📄 post_offer_buy.php
字号:
<?php
include_once'logincheck.php';
include_once("myconnect.php");
include_once("check_msg_function.php");
function RTESafe($strText) {
//returns safe code for preloading in the RTE
$tmpString = trim($strText);
//convert all types of single quotes
$tmpString = str_replace(chr(145), chr(39), $tmpString);
$tmpString = str_replace(chr(146), chr(39), $tmpString);
$tmpString = str_replace("'", "'", $tmpString);
//convert all types of double quotes
$tmpString = str_replace(chr(147), chr(34), $tmpString);
$tmpString = str_replace(chr(148), chr(34), $tmpString);
// $tmpString = str_replace("\"", "\"", $tmpString);
//replace carriage returns & line feeds
$tmpString = str_replace(chr(10), " ", $tmpString);
$tmpString = str_replace(chr(13), " ", $tmpString);
return $tmpString;
}
$errcnt=0;
if(count($_POST)<>0) //IF SOME FORM WAS POSTED DO VALIDATION
{
/////////---getting config---------
$sbq_con='select * from sbbleads_config where sb_id=1';
$sbrow_con=mysql_fetch_array(mysql_query($sbq_con));
$sbq_gro='select * from sbbleads_groups where sb_memtype='.$_SESSION["sbbleads_memtype"];
$sbrow_gro=mysql_fetch_array(mysql_query($sbq_gro));
/////////--------------getting information bout user's privious postings
$sbq_off="select * from sbbleads_offers_buy where sb_uid=".$_SESSION["sbbleads_userid"];
$sbbuy_count=mysql_num_rows(mysql_query($sbq_off));
//////////////////////////////////---------------------------
if( $sbbuy_count >= $sbrow_gro["sb_buy_cnt"] )
{
header("Location: gen_confirm_mem.php?err=post_offer_buy&errmsg=".urlencode("Sorry, some error occurred and unable to post buy offer."));
die();
}
////////////////////--------------------
$sb_cat_list=str_replace(";",",",$_REQUEST["category"]);
$cid_list=str_replace(";",",",$_REQUEST["cid"]);
$cat=explode(",",$cid_list);
// $cat_name=explode(",",$_REQUEST["category"]);
$sb_title=$_REQUEST["sb_title"];
$sb_description=$_REQUEST["sb_description"];
$sb_quantity=$_REQUEST["sb_quantity"];
$sb_keywords=$_REQUEST["sb_keywords"];
$key=explode(",",$sb_keywords);
$sb_price_cur_id=$_REQUEST["sb_price_cur_id"];
$sb_price=$_REQUEST["sb_price"];
if( $cid_list == '' )
{
$errs[$errcnt]="Atleast one Category must be provided";
$errcnt++;
}
elseif(count($cat) > $sbrow_gro["sb_cat_cnt"])
{
$errs[$errcnt]="Too many Categories provided";
$errcnt++;
}
if ( strlen(trim($sb_title)) == 0 )
{
$errs[$errcnt]="Title must be provided";
$errcnt++;
}
elseif(preg_match ("/[<>&]/", $sb_title))
{
$errs[$errcnt]="Title can not have any special character i.e. & < >";
$errcnt++;
}
if ( strlen(trim($sb_description)) == 0 )
{
$errs[$errcnt]="Description must be provided";
$errcnt++;
}
elseif ( strlen(strip_tags($sb_description)) > $sbrow_con['sb_description_length'] )
{
$errs[$errcnt]="Description length must not exceed ".$sbrow_con['sb_description_length']." characters";
$errcnt++;
}
elseif( $sbrow_con["sb_approval_type_offer"] == 'auto')
{
if ( check_msg($sb_description,0) == 'yes' )
{
$errs[$errcnt]="Description must not contain bad words";
$errcnt++;
}
}
if ( !is_numeric($sb_quantity) || ($sb_quantity <= 0) )
{
$errs[$errcnt]="Quantity must be non-zero positive integer";
$errcnt++;
}
if ( strlen(trim($sb_keywords)) == 0 )
{
$errs[$errcnt]="Keywords must be provided";
$errcnt++;
}
elseif(preg_match ("/[<>&]/", $sb_keywords))
{
$errs[$errcnt]="Keywords can not have any special character i.e. & < >";
$errcnt++;
}
elseif(count($key) > $sbrow_gro["sb_keyword_cnt"])
{
$errs[$errcnt]="Too many keywords provided";
$errcnt++;
}
if ( !is_numeric($sb_price_cur_id) || ($sb_price_cur_id == 0) )
{
$errs[$errcnt]="Price currency must be selected";
$errcnt++;
}
if ( !is_numeric($sb_price) || ($sb_price <= 0) )
{
$errs[$errcnt]="Price must be non-zero positive number";
$errcnt++;
}
if($errcnt==0)
{
if(!get_magic_quotes_gpc())
{
$sb_title=str_replace("$","\$",addslashes($sb_title));
$sb_description=str_replace("$","\$",addslashes($sb_description));
$sb_quantity=str_replace("$","\$",addslashes($sb_quantity));
$sb_keywords=str_replace("$","\$",addslashes($sb_keywords));
}
else
{
$sb_offer_type=str_replace("$","\$",$sb_offer_type);
$sb_title=str_replace("$","\$",$sb_title);
$sb_description=str_replace("$","\$",$sb_description);
$sb_quantity=str_replace("$","\$",$sb_quantity);
$sb_keywords=str_replace("$","\$",$sb_keywords);
}
$sb_price_cur_id=(int)$sb_price_cur_id;
$sb_price=$sb_price;
$sb_postedon=date("YmdHis",time());
$sb_approved='yes';
$sb_uid=$_SESSION["sbbleads_userid"];
// $sb_expireson=;
// $sbq_con='select * from sbbleads_config where sb_id=1';
// $sbrow_con=mysql_fetch_array(mysql_query($sbq_con));
if($sbrow_con['sb_approval_type_offer']=='auto')
{
$sb_new='no';
$sb_approved='yes';
$sb_msg='Your buy offer has been posted successfully.';
}
else
{
$sb_new='yes';
$sb_approved='no';
$sb_msg='Your buy offer has been sent for admin approval.';
}
$sbqi_off="Insert into `sbbleads_offers_buy` (sb_uid, sb_title, sb_description, sb_quantity, sb_postedon, sb_keywords, sb_price_cur_id, sb_price, sb_approved, sb_new) values ($sb_uid, '$sb_title', '$sb_description', $sb_quantity, $sb_postedon, '$sb_keywords', $sb_price_cur_id, $sb_price, '$sb_approved', '$sb_new')";
// die($sbqi_off);
mysql_query($sbqi_off);
if(mysql_affected_rows()>0)
{
///-adding to categories
$sbq_off="select max(sb_id) as max_id from sbbleads_offers_buy where 1";
$sbrow_off=mysql_fetch_array(mysql_query($sbq_off));
$sb_offer_id=$sbrow_off["max_id"];
foreach($cat as $sb_value)
{
$sbq_off_cat="select * from sbbleads_offer_cats_buy where sb_offer_id=$sb_offer_id and sb_cid=$sb_value";
//echo $sbq_off_cat;
// $sbrs_off_cat=
if( mysql_num_rows(mysql_query($sbq_off_cat)) > 0 )
continue; //skips if record already exists
$sbqi_off_cat="insert into sbbleads_offer_cats_buy (sb_offer_id, sb_cid) values ($sb_offer_id, $sb_value)";
mysql_query($sbqi_off_cat);
///////////////////////////////////////////////////--------------------------
////////////////////////////////////-----------------------------------------
////--------mail to member/admin if approval is not auto
if($sbrow_con['sb_approval_type_offer']<>'auto')
{
//SENDING MAIL TO MEMBER////////////////////////
// $sbq_res="select * from sbrrs_resources where sbres_id=$sbres_id";
// $sbrow_res=mysql_fetch_array(mysql_query($sbq_res));
$sbq_mem="select * from sbbleads_members where sb_id=".$_SESSION["sbbleads_userid"];
$sbrow_mem=mysql_fetch_array(mysql_query($sbq_mem));
$rs_con=mysql_fetch_array(mysql_query("select * from sbbleads_config where sb_id=1"));
$sb_null_char=$rs_con["sb_null_char"];
$login_url=$rs_con["sb_site_root"]."/signin.php";
// $sbresource_url=$rs_con["sbsite_addr"]."/details_res.php?sbres_id=$sbres_id";
//Reads email to be sebt
$sbq_mail="SELECT * FROM sbbleads_mails where sb_mailid=6";
$sbrs_mail=mysql_query($sbq_mail);
if ( $sbrow_mail=mysql_fetch_array($sbrs_mail) )
{
$from =$sbrow_mail["sb_fromid"];
$to = $sbrow_mem["sb_email"];
$subject =$sbrow_mail["sb_subject"];
$header="From:" . $from . "\r\n" ."Reply-To:". $from ;
$body=str_replace("%email%", $sbrow_mem["sb_email"],str_replace("%password%",$sbrow_mem["sb_password"],str_replace("%lname%", $sbrow_mem["sb_lastname"],str_replace("%fname%",$sbrow_mem["sb_firstname"],str_replace("%username%",$sbrow_mem["sb_username"], $sbrow_mail["sb_mail"]) ))));
$body=str_replace("%signup_url%",$sb_null_char,str_replace("%login_url%",$login_url,$body));
$body=str_replace("%message_text%",$sb_null_char,str_replace("%message_title%",$sb_null_char,str_replace("%sender_username%",$sb_null_char,str_replace("%message_date%",$sb_null_char,$body))));
$body=str_replace("%visitor_name%",$sb_null_char,$body);
$body=str_replace("%offer_title%",$sb_title,str_replace("%offer_url%",$sb_null_char,str_replace("%offer_id%",$sb_null_char,$body)));
if(isset($sbrow_mail["sb_html_format"])&&($sbrow_mail["sb_html_format"]=="yes"))
{
$header .= "\r\nMIME-Version: 1.0";
$header .= "\r\nContent-type: text/html; charset=iso-8859-1\r\n";
// $body=str_replace("\n","%br%",$body);
}
// echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----";
// echo "<pre>$body</pre>";
// die();
if( $sbrow_mail["sb_status"]=='yes')
mail($to,$subject,$body,$header);
}
//////////////////////////////////////////////////////////
///// Sending mail to admin
$rs0=mysql_fetch_array(mysql_query("select * from sbbleads_config where sb_id=1"));
//$login_url=$site_root[0]."/signinform.php";
//Reads email to be sebt
$sbq_mail="SELECT * FROM sbbleads_mails where sb_mailid=7";
$sbrs_mail=mysql_query($sbq_mail);
if ( $sbrow_mail=mysql_fetch_array($sbrs_mail) )
{
$from =$sbrow_mail["sb_fromid"];
$to = $rs0["sb_admin_email"];
$subject =$sbrow_mail["sb_subject"];
$header="From:" . $from . "\r\n" ."Reply-To:". $from ;
// $body=$rs["mail"];
$body=str_replace("%email%", $sbrow_mem["sb_email"],str_replace("%password%",$sb_null_char,str_replace("%lname%", $sbrow_mem["sb_lastname"],str_replace("%fname%",$sbrow_mem["sb_firstname"],str_replace("%username%",$sbrow_mem["sb_username"], $sbrow_mail["sb_mail"]) ))));
$body=str_replace("%signup_url%",$sb_null_char,str_replace("%login_url%",$login_url,$body));
$body=str_replace("%message_text%",$sb_null_char,str_replace("%message_title%",$sb_null_char,str_replace("%sender_username%",$sb_null_char,str_replace("%message_date%",$sb_null_char,$body))));
$body=str_replace("%visitor_name%",$sb_null_char,$body);
$body=str_replace("%offer_title%",$sb_title,str_replace("%offer_url%",$sb_null_char,str_replace("%offer_id%",$sb_null_char,$body)));
if(isset($sbrow_mail["sb_html_format"])&&($sbrow_mail["sb_html_format"]=="yes"))
{
$header .= "\r\nMIME-Version: 1.0";
$header .= "\r\nContent-type: text/html; charset=iso-8859-1\r\n";
// $body=str_replace("\n","%br%",$body);
}
// echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----";
// echo "<pre>$body</pre>";
// die();
if( $sbrow_mail["sb_status"]=='yes')
mail($to,$subject,$body,$header);
}
} //end if approval <> 'auto'
elseif($sbrow_con['sb_approval_type_offer']=='auto')
{
/*
//////-------mail to fav cats but if approval is auto 'coz otherwise it would be unapproved
// echo "----------hello----------";
$sbq_mail="SELECT * FROM sbbleads_mails where sb_mailid=24";
$sbrs_mail=mysql_query($sbq_mail);
if ( ($sbrow_mail=mysql_fetch_array($sbrs_mail)) && ($sbrow_mail['sb_status']=='yes'))
{
////////----------getting full path ids
$cat_query=mysql_query("Select * from sbbleads_categories where sb_id in ($cid_list)");
$temp_cid_list=-1;
while ($rs=mysql_fetch_array($cat_query))
{
$temp_cid_list .=",".$rs["sb_id"];
$cid=$rs["sb_id"];
$cat_query1=mysql_query("Select * from sbbleads_categories where sb_id=" . $cid );
while ($rs1=mysql_fetch_array($cat_query1))
{
$temp_cid_list.="," .$rs1["sb_id"];
$cat_query1=mysql_query("Select * from sbbleads_categories where sb_id=" . $rs1["sb_pid"] );
}
}
$cid_list=$temp_cid_list;
//echo "<br>cats----".$temp_cid_list."----<br>";
//die();
//////-----------------------------------------
$rs_con=mysql_fetch_array(mysql_query("select * from sbbleads_config where sb_id=1"));
$sb_null_char=$rs_con["sb_null_char"];
$login_url=$rs_con["sb_site_root"]."/signin.php";
$sb_offer_url=$rs_con["sb_site_root"]."/view_offer_buy?id=$sb_offer_id";
// foreach($cat as $sb_value)
// {
$sbq3_cat="select * from sbbleads_categories where sb_id=$sb_value";
$sbrow3_cat=mysql_fetch_array(mysql_query($sbq3_cat));
$sb_cat_name=$sbrow3_cat["sb_cat_name"];
$sbuser_id_list="-1";
$sbq_fav_cat="select * from sbbleads_fav_cats where sb_type='buy' and cid in ($cid_list)";
//echo $sbq_off_cat;
$sbrs_fav_cat=mysql_query($sbq_fav_cat);
while($sbrow_fav_cat=mysql_fetch_array($sbrs_fav_cat))
{
$sbuser_id_list.=",".$sbrow_fav_cat["mid"];
}
$sbq3_mem="select * from sbbleads_members where sb_id in ($sbuser_id_list)";
$sbrs3_mem=mysql_query($sbq3_mem);
while($sbrow3_mem=mysql_fetch_array($sbrs3_mem))
{ //send mail
//////---getting category name only first matching cat for a user
$sbq1_fav_cat="select * from sbbleads_fav_cats where cid in ($cid_list) and mid=".$sbrow3_mem["sb_id"];
//echo $sbq_off_cat;
$sbrs1_fav_cat=mysql_query($sbq1_fav_cat);
$sbrow_fav_cat=mysql_fetch_array($sbrs1_fav_cat);
$sbq4_cat="select * from sbbleads_categories where sb_id=".$sbrow_fav_cat["cid"];
//echo $sbq_off_cat;
$sbrow4_cat=mysql_fetch_array(mysql_query($sbq4_cat));
$sb_cat_name=$sbrow4_cat["sb_cat_name"];
///////----------------------
$from =$sbrow_mail["sb_fromid"];
$to = $sbrow3_mem["sb_email"];
$subject =$sbrow_mail["sb_subject"];
$header="From:" . $from . "\r\n" ."Reply-To:". $from ;
$body=str_replace("%email%", $sb_null_char,str_replace("%password%",$sb_null_char,str_replace("%lname%", $sbrow3_mem["sb_lastname"],str_replace("%fname%",$sbrow3_mem["sb_firstname"],str_replace("%username%",$sbrow3_mem["sb_username"], $sbrow_mail["sb_mail"]) ))));
$body=str_replace("%signup_url%",$sb_null_char,str_replace("%login_url%",$login_url,$body));
$body=str_replace("%message_text%",$sb_null_char,str_replace("%message_title%",$sb_null_char,str_replace("%sender_username%",$sb_null_char,str_replace("%message_date%",$sb_null_char,$body))));
$body=str_replace("%visitor_name%",$sb_null_char,$body);
$body=str_replace("%offer_title%",$sb_title,str_replace("%offer_url%",$sb_offer_url,str_replace("%offer_id%",$sb_offer_id,$body)));
$body=str_replace("%category%",$sb_cat_name,$body);
if(isset($sbrow_mail["sb_html_format"])&&($sbrow_mail["sb_html_format"]=="yes"))
{
$header .= "\r\nMIME-Version: 1.0";
$header .= "\r\nContent-type: text/html; charset=iso-8859-1\r\n";
// $body=str_replace("\n","<br>",$body);
}
// echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----";
// echo "<pre>$body</pre>";
// die();
if( $sbrow_mail["sb_status"]=='yes')
mail($to,$subject,$body,$header);
} //end while sbrow3_mem
//////////////////////////////////////////////////////////
} // end if
//die();*/
} //end if approval == auto
///////////-----------------
//////////////////////////////////////////////-------------------------------
/////////////////////////////////////----------------------------------------
}
if($sb_approved=="yes")
{
header ("Location: gen_confirm_mem.php?sb_type=2&id=$sb_offer_id&errmsg=".urlencode($sb_msg));
}
else
{
header ("Location: gen_confirm_mem.php?errmsg=".urlencode($sb_msg));
}
die();
}// if inserted
else
{
header("Location: gen_confirm_mem.php?err=post_offer_buy&errmsg=".urlencode("Sorry, some error occurred and unable to post buy offer."));
die();
}
}// if no errors
}// if form posted
else
{
/////////---getting config---------
$sbq_con='select * from sbbleads_config where sb_id=1';
$sbrow_con=mysql_fetch_array(mysql_query($sbq_con));
$sbq_gro='select * from sbbleads_groups where sb_memtype='.$_SESSION["sbbleads_memtype"];
$sbrow_gro=mysql_fetch_array(mysql_query($sbq_gro));
/////////--------------getting information bout user's privious postings
$sbq_off="select * from sbbleads_offers_buy where sb_uid=".$_SESSION["sbbleads_userid"];
$sbbuy_count=mysql_num_rows(mysql_query($sbq_off));
//////////////////////////////////---------------------------
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -