Menu
▾
▴
[mxbb-commits] mx_phpCA/includes ads_comment.php, NONE, 1.1 ads_comment_delete.php, NONE, 1.1 ads_comment_edit.php, NONE, 1.1 ads_comment_temp.php, NONE, 1.1 ads_create.php, NONE, 1.1 ads_images.php, NONE, 1.1 ads_item.php, NONE, 1.1 ads_item_block.php, NONE, 1.1 ads_item_delete.php, NONE, 1.1 ads_item_edit.php, NONE, 1.1 ads_item_renewal.php, NONE, 1.1 ads_item_status.php, NONE, 1.1 ads_popup.php, NONE, 1.1 ads_prices.php, NONE, 1.1 ads_rss2.php, NONE, 1.1 ads_search.php, NONE, 1.1 index.html, NONE, 1.1
Update of /cvsroot/mxbb/mx_phpCA/includes In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv3371/includes Added Files: ads_comment.php ads_comment_delete.php ads_comment_edit.php ads_comment_temp.php ads_create.php ads_images.php ads_item.php ads_item_block.php ads_item_delete.php ads_item_edit.php ads_item_renewal.php ads_item_status.php ads_popup.php ads_prices.php ads_rss2.php ads_search.php index.html Log Message: --- NEW FILE: ads_comment_edit.php --- <? /*************************************************************************** * ads_comment_edit.php * ------------------- * begin : Wednesday, Feb 15, 2006 * copyright : (C) 2006 Peter Mansion * email : su...@ph... * * $Id: ads_comment_edit.php,v 1.1 2007/06/06 22:24:41 orynider Exp $ * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // MX if ( !defined('IN_PORTAL') ) { die("Hacking attempt"); } // // Let's include some stuff... // $phpEx = substr(strrchr(__FILE__, '.'), 1); if ( !defined('TEMPLATE_ROOT_PATH') ) { include_once($mx_root_path . 'common.' . $phpEx); // // Start session management // $mx_user->init($user_ip, PAGE_INDEX); // // End session management // } $ads_root_path = $module_root_path . 'ads_mod/'; // // Get general music information // if ( !$is_block ) { include($ads_root_path . 'ads_common.'.$phpEx); } else { include_once($ads_root_path . 'ads_common.'.$phpEx); } // ------------------------------------ // Check feature enabled // ------------------------------------ if ( $ads_config['comment'] == 0 ) { mx_message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); } // ------------------------------------ // Check the request // ------------------------------------ if ( isset($HTTP_GET_VARS['comment_id']) ) { $comment_id = intval($HTTP_GET_VARS['comment_id']); } else if ( isset($HTTP_POST_VARS['comment_id']) ) { $comment_id = intval($HTTP_POST_VARS['comment_id']); } else { mx_message_die(GENERAL_ERROR, $lang['no_comment_id_specified']); } // ------------------------------------ // Get the comment info // ------------------------------------ $sql = "SELECT * FROM ". ADS_COMMENTS_TABLE ." WHERE comment_id = '$comment_id'"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query comment and ad information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['comment_does_not_exist']); } $ad_id = $row['comment_ad_id']; $comment_user_id = $row['comment_user_id']; $comment_text = $row['comment_text']; // ------------------------------------ // Get the number of comments // ------------------------------------ $sql = "SELECT COUNT(comment_id) AS comments_count FROM ". ADS_COMMENTS_TABLE ." WHERE comment_ad_id = $ad_id GROUP BY comment_ad_id LIMIT 0,1"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query comment information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { $total_comments = 0; } else { $total_comments = $row['comments_count']; } // ------------------------------------ // Read the adverts table // ------------------------------------ $sql = "SELECT * FROM ". ADS_ADVERTS_TABLE ." WHERE id = $ad_id"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query ad information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['advert_does_not_exist']); } $category = $row['category']; $sub_category = $row['sub_category']; $user_id = $row['user_id']; $username = $row['username']; $title = $row['title']; $short_desc = $row['short_desc']; $time = $row['time']; $views = $row['views']; if ( !empty($user_id) ) { // ------------------------------------ // Read the users table // ------------------------------------ $sql = "SELECT user_id, username FROM ". USERS_TABLE ." WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query users information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['user_does_not_exist']); } $username = $row['username']; } // ------------------------------------ // Read the images table // ------------------------------------ $sql = "SELECT * FROM ". ADS_IMAGES_TABLE ." WHERE id = $ad_id AND img_deleted_ind = 0 LIMIT 0,1"; $result = $db->sql_query($sql); if ( $db->sql_numrows($result) > 0 ) { while ($row = $db->sql_fetchrow($result)) { $img_url = ADS_IMAGES_PATH ."ad".$ad_id."_img".$row["img_seq_no"]."_thumb.jpg"; } } else { $img_url = $mx_images['noimage']; } // ------------------------------------ // Read the categories table // ------------------------------------ $sql = "SELECT * FROM ". ADS_CATEGORIES_TABLE ." WHERE cat_category = '".addslashes($category)."' AND cat_sub_category = '".addslashes($sub_category)."'"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query category information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['category_does_not_exist']); } $cat_edit_level = $row['cat_edit_level']; // ------------------------------------ // Check the permissions // ------------------------------------ // Check the permissions if ( edit_allowed($comment_user_id, $cat_edit_level) == FALSE ) { if ( !$userdata['session_logged_in'] ) { mx_redirect(append_sid($mx_root_path . "login.$phpEx?redirect=" . this_ads_loginurl("ads_mode=ads_comment_edit&id=$id"))); } else { mx_message_die(GENERAL_ERROR, $lang['Not_Authorised']); } } // ------------------------------------ // Misc // ------------------------------------ $comments_per_page = $board_config['posts_per_page']; /* +---------------------------------------------------------- | Main work here... +---------------------------------------------------------- */ if ( !isset($HTTP_POST_VARS['comment']) ) { /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comments Screen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ if ( ($user_id == ADS_GUEST) or ($username == '') ) { $poster = ($username == '') ? $lang['Guest'] : $username; } else { $poster = '<a href="'. append_sid($phpbb_root_path . "profile.$phpEx?mode=viewprofile&". POST_USERS_URL .'='. $user_id) .'">'. $username .'</a>'; } // // Start output of page // $page_title = $lang['comments']; if ( !is_object($mx_block)) { include($mx_root_path . 'includes/page_header.'.$phpEx); } $template->set_filenames(array( 'body' => 'ads_comment_body.tpl')); $template->assign_block_vars('switch_comment_post', array()); $template->assign_vars(array( 'U_THUMBNAIL' => append_sid("$img_url"), 'L_TITLE' => $lang['title'], 'L_SHORT_DESC' => $lang['short_desc'], 'L_POSTER' => $lang['poster'], 'L_ADVERTISER' => $lang['advertiser'], 'L_DATE_ADDED' => $lang['date_added'], 'L_VIEWS' => $lang['views'], 'L_COMMENTS' => $lang['comments'], 'L_POST_YOUR_COMMENT' => $lang['Post_your_comment'], 'L_MESSAGE' => $lang['Message'], 'L_USERNAME' => $lang['Username'], 'L_COMMENT_NO_TEXT' => $lang['comment_no_text'], 'L_COMMENT_TOO_LONG' => $lang['comment_too_long'], 'L_MAX_LENGTH' => $lang['max_length'], 'U_ITEM' => append_sid(this_ads_mxurl("ads_mode=ads_item&id=$ad_id")), 'SITE_NAME' => $board_config['sitename'], 'TITLE' => $title, 'SHORT_DESC' => nl2br($short_desc), 'POSTER' => $poster, 'DATE_ADDED' => date($lang['DATE_FORMAT'],$time), 'VIEWS' => $views, 'TOTAL_COMMENTS' => $total_comments, 'S_MESSAGE' => $comment_text, 'S_MAX_LENGTH' => 512, 'L_SUBMIT' => $lang['Submit'], 'S_ADS_ACTION' => append_sid(this_ads_mxurl("ads_mode=ads_comment_edit&comment_id=$comment_id")))); // // Generate the page // $template->pparse('body'); if ( !is_object($mx_block)) { include($mx_root_path . 'includes/page_tail.'.$phpEx); } } else { /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comment Submited ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ $comment_text = str_replace("\'", "''", htmlspecialchars(substr(trim($HTTP_POST_VARS['comment']), 0, 512))); if ( empty($comment_text) ) { mx_message_die(GENERAL_ERROR, $lang['comment_no_text']); } // -------------------------------- // Prepare variables // -------------------------------- $comment_edit_time = time(); $comment_edit_user_id = $userdata['user_id']; // -------------------------------- // Update the DB // -------------------------------- $sql = "UPDATE ". ADS_COMMENTS_TABLE ." SET comment_text = '$comment_text', comment_edit_time = '$comment_edit_time', comment_edit_count = comment_edit_count + 1, comment_edit_user_id = '$comment_edit_user_id' WHERE comment_id = '$comment_id'"; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not update comment data', '', __LINE__, __FILE__, $sql); } // -------------------------------- // Complete... now send a message to user // -------------------------------- $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid(this_ads_mxurl("ads_mode=ads_comment&comment_id=$comment_id")) . '#'.$comment_id.'">') ); $message = $lang['Stored'] . "<br /><br />" . sprintf($lang['Click_view_message'], "<a href=\"" . append_sid(this_ads_mxurl("ads_mode=ads_comment&comment_id=$comment_id")) . "#$comment_id\">", "</a>") . "<br /><br />" . sprintf($lang['click_return_ads_index'], "<a href=\"" . append_sid(this_ads_mxurl()) . "\">", "</a>"); mx_message_die(GENERAL_MESSAGE, $message); } ?> --- NEW FILE: index.html --- <html> <head> <title>Mx phpCA - Classified Ads Module</title> </head> <body> <br /><br /><br /><br /><br /><br /><br /> <center><h1><a href="http://mxbb.net/">mxBB-Portal</a></h1></center> </body> --- NEW FILE: ads_comment.php --- <? /*************************************************************************** * ads_comment.php * ------------------- * begin : Wednesday, Feb 15, 2006 * copyright : (C) 2006 Peter Mansion * email : su...@ph... * * $Id: ads_comment.php,v 1.1 2007/06/06 22:24:39 orynider Exp $ * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // MX if ( !defined('IN_PORTAL') ) { die("Hacking attempt"); } // // Let's include some stuff... // $phpEx = substr(strrchr(__FILE__, '.'), 1); if ( !defined('TEMPLATE_ROOT_PATH') ) { include_once($mx_root_path . 'common.' . $phpEx); // // Start session management // $mx_user->init($user_ip, PAGE_INDEX); // // End session management // } $ads_root_path = $module_root_path . 'ads_mod/'; // // Get general music information // if ( !$is_block ) { include($ads_root_path. 'ads_common.'.$phpEx); } else { include_once($ads_root_path . 'ads_common.'.$phpEx); } // ------------------------------------ // Check feature enabled // ------------------------------------ if ( $ads_config['comment'] == 0 ) { mx_message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); } // ------------------------------------ // Check the request // ------------------------------------ if ( isset($HTTP_GET_VARS['ad_id']) ) { $ad_id = intval($HTTP_GET_VARS['ad_id']); } else if ( isset($HTTP_POST_VARS['ad_id']) ) { $ad_id = intval($HTTP_POST_VARS['ad_id']); } else { if ( isset($HTTP_GET_VARS['comment_id']) ) { $comment_id = intval($HTTP_GET_VARS['comment_id']); } else if ( isset($HTTP_POST_VARS['comment_id']) ) { $comment_id = intval($HTTP_POST_VARS['comment_id']); } else { mx_message_die(GENERAL_ERROR, $lang['bad_request']); } } // ------------------------------------ // Get ad_id from $comment_id // ------------------------------------ if ( isset($comment_id) ) { $sql = "SELECT comment_id, comment_ad_id FROM ". ADS_COMMENTS_TABLE ." WHERE comment_id = $comment_id"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query comment and ad information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['comment_does_not_exist']); } $ad_id = $row['comment_ad_id']; } // ------------------------------------ // Count the comments // ------------------------------------ $sql = "SELECT COUNT(comment_id) AS comments_count FROM ". ADS_COMMENTS_TABLE ." WHERE comment_ad_id = $ad_id GROUP BY comment_ad_id LIMIT 0,1"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); if ( empty($row) ) { $total_comments = 0; } else { $total_comments = $row['comments_count']; } // ------------------------------------ // Read the adverts table // ------------------------------------ $sql = "SELECT * FROM ". ADS_ADVERTS_TABLE ." WHERE id = $ad_id"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query ad information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['advert_does_not_exist']); } $category = $row['category']; $sub_category = $row['sub_category']; $user_id = $row['user_id']; $username = $row['username']; $title = $row['title']; $short_desc = $row['short_desc']; $time = $row['time']; $views = $row['views']; if ( !empty($user_id) ) { // ------------------------------------ // Read the users table // ------------------------------------ $sql = "SELECT user_id, username FROM ". USERS_TABLE ." WHERE user_id = $user_id"; if( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query users information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['user_does_not_exist']); } $username = $row['username']; } // ------------------------------------ // Read the images table // ------------------------------------ $sql = "SELECT * FROM ". ADS_IMAGES_TABLE ." WHERE id = $ad_id AND img_deleted_ind = 0 LIMIT 0,1"; $result = $db->sql_query($sql); if ( $db->sql_numrows($result) > 0 ) { while ($row = $db->sql_fetchrow($result)) { $img_url = ADS_IMAGES_PATH ."ad".$ad_id."_img".$row["img_seq_no"]."_thumb.jpg"; } } else { $img_url = $mx_images['noimage']; } // ------------------------------------ // Read the categories table // ------------------------------------ $sql = "SELECT * FROM ". ADS_CATEGORIES_TABLE ." WHERE cat_category = '".addslashes($category)."' AND cat_sub_category = '".addslashes($sub_category)."'"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query category information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['category_does_not_exist']); } $cat_comment_level = $row['cat_comment_level']; $cat_edit_level = $row['cat_edit_level']; $cat_delete_level = $row['cat_delete_level']; // ------------------------------------ // Misc // ------------------------------------ $comments_per_page = $board_config['posts_per_page']; /* +---------------------------------------------------------- | Main work here... +---------------------------------------------------------- */ if ( !isset($HTTP_POST_VARS['comment']) ) { /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comments Screen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ // ------------------------------------ // Get the comments thread // Beware: when this script was called with comment_id (without start) // ------------------------------------ if ( !isset($comment_id) ) { if ( isset($HTTP_GET_VARS['start']) ) { $start = intval($HTTP_GET_VARS['start']); } else if ( isset($HTTP_POST_VARS['start']) ) { $start = intval($HTTP_POST_VARS['start']); } else { $start = 0; } } else { // We must do a query to co-ordinate this comment $sql = "SELECT COUNT(comment_id) AS count FROM ". ADS_COMMENTS_TABLE ." WHERE comment_ad_id = $ad_id AND comment_id < $comment_id"; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not obtain comments information from the database', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( !empty($row) ) { $start = floor( $row['count'] / $comments_per_page ) * $comments_per_page; } else { $start = 0; } } if ( isset($HTTP_GET_VARS['sort_order']) ) { switch ( $HTTP_GET_VARS['sort_order'] ) { case 'ASC': $sort_order = 'ASC'; break; default: $sort_order = 'DESC'; } } else if ( isset($HTTP_POST_VARS['sort_order']) ) { switch ($HTTP_POST_VARS['sort_order']) { case 'ASC': $sort_order = 'ASC'; break; default: $sort_order = 'DESC'; } } else { $sort_order = 'ASC'; } if ( $total_comments > 0 ) { $limit_sql = ($start == 0) ? $comments_per_page : $start .','. $comments_per_page; $sql = "SELECT c.*, u.user_id, u.username FROM ". ADS_COMMENTS_TABLE ." AS c LEFT JOIN ". USERS_TABLE ." AS u ON c.comment_user_id = u.user_id WHERE c.comment_ad_id = $ad_id ORDER BY c.comment_id $sort_order LIMIT $limit_sql"; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not obtain comments information from the database', '', __LINE__, __FILE__, $sql); } $commentrow = array(); while ($row = $db->sql_fetchrow($result)) { $commentrow[] = $row; } for ($i = 0; $i < count($commentrow); $i++) { if ( ($commentrow[$i]['user_id'] == ADS_GUEST) or ($commentrow[$i]['username'] == '') ) { $poster = ($commentrow[$i]['comment_username'] == '') ? $lang['Guest'] : $commentrow[$i]['comment_username']; } else { $poster = '<a href="'. append_sid($phpbb_root_path . "profile.$phpEx?mode=viewprofile&". POST_USERS_URL .'='. $commentrow[$i]['user_id']) .'">'. $commentrow[$i]['username'] .'</a>'; } if ( $commentrow[$i]['comment_edit_count'] > 0 ) { $sql = "SELECT c.comment_id, c.comment_edit_user_id, u.user_id, u.username FROM ". ADS_COMMENTS_TABLE ." AS c LEFT JOIN ". USERS_TABLE ." AS u ON c.comment_edit_user_id = u.user_id WHERE c.comment_id = '".$commentrow[$i]['comment_id']."' LIMIT 0,1"; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not obtain last edit information from the database', '', __LINE__, __FILE__, $sql); } $lastedit_row = $db->sql_fetchrow($result); $edit_info = ($commentrow[$i]['comment_edit_count'] == 1) ? $lang['Edited_time_total'] : $lang['Edited_times_total']; $edit_info = '<br /><br />» '. sprintf($edit_info, $lastedit_row['username'], create_date($board_config['default_dateformat'], $commentrow[$i]['comment_edit_time'], $board_config['board_timezone']), $commentrow[$i]['comment_edit_count']) .'<br />'; } else { $edit_info = ''; } $template->assign_block_vars('commentrow', array( 'ID' => $commentrow[$i]['comment_id'], 'POSTER' => $poster, 'TIME' => create_date($board_config['default_dateformat'], $commentrow[$i]['comment_time'], $board_config['board_timezone']), 'IP' => ($userdata['user_level'] == ADMIN) ? '-----------------------------------<br />' . $lang['IP_Address'] . ': <a href="http://network-tools.com/default.asp?host=' . decode_ip($commentrow[$i]['comment_user_ip']) . '" target="_blank">' . decode_ip($commentrow[$i]['comment_user_ip']) .'</a><br />' : '', 'TEXT' => nl2br($commentrow[$i]['comment_text']), 'EDIT_INFO' => $edit_info, 'EDIT' => ( edit_allowed($commentrow[$i]['comment_user_id'], $cat_edit_level) == TRUE ) ? '<a href="'. append_sid(this_ads_mxurl("ads_mode=ads_comment_edit&comment_id=". $commentrow[$i]['comment_id'])) .'">'. $lang['edit'] .'</a>' : '', 'DELETE' => ( delete_allowed($commentrow[$i]['comment_user_id'], $cat_delete_level) == TRUE ) ? '<a href="'. append_sid(this_ads_mxurl("ads_mode=ads_comment_delete&comment_id=". $commentrow[$i]['comment_id'])) .'">'. $lang['delete'] .'</a>' : '')); } $template->assign_block_vars('switch_comment', array()); $template->assign_vars(array( 'PAGINATION' => generate_pagination(append_sid(this_ads_mxurl("ads_mode=ads_comment&ad_id=$ad_id&sort_order=$sort_order")), $total_comments, $comments_per_page, $start), 'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $comments_per_page ) + 1 ), ceil( $total_comments / $comments_per_page )) ) ); } // // Start output of page // $page_title = $lang['comments']; if ( !is_object($mx_block)) { include($mx_root_path . 'includes/page_header.'.$phpEx); } $template->set_filenames(array( 'body' => 'ads_comment_body.tpl')); if ( $user_id == ADS_GUEST or $username == '' ) { $poster = ($username == '') ? $lang['Guest'] : $username; } else { $poster = '<a href="'. append_sid($phpbb_root_path . "profile.$phpEx?mode=viewprofile&". POST_USERS_URL .'='. $user_id) .'">'. $username .'</a>'; } //--------------------------------- // Comment Posting Form //--------------------------------- if ( comment_allowed($cat_comment_level) == TRUE ) { $template->assign_block_vars('switch_comment_post', array()); if ( !$userdata['session_logged_in'] ) { $template->assign_block_vars('switch_comment_post.logout', array()); } } $template->assign_vars(array( 'U_ADS_INDEX' => append_sid(this_ads_mxurl()), 'U_THUMBNAIL' => append_sid("$img_url"), 'U_ITEM' => append_sid(this_ads_mxurl("ads_mode=ads_item&id=$ad_id")), 'L_ADS_INDEX' => $lang['ads_index'], 'L_TITLE' => $lang['title'], 'L_SHORT_DESC' => $lang['short_desc'], 'L_POSTER' => $lang['poster'], 'L_ADVERTISER' => $lang['advertiser'], 'L_DATE_ADDED' => $lang['date_added'], 'L_VIEWS' => $lang['views'], 'L_COMMENTS' => $lang['comments'], 'L_POST_YOUR_COMMENT' => $lang['post_your_comment'], 'L_MESSAGE' => $lang['Message'], 'L_USERNAME' => $lang['username'], 'L_COMMENT_NO_TEXT' => $lang['comment_no_text'], 'L_COMMENT_TOO_LONG' => $lang['comment_too_long'], 'L_MAX_LENGTH' => $lang['max_length'], 'SITE_NAME' => $board_config['sitename'], 'TITLE' => $title, 'SHORT_DESC' => nl2br($short_desc), 'POSTER' => $poster, 'DATE_ADDED' => date($lang['DATE_FORMAT'],$time), 'VIEWS' => $views, 'TOTAL_COMMENTS' => $total_comments, 'S_MAX_LENGTH' => 512, 'L_ORDER' => $lang['Order'], 'L_SORT' => $lang['Sort'], 'L_ASC' => $lang['Sort_Ascending'], 'L_DESC' => $lang['Sort_Descending'], 'SORT_ASC' => ($sort_order == 'ASC') ? 'selected="selected"' : '', 'SORT_DESC' => ($sort_order == 'DESC') ? 'selected="selected"' : '', 'L_SUBMIT' => $lang['Submit'], 'S_ADS_ACTION' => append_sid(this_ads_mxurl("ads_mode=ads_comment&ad_id=$ad_id")) ) ); // // Generate the page // $template->pparse('body'); if ( !is_object($mx_block)) { include($mx_root_path . 'includes/page_tail.'.$phpEx); } } else { /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comment Submited ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ // ------------------------------------ // Check the permissions: COMMENT // ------------------------------------ // Check the permissions if ( comment_allowed($cat_comment_level) == FALSE ) { mx_message_die(GENERAL_ERROR, $lang['Not_Authorised']); } $comment_text = str_replace("\'", "''", htmlspecialchars(substr(trim($HTTP_POST_VARS['comment']), 0, 512))); $comment_username = (!$userdata['session_logged_in']) ? str_replace("\'", "''", substr(htmlspecialchars(trim($HTTP_POST_VARS['comment_username'])), 0, 32)) : str_replace("\'", "''", htmlspecialchars(trim($userdata['username']))); if ( empty($comment_text) ) { mx_message_die(GENERAL_ERROR, $lang['comment_no_text']); } // -------------------------------- // Check username for guest posting // -------------------------------- if ( !$userdata['session_logged_in'] ) { if ( $comment_username != '' ) { $result = validate_username($comment_username); if ( $result['error'] ) { mx_message_die(GENERAL_MESSAGE, $result['error_msg']); } } } // -------------------------------- // Prepare variables // -------------------------------- $comment_time = time(); $comment_user_id = $userdata['user_id']; $comment_user_ip = $userdata['session_ip']; // -------------------------------- // Get $comment_id // -------------------------------- $sql = "SELECT MAX(comment_id) AS max FROM ". ADS_COMMENTS_TABLE; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not find comment_id', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); $comment_id = $row['max'] + 1; // -------------------------------- // Insert into DB // -------------------------------- $sql = "INSERT INTO ". ADS_COMMENTS_TABLE ." (comment_id, comment_ad_id, comment_user_id, comment_username, comment_user_ip, comment_time, comment_text) VALUES ('$comment_id', '$ad_id', '$comment_user_id', '$comment_username', '$comment_user_ip', '$comment_time', '$comment_text')"; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not insert new comment', '', __LINE__, __FILE__, $sql); } // -------------------------------- // Complete... now send a message to user // -------------------------------- $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid(this_ads_mxurl("ads_mode=ads_comment&comment_id=$comment_id")) . '#'.$comment_id.'">')); $message = $lang['Stored'] . "<br /><br />" . sprintf($lang['Click_view_message'], "<a href=\"" . append_sid(this_ads_mxurl("ads_mode=ads_comment&comment_id=$comment_id")) . "#$comment_id\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_ads_index'], "<a href=\"" . append_sid(this_ads_mxurl()) . "\">", "</a>"); mx_message_die(GENERAL_MESSAGE, $message); } ?> --- NEW FILE: ads_item_block.php --- <? /** * * @package mxBB Portal Module - mx_phpCA * @version $Id: ads_item_block.php,v 1.1 2007/06/06 22:24:43 orynider Exp $ * @copyright (c) 2006 [su...@ph..., Peter Mansion] mxBB Development Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * */ // // ERROR HANDLING // //error_reporting( E_ALL ); if( !defined('IN_PORTAL') || !is_object($mx_block)) { define('IN_PORTAL', true); $mx_root_path = '../../'; // // Let's include some stuff... // $phpEx = substr(strrchr(__FILE__, '.'), 1); include_once($mx_root_path . 'common.' . $phpEx); // // Start session management // $mx_user->init($user_ip, PAGE_INDEX); // // End session management // $block_id = ( !empty($HTTP_GET_VARS['block_id']) ) ? $HTTP_GET_VARS['block_id'] : $HTTP_POST_VARS['id']; if( empty($block_id) ) { $sql = "SELECT * FROM " . BLOCK_TABLE . " WHERE block_title = 'phpCA Ads' LIMIT 1"; if(!$result = $db->sql_query($sql)) { mx_message_die(GENERAL_ERROR, "Could not query phpCA Ads module block information", "", __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); $block_id = $row['block_id']; } $is_block = FALSE; global $images, $mx_images, $postrow; } else { // // Read block Configuration // $title = $mx_block->block_info['block_title']; $block_size = ( isset($block_size) && !empty($block_size) ? $block_size : '100%' ); if( is_object($mx_block)) { $is_block = TRUE; } global $images, $mx_images, $postrow; } $ads_root_path = $module_root_path . 'ads_mod/'; include($ads_root_path . 'ads_common.'.$phpEx); // //mode // if ( isset($HTTP_POST_VARS['ads_mode']) || isset($HTTP_GET_VARS['ads_mode']) ) { $mode= ( isset($HTTP_POST_VARS['ads_mode']) ) ? $HTTP_POST_VARS['ads_mode'] : $HTTP_GET_VARS['ads_mode']; } else { $mode= 'ads_index'; } if ( $mode == 'ads_images' ) { include($module_root_path. 'includes/ads_images.'.$phpEx); } else if ( $mode == 'ads_item' ) { include($module_root_path. 'includes/ads_item.'.$phpEx); } else if ( $mode == 'ads_prices' ) { include($module_root_path. 'includes/ads_prices.'.$phpEx); } else if ( $mode == 'ads_rss2' ) { include($module_root_path. 'includes/ads_rss2.'.$phpEx); } else if( !is_object($mx_block)) { die("Hacking attempt"); } else if ( $mode == 'ads_index' ) { // Check the permissions if ( view_allowed($ads_config['view_level']) == FALSE ) { if ( !$userdata['session_logged_in'] ) { mx_redirect(append_sid($mx_root_path . "login.php?redirect=" . this_mo_loginurl(), true)); } else { mx_message_die(GENERAL_ERROR, $lang['Not_Authorised']); } } // Sanitize input data if ( isset($HTTP_GET_VARS['category']) ) { $inp_category = htmlspecialchars($HTTP_GET_VARS['category']); } else { $inp_category = ''; } if ( isset($HTTP_GET_VARS['sub_category']) ) { $inp_sub_category = htmlspecialchars($HTTP_GET_VARS['sub_category']); } else { $inp_sub_category = ''; } // Extra sanitize for SQL variables $inp_category = str_replace("\'", "''", $inp_category); $inp_sub_category = str_replace("\'", "''", $inp_sub_category); $current_time = time(); $page_title = $lang['ads_index']; if ( !is_object($mx_block)) { include($mx_root_path . 'includes/page_header.'.$phpEx); } $template->set_filenames(array('ads_item_page' => 'ads_item_block.tpl')); // SQL for adverts table $sql = "SELECT category, sub_category, COUNT(sub_category) AS number FROM ". ADS_ADVERTS_TABLE ." WHERE expiry_date > $current_time GROUP BY category, sub_category"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $sub_category_ar[$row['category'].'_'.$row['sub_category']] = $row['number']; } $sql = 'SELECT * FROM '. ADS_CATEGORIES_TABLE .' ORDER BY cat_category, cat_sub_category ASC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $category = $row['cat_category']; $sub_category = $row['cat_sub_category']; // Encode the fields $u_category = urlencode(stripslashes(htmlspecialchars_decode_php4(str_replace("''", "\'", $category)))); $u_sub_category = urlencode(stripslashes(htmlspecialchars_decode_php4(str_replace("''", "\'", $sub_category)))); if ( !empty($category) ) { $category_url = append_sid(this_ads_portalurl("ads_mode=ads_index&category=$u_category")); $cat_img = $mx_images['forum']; $template->assign_block_vars('categoryrow', array( 'CAT_IMG' => $cat_img, 'CATEGORY' => "<b><a href='$category_url'>$category</a></b><br>" )); $save_category = $category; } $sub_category_temp = "<a href='".append_sid(this_ads_portalurl("ads_mode=ads_index&category=$u_category&sub_category=$u_sub_category"))."'>$sub_category</a>"; $sub_category_img = $mx_images['folder']; if ( !empty($sub_category_ar[$save_category.'_'.$sub_category]) ) { $sub_category_temp .= ' ('.$sub_category_ar[$save_category.'_'.$sub_category].')'; } $template->assign_block_vars('categoryrow', array( 'CAT_IMG' => $sub_category_img, 'CATEGORY' => $sub_category_temp )); } // Set the start page if( isset($_GET['start']) ) { $start = intval($_GET['start']); } else { $start = 0; } // Get the total number of ads if ( !empty($inp_category) && !empty($inp_sub_category) ) { $sql = "SELECT * FROM ". ADS_ADVERTS_TABLE ." WHERE expiry_date > $current_time AND category = '$inp_category' AND sub_category = '$inp_sub_category'"; } else if ( !empty($inp_category) ) { $sql = "SELECT * FROM ". ADS_ADVERTS_TABLE ." WHERE expiry_date > $current_time AND category = '$inp_category'";} else { $sql = "SELECT * FROM ". ADS_ADVERTS_TABLE ." WHERE expiry_date > $current_time"; } $result = $db->sql_query($sql); $ads_count = $db->sql_numrows($result); // Get the ads for this page if ( $inp_category and $inp_sub_category ) { $sql = "SELECT * FROM ". ADS_ADVERTS_TABLE ." WHERE category = '$inp_category' AND sub_category = '$inp_sub_category' AND expiry_date > $current_time ORDER BY premium_ad_ind DESC, id DESC LIMIT ".$start.", ".$ads_config['ads_per_page']; } else if ( $inp_category ) { $sql = "SELECT * FROM ". ADS_ADVERTS_TABLE ." WHERE category = '$inp_category' AND expiry_date > $current_time ORDER BY premium_ad_ind DESC, id DESC LIMIT ".$start.", ".$ads_config['ads_per_page']; } else { $sql = "SELECT * FROM ". ADS_ADVERTS_TABLE ." WHERE expiry_date > $current_time ORDER BY premium_ad_ind DESC, id DESC LIMIT ".$start.", ".$ads_config['ads_per_page']; } $result = $db->sql_query($sql); if ( $db->sql_numrows($result) > 0 ) { while ($row = $db->sql_fetchrow($result)) { $id = $row['id']; $user_id = $row['user_id']; $profiledata = get_userdata($user_id); if ( $user_id != ANONYMOUS ) { $profile = append_sid($phpbb_root_path . "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$user_id"); } else { $profile = ''; } if ( $row['status'] == 'sold' ) { $status = $lang['sold']; } elseif ( $row['status'] == 'expired' ) { $status = $lang['expired']; } elseif ( $row['status'] == 'active' ) { $status = $lang['active']; } if ( $row['ad_type_code'] == '4' ) { $premium_ad = '<b>['.$lang['premium_ad'].']</b><br>'; } else { $premium_ad = ''; } // Check to see if an image exists for this ad if ( $ads_config['images'] == 1 ) { $sql2 = "SELECT * FROM ". ADS_IMAGES_TABLE ." WHERE id = '$id' AND img_deleted_ind = 0 LIMIT 0,1"; $result2 = $db->sql_query($sql2); if ( $db->sql_numrows($result2) > 0 ) { while ($row2 = $db->sql_fetchrow($result2)) { $img_url = ADS_IMAGES_PATH ."ad".$id."_img".$row2["img_seq_no"]."_thumb.jpg"; } } else { $img_url = $mx_images['noimage']; } $template->assign_block_vars('imagerow', array( 'U_ADS_ITEM' => append_sid(this_ads_portalurl("ads_mode=ads_item&id=".$row['id'])), 'U_PROFILE' => $profile, 'USERNAME' => $profiledata['username'], 'TITLE' => $row['title'], 'SHORT_DESC' => $premium_ad.nl2br($row['short_desc']), 'DATE_ADDED' => date($lang['DATE_FORMAT'],$row['time']), 'STATUS' => $status, 'PRICE' => $row['price'], 'EBAY_ID' => $row['ebay_id'], 'VIEWS' => $row['views'], 'COMMENTS' => $total_comments, 'IMAGE' => $img_url)); } else { $template->assign_block_vars('noimagerow', array( 'U_ADS_ITEM' => append_sid(this_ads_portalurl("ads_mode=ads_item&id=".$row['id'])), 'U_PROFILE' => $profile, 'USERNAME' => $profiledata['username'], 'TITLE' => $premium_ad.$row['title'], 'SHORT_DESC' => nl2br($row['short_desc']), 'DATE_ADDED' => date($lang['DATE_FORMAT'],$row['time']), 'STATUS' => $status, 'PRICE' => $row['price'], 'EBAY_ID' => $row['ebay_id'], 'VIEWS' => $row['views'], 'COMMENTS' => $total_comments)); } } } else { $template->assign_block_vars('switch_no_items_found',array()); } if ( $ads_config['images'] == 1 ) { $template->assign_block_vars('switch_images_enabled',array()); } if ( $inp_category ) { $pointer= ' -> '; } else { $pointer= ''; } if ( $inp_sub_category ) { $pointer2 = ' -> '; } else { $pointer2 = ''; } if ( $ads_count == 0 ) { $ads_count = 1; } // Encode the fields $u_category = urlencode(stripslashes(htmlspecialchars_decode_php4(str_replace("''", "\'", $inp_category)))); $u_sub_category = urlencode(stripslashes(htmlspecialchars_decode_php4(str_replace("''", "\'", $inp_sub_category)))); $goto_string = generate_pagination(this_ads_portalurl("ads_mode=ads_index&category=" . $u_category . "&sub_category=" . $u_sub_category), $ads_count, $ads_config['ads_per_page'], $start); $page_string = sprintf($lang['Page_of'], ( floor( $start / $ads_config['ads_per_page'] ) + 1 ), ceil( $ads_count / $ads_config['ads_per_page'] )); $template->assign_vars(array( 'U_ADS_INDEX' => append_sid(this_ads_portalurl()), 'L_ADS_INDEX' => $lang['ads_index'], 'U_CREATE_AD' => append_sid(this_ads_portalurl("ads_mode=ads_create")), 'U_CATEGORY' => append_sid(this_ads_portalurl("ads_mode=ads_index&category=" . $u_category)), 'U_SUB_CATEGORY' => append_sid(this_ads_portalurl("ads_mode=ads_index&category=" . $u_category . "&sub_category=" . $u_sub_category)), 'U_RSS2' => append_sid($module_root_path . "adverts." . $phpEx . "?ads_mode=ads_rss2" . '&sid=' . $userdata['session_id']), 'IMG_RSS2' => $mx_images['ads_rss2'], 'L_CATEGORIES' => $lang['categories'], 'L_TITLE' => $lang['title'], 'L_SHORT_DESC' => $lang['short_desc'], 'L_DATE_ADDED' => $lang['date_added'], 'L_AD_STATUS' => $lang['ad_status'], 'L_PRICE' => $lang['price'], 'L_EBAY_ID' => $lang['ebay_id'], 'L_USERNAME' => $lang['username'], 'L_IMAGE' => $lang['image'], 'L_STATS' => $lang['stats'], 'L_VIEWS' => $lang['views'], 'L_COMMENTS' => $lang['comments'], 'L_NO_ITEMS_FOUND' => $lang['no_items_found'], 'SITE_NAME' => $board_config['sitename'], 'MSG_NEWAD' => $mx_images['msg_newad'], 'GOTO_STRING' => $goto_string, 'PAGE_STRING' => $page_string, 'POINTER' => $pointer, 'POINTER2' => $pointer2, 'CATEGORY' => stripslashes(str_replace("''", "\'", $inp_category)), 'SUB_CATEGORY' => stripslashes(str_replace("''", "\'", $inp_sub_category)))); $template->pparse('ads_item_page'); if ( !is_object($mx_block)) { include($mx_root_path . 'includes/page_tail.'.$phpEx); } // +-------------------------------------------------------------+ // | Powered by phpCA Classified Ads 0.5.6 (c) 2006 PeteMan | // +-------------------------------------------------------------+ } ?> --- NEW FILE: ads_popup.php --- <html> <head> <title><?= $HTTP_GET_VARS['title'] ?></title> <style> BODY {margin:0px;} </style> </head> <body onBlur="window.close()"><img src="<?= $HTTP_GET_VARS['z'] ?>" width="<?= $HTTP_GET_VARS['width'] ?>" height="<?= $HTTP_GET_VARS['height'] ?>" border="0" alt="<?= $HTTP_GET_VARS['title'] ?>" /></body></html> --- NEW FILE: ads_comment_temp.php --- <? /*************************************************************************** * ads_comment.php * ------------------- * begin : Wednesday, Feb 15, 2006 * copyright : (C) 2006 Peter Mansion * email : su...@ph... * * $Id: ads_comment_temp.php,v 1.1 2007/06/06 22:24:41 orynider Exp $ * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // MX if ( !defined('IN_PORTAL') ) { die("Hacking attempt"); } // // Let's include some stuff... // $phpEx = substr(strrchr(__FILE__, '.'), 1); if ( !defined('TEMPLATE_ROOT_PATH') ) { include_once($mx_root_path . 'common.' . $phpEx); // // Start session management // $mx_user->init($user_ip, PAGE_INDEX); // // End session management // } $ads_root_path = $module_root_path . 'ads_mod/'; // // Get general music information // if ( !$is_block ) { include($ads_root_path . 'ads_common.'.$phpEx); } else { include_once($ads_root_path . 'ads_common.'.$phpEx); } // ------------------------------------ // Check feature enabled // ------------------------------------ if ( $ads_config['comment'] == 0 ) { mx_message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); } // ------------------------------------ // Check the request // ------------------------------------ if ( isset($HTTP_GET_VARS['ad_id']) ) { $ad_id = intval($HTTP_GET_VARS['ad_id']); } else if ( isset($HTTP_POST_VARS['ad_id']) ) { $ad_id = intval($HTTP_POST_VARS['ad_id']); } else { if ( isset($HTTP_GET_VARS['comment_id']) ) { $comment_id = intval($HTTP_GET_VARS['comment_id']); } else if ( isset($HTTP_POST_VARS['comment_id']) ) { $comment_id = intval($HTTP_POST_VARS['comment_id']); } else { mx_message_die(GENERAL_ERROR, $lang['bad_request']); } } // ------------------------------------ // Get ad_id from $comment_id // ------------------------------------ if ( isset($comment_id) ) { $sql = "SELECT comment_id, comment_ad_id FROM ". ADS_COMMENTS_TABLE ." WHERE comment_id = $comment_id"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query comment and ad information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['comment_does_not_exist']); } $ad_id = $row['comment_ad_id']; } // ------------------------------------ // Count the comments // ------------------------------------ $sql = "SELECT COUNT(comment_id) AS comments_count FROM ". ADS_COMMENTS_TABLE ." WHERE comment_ad_id = $ad_id GROUP BY comment_ad_id LIMIT 0,1"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); if ( empty($row) ) { $total_comments = 0; } else { $total_comments = $row['comments_count']; } // ------------------------------------ // Read the adverts table // ------------------------------------ $sql = "SELECT * FROM ". ADS_ADVERTS_TABLE ." WHERE id = $ad_id"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query ad information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['advert_does_not_exist']); } $category = $row['category']; $sub_category = $row['sub_category']; $user_id = $row['user_id']; $username = $row['username']; $title = $row['title']; $short_desc = $row['short_desc']; $time = $row['time']; $views = $row['views']; if ( !empty($user_id) ) { // ------------------------------------ // Read the users table // ------------------------------------ $sql = "SELECT user_id, username FROM ". USERS_TABLE ." WHERE user_id = $user_id"; if( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query users information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['user_does_not_exist']); } $username = $row['username']; } // ------------------------------------ // Read the images table // ------------------------------------ $sql = "SELECT * FROM ". ADS_IMAGES_TABLE ." WHERE id = $ad_id AND img_deleted_ind = 0 LIMIT 0,1"; $result = $db->sql_query($sql); if ( $db->sql_numrows($result) > 0 ) { while ($row = $db->sql_fetchrow($result)) { $img_url = ADS_IMAGES_PATH ."ad".$ad_id."_img".$row["img_seq_no"]."_thumb.jpg"; } } else { $img_url = $mx_images['noimage']; } // ------------------------------------ // Read the categories table // ------------------------------------ $sql = "SELECT * FROM ". ADS_CATEGORIES_TABLE ." WHERE cat_category = '".addslashes($category)."' AND cat_sub_category = '".addslashes($sub_category)."'"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Could not query category information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( empty($row) ) { mx_message_die(GENERAL_ERROR, $lang['category_does_not_exist']); } $cat_comment_level = $row['cat_comment_level']; $cat_edit_level = $row['cat_edit_level']; $cat_delete_level = $row['cat_delete_level']; // ------------------------------------ // Misc // ------------------------------------ $comments_per_page = $board_config['posts_per_page']; /* +---------------------------------------------------------- | Main work here... +---------------------------------------------------------- */ if ( !isset($HTTP_POST_VARS['comment']) ) { /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comments Screen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ // ------------------------------------ // Get the comments thread // Beware: when this script was called with comment_id (without start) // ------------------------------------ if ( !isset($comment_id) ) { if ( isset($HTTP_GET_VARS['start']) ) { $start = intval($HTTP_GET_VARS['start']); } else if ( isset($HTTP_POST_VARS['start']) ) { $start = intval($HTTP_POST_VARS['start']); } else { $start = 0; } } else { // We must do a query to co-ordinate this comment $sql = "SELECT COUNT(comment_id) AS count FROM ". ADS_COMMENTS_TABLE ." WHERE comment_ad_id = $ad_id AND comment_id < $comment_id"; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not obtain comments information from the database', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( !empty($row) ) { $start = floor( $row['count'] / $comments_per_page ) * $comments_per_page; } else { $start = 0; } } if ( isset($HTTP_GET_VARS['sort_order']) ) { switch ( $HTTP_GET_VARS['sort_order'] ) { case 'ASC': $sort_order = 'ASC'; break; default: $sort_order = 'DESC'; } } else if ( isset($HTTP_POST_VARS['sort_order']) ) { switch ($HTTP_POST_VARS['sort_order']) { case 'ASC': $sort_order = 'ASC'; break; default: $sort_order = 'DESC'; } } else { $sort_order = 'ASC'; } if ( $total_comments > 0 ) { $limit_sql = ($start == 0) ? $comments_per_page : $start .','. $comments_per_page; $sql = "SELECT c.*, u.user_id, u.username FROM ". ADS_COMMENTS_TABLE ." AS c LEFT JOIN ". USERS_TABLE ." AS u ON c.comment_user_id = u.user_id WHERE c.comment_ad_id = $ad_id ORDER BY c.comment_id $sort_order LIMIT $limit_sql"; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not obtain comments information from the database', '', __LINE__, __FILE__, $sql); } $commentrow = array(); while ($row = $db->sql_fetchrow($result)) { $commentrow[] = $row; } for ($i = 0; $i < count($commentrow); $i++) { if ( ($commentrow[$i]['user_id'] == ADS_GUEST) or ($commentrow[$i]['username'] == '') ) { $poster = ($commentrow[$i]['comment_username'] == '') ? $lang['Guest'] : $commentrow[$i]['comment_username']; } else { $poster = '<a href="'. append_sid($phpbb_root_path . "profile.$phpEx?mode=viewprofile&". POST_USERS_URL .'='. $commentrow[$i]['user_id']) .'">'. $commentrow[$i]['username'] .'</a>'; } if ( $commentrow[$i]['comment_edit_count'] > 0 ) { $sql = "SELECT c.comment_id, c.comment_edit_user_id, u.user_id, u.username FROM ". ADS_COMMENTS_TABLE ." AS c LEFT JOIN ". USERS_TABLE ." AS u ON c.comment_edit_user_id = u.user_id WHERE c.comment_id = '".$commentrow[$i]['comment_id']."' LIMIT 0,1"; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not obtain last edit information from the database', '', __LINE__, __FILE__, $sql); } $lastedit_row = $db->sql_fetchrow($result); $edit_info = ($commentrow[$i]['comment_edit_count'] == 1) ? $lang['Edited_time_total'] : $lang['Edited_times_total']; $edit_info = '<br /><br />» '. sprintf($edit_info, $lastedit_row['username'], create_date($board_config['default_dateformat'], $commentrow[$i]['comment_edit_time'], $board_config['board_timezone']), $commentrow[$i]['comment_edit_count']) .'<br />'; } else { $edit_info = ''; } $template->assign_block_vars('commentrow', array( 'ID' => $commentrow[$i]['comment_id'], 'POSTER' => $poster, 'TIME' => create_date($board_config['default_dateformat'], $commentrow[$i]['comment_time'], $board_config['board_timezone']), 'IP' => ($userdata['user_level'] == ADMIN) ? '-----------------------------------<br />' . $lang['IP_Address'] . ': <a href="http://www.nic.com/cgi-bin/whois.cgi?query=' . decode_ip($commentrow[$i]['comment_user_ip']) . '" target="_blank">' . decode_ip($commentrow[$i]['comment_user_ip']) .'</a><br />' : '', 'TEXT' => nl2br($commentrow[$i]['comment_text']), 'EDIT_INFO' => $edit_info, 'EDIT' => ( edit_allowed($commentrow[$i]['comment_user_id'], $cat_edit_level) == TRUE ) ? '<a href="'. append_sid(this_ads_mxurl("ads_mode=ads_comment_edit&comment_id=". $commentrow[$i]['comment_id'])) .'">'. $lang['edit'] .'</a>' : '', 'DELETE' => ( delete_allowed($commentrow[$i]['comment_user_id'], $cat_delete_level) == TRUE ) ? '<a href="'. append_sid(this_ads_mxurl("ads_mode=ads_comment_delete&comment_id=". $commentrow[$i]['comment_id'])) .'">'. $lang['delete'] .'</a>' : '')); } $template->assign_block_vars('switch_comment', array()); $template->assign_vars(array( 'PAGINATION' => generate_pagination(append_sid(this_ads_mxurl("ads_mode=ads_comment&ad_id=$ad_id&sort_order=$sort_order")), $total_comments, $comments_per_page, $start), 'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $comments_per_page ) + 1 ), ceil( $total_comments / $comments_per_page )) ) ); } // // Start output of page // $page_title = $lang['comments']; if ( !is_object($mx_block)) { include($mx_root_path . 'includes/page_header.'.$phpEx); } $template->set_filenames(array( 'body' => 'ads_comment_body.tpl')); if ( $user_id == ADS_GUEST or $username == '' ) { $poster = ($username == '') ? $lang['Guest'] : $username; } else { $poster = '<a href="'. append_sid($phpbb_root_path . "profile.$phpEx?mode=viewprofile&". POST_USERS_URL .'='. $user_id) .'">'. $username .'</a>'; } //--------------------------------- // Comment Posting Form //--------------------------------- if ( comment_allowed($cat_comment_level) == TRUE ) { $template->assign_block_vars('switch_comment_post', array()); if ( !$userdata['session_logged_in'] ) { $template->assign_block_vars('switch_comment_post.logout', array()); } } $template->assign_vars(array( 'U_THUMBNAIL' => append_sid("$img_url"), 'U_ITEM' => append_sid(this_ads_mxurl("ads_mode=ads_item&id=$ad_id")), 'L_TITLE' => $lang['title'], 'L_SHORT_DESC' => $lang['short_desc'], 'L_POSTER' => $lang['poster'], 'L_ADVERTISER' => $lang['advertiser'], 'L_DATE_ADDED' => $lang['date_added'], 'L_VIEWS' => $lang['views'], 'L_COMMENTS' => $lang['comments'], 'L_POST_YOUR_COMMENT' => $lang['post_your_comment'], 'L_MESSAGE' => $lang['Message'], 'L_USERNAME' => $lang['username'], 'L_COMMENT_NO_TEXT' => $lang['comment_no_text'], 'L_COMMENT_TOO_LONG' => $lang['comment_too_long'], 'L_MAX_LENGTH' => $lang['max_length'], 'SITE_NAME' => $board_config['sitename'], 'TITLE' => $title, 'SHORT_DESC' => nl2br($short_desc), 'POSTER' => $poster, 'DATE_ADDED' => date($lang['DATE_FORMAT'],$time), 'VIEWS' => $views, 'TOTAL_COMMENTS' => $total_comments, 'S_MAX_LENGTH' => 512, 'L_ORDER' => $lang['Order'], 'L_SORT' => $lang['Sort'], 'L_ASC' => $lang['Sort_Ascending'], 'L_DESC' => $lang['Sort_Descending'], 'SORT_ASC' => ($sort_order == 'ASC') ? 'selected="selected"' : '', 'SORT_DESC' => ($sort_order == 'DESC') ? 'selected="selected"' : '', 'L_SUBMIT' => $lang['Submit'], 'S_ADS_ACTION' => append_sid(this_ads_mxurl("ads_mode=ads_comment&ad_id=$ad_id")) ) ); // // Generate the page // $template->pparse('body'); if ( !is_object($mx_block)) { include($mx_root_path . 'includes/page_tail.'.$phpEx); } } else { /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comment Submited ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ // ------------------------------------ // Check the permissions: COMMENT // ------------------------------------ // Check the permissions if ( comment_allowed($cat_comment_level) == FALSE ) { mx_message_die(GENERAL_ERROR, $lang['Not_Authorised']); } $comment_text = str_replace("\'", "''", htmlspecialchars(substr(trim($HTTP_POST_VARS['comment']), 0, 512))); $comment_username = (!$userdata['session_logged_in']) ? str_replace("\'", "''", substr(htmlspecialchars(trim($HTTP_POST_VARS['comment_username'])), 0, 32)) : str_replace("\'", "''", htmlspecialchars(trim($userdata['username']))); if ( empty($comment_text) ) { mx_message_die(GENERAL_ERROR, $lang['comment_no_text']); } // -------------------------------- // Check username for guest posting // -------------------------------- if ( !$userdata['session_logged_in'] ) { if ( $comment_username != '' ) { $result = validate_username($comment_username); if ( $result['error'] ) { mx_message_die(GENERAL_MESSAGE, $result['error_msg']); } } } // -------------------------------- // Prepare variables // -------------------------------- $comment_time = time(); $comment_user_id = $userdata['user_id']; $comment_user_ip = $userdata['session_ip']; // -------------------------------- // Get $comment_id // -------------------------------- $sql = "SELECT MAX(comment_id) AS max FROM ". ADS_COMMENTS_TABLE; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not find comment_id', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); $comment_id = $row['max'] + 1; // -------------------------------- // Insert into DB // -------------------------------- $sql = "INSERT INTO ". ADS_COMMENTS_TABLE ." (comment_id, comment_ad_id, comment_user_id, comment_username, comment_user_ip, comment_time, comment_text) VALUES ('$comment_id', '$ad_id', '$comment_user_id', '$comment_username', '$comment_user_ip', '$comment_time', '$comment_text')"; if ( !$result = $db->sql_query($sql) ) { mx_message_die(GENERAL_ERROR, 'Could not insert new comment', '', __LINE__, __FILE__, $sql); } // -------------------------------- // Send an email to the ad owner // -------------------------------- if ( !empty($user_id) ) { include_once($phpbb_root_path . 'includes/emailer.'.$phpEx); // Get recipients details from phpBB $profiledata = get_userdata($user_id); $recip_email = $profiledata['user_email']; $subject = 'XXX SUBJECT XXX'; $message = 'XXX MESSAGE XXX'; // Send the email $emailer = new emailer($board_config['smtp_delivery']); $emailer->from($board_config['board_email']); $emailer->replyto($board_config['board_email']); $emailer->use_template('admin_send_email', $user_lang); $emailer->email_address($recip_email); $emailer->set_subject($subject); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'BOARD_EMAIL' => $board_config['board_email'], 'MESSAGE' => $message)); $emailer->send(); $emailer->reset(); $user_id_array[] = $user_id; } // -------------------------------- // Send an email to each comment poster // -------------------------------- $user_id_array[] = $comment_user_id; $sql = "SELECT comment_user_id FROM ". ADS_COMMENTS_TABLE ." WHERE comment_ad_id= $ad_id"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $comment_user_id = $row['comment_user_id']; if ( in_array($comment_user_id, $user_id_array ) ) { // Ignore! } else { include_once($phpbb_root_path . 'includes/emailer.'.$phpEx); // Get recipients details from phpBB $profiledata = get_userdata($comment_user_id); $recip_email = $profiledata['user_email']; $subject = 'XXX SUBJECT XXX'; $message = 'XXX MESSAGE XXX'; // Send the email $emailer = new emailer($board_config['smtp_delivery']); $emailer->from($board_config['board_email']); $emailer->replyto($board_config['board_email']); $emailer->use_template('admin_send_email', $user_lang); $emailer->email_address($recip_email); $emailer->set_subject($subject); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'BOARD_EMAIL' => $board_config['board_email'], 'MESSAGE' => $message)); $emailer->send(); $emailer->reset(); $user_id_array[] = $comment_user_id; } } // -------------------------------- // Complete... now send a message to user // -------------------------------- $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid(this_ads_mxurl("ads_mode=ads_comment&comment_id=$comment_id")) . '#'.$comment_id.'">')); $message = $lang['Stored'] . "<br /><br />" . sprintf($lang['Click_view_message'], "<a href=\"" . append_sid(this_ads_mxurl("ads_mode=ads_comment&comment_id=$comment_id")) . "#$comment_id\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_ads_index'], "<a href=\"" . append_sid(this_ads_mxurl()) . "\">", "</a>"); mx_message_die(GENERAL_MESSAGE, $message); } ?> --- NEW FILE: ads_prices.php --- <? /*************************************************************************** * ads_prices.php * ------------------- * begin : Wednesday, Feb 15, 2006 * copyright : (C) 2006 Peter Mansion * email : su...@ph... * * $Id: ads_prices.php,v 1.1 2007/06/06 22:24:47 orynider Exp $ * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // MX if ( !defined('IN_PORTAL') ) { die("Hacking attempt"); } // // Let's include some stuff... // $phpEx = substr(strrchr(__FILE__, '.'), 1); if ( !defined('TEMPLATE_ROOT_PATH') ) { include_once($mx_root_path . 'common.' . $phpEx); // // Start session management // $mx_user->init($user_ip, PAGE_INDEX); // // End session management // } $ads_root_path = $module_root_path . 'ads_mod/'; // // Get general music information // if ( !$is_block ) { include($ads_root_path . 'ads_common.'.$phpEx); } else { include_once($ads_root_path . 'ads_common.'.$phpEx); } $page_title = $lang['ad_prices']; if ( !is_object($mx_block)) { include($mx_root_path . 'includes/page_header.'.$phpEx); } $template->set_filenames(array('prices_page' => 'ads_prices.tpl')); $sql = "SELECT * FROM ". ADS_CATEGORIES_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $category = $row['cat_category']; $sub_category = $row['cat_sub_category']; if ( $ads_config['basic'] == 0 || $row['cat_basic_cost'] < 0 ) { $basic_cost = 'Not available'; } else if ( $row['cat_basic_cost'] == 0 ) { $basic_cost = $lang['free']; } else { $basic_cost = $lang['currency'][$ads_config['currency_code']] . $row['cat_basic_cost']; } if ( $ads_config['standard'] == 0 || $row['cat_standard_cost'] < 0 ) { $standard_cost = 'Not available'; } else if ( $row['cat_standard_cost'] == 0 ) { $standard_cost = $lang['free']; } else { $standard_cost = $lang['currency'][$ads_config['currency_code']] . $row['cat_standard_cost']; } if ( $ads_config['photo'] == 0 || $row['cat_photo_cost'] < 0 ) { $pho... [truncated message content] |