empty($model)) {

		$sql = "UPDATE listings SET ad_title = '" . $ad_title . "', make = '" . $make . "', model = '" . $model . "', vehicle_type = '" . $vehicle_type . "', doors = '" . $doors . "', color = '" . $color . "', mileage = '" . $mileage . "', year = '" . $year . "', listing_condition = '" . $listing_condition . "', engine = '" . $engine . "', trans = '" . $trans . "', drive_train = '" . $drive_train . "', mpg = '" . $mpg . "', fuel_type = '" . $fuel_type . "', price = '" . $price . "', adddesc = '" . $adddesc . "', features = '" . $features . "', vin = '" . $vin . "', stock = '" . $stock . "', state = '" . $state . "', zip = '" . $zip . "', sold = '" . $sold . "', sellerid = '" . $sellerid . "', seller = '" . $seller . "' WHERE id = " . $id . "";

		$res = mysql_query($sql);// or die(mysql_error());

		return 99;

	}

	return false;

}



function addListing($ad_title, $make, $model, $vehicle_type, $doors, $color, $mileage, $year, $listing_condition, $engine, $trans, $drive_train, $mpg, $fuel_type, $price, $adddesc, $features, $vin, $stock, $state, $zip, $sellerid, $seller)

{

	if (empty($model))

		return false;



	if (strpos($adddesc, "&") !== false) {

    	return false;

	} elseif (strlen(strip_tags($adddesc)) < strlen($adddesc)) {

    	return false;

	}



	$added_on = date('Y-m-d h:i');

 

	if (!empty($model)) {

		$sql = "INSERT INTO listings (ad_title, make, model, vehicle_type, doors, color, mileage, year, listing_condition, engine, trans, drive_train, mpg, fuel_type, price, adddesc, features, vin, stock, state, zip, sellerid, seller, added_on) VALUES ('" . $ad_title . "', '" . $make . "', '" . $model . "', '" . $vehicle_type . "', '" . $doors . "', '" . $color . "', '" . $mileage . "', '" . $year . "', '" . $listing_condition . "', '" . $engine . "', '" . $trans . "', '" . $drive_train . "', '" . $mpg . "', '" . $fuel_type . "', '" . $price . "', '" . $adddesc . "', '" . $features . "', '" . $vin . "', '" . $stock . "', '" . $state . "', '" . $zip . "', '" . $sellerid . "', '" . $seller . "', '" . $added_on . "')";

		$res = mysql_query($sql);// or die(mysql_error());

		return 99;

	}

	return false;

}



function getAllSellers()

{

	$sql = "SELECT user,id,first_name,last_name FROM users WHERE user_level = 2";

	$res = mysql_query($sql);



	$c=0;

	while ($a_row = mysql_fetch_array($res)) {

		$records[$c]["id"] = $a_row["id"];

		$records[$c]["user"] = $a_row["user"];

		$records[$c]["first_name"] = $a_row["first_name"];

		$records[$c]["last_name"] = $a_row["last_name"];

	$c++;

    }

	return $records;

}



function getSellerId($user)

{

	$sql = "SELECT id FROM users WHERE user = '" . $user . "' AND user_level = 2 LIMIT 1";

	$res = mysql_query($sql);

	

	if (!empty($res)) {

		$id = mysql_result($res,0,"id");

		return $id;

	} else {

		return false;

	}

}



function getSellerEmail($seller)

{

	$sql = "SELECT email FROM users WHERE id = " . $seller . " AND user_level = 2 LIMIT 1";

	$res = mysql_query($sql);

	

	if (!empty($res)) {

		$email = mysql_result($res,0,"email");

		return $email;

	} else {

		return false;

	}

}



function getUserId($user)

{

	$sql = "SELECT id FROM users WHERE user = '" . $user . "' LIMIT 1";

	$res = mysql_query($sql);

	

	if (!empty($res)) {

		$id = mysql_result($res,0,"id");

		return $id;

	} else {

		return false;

	}

}



?>