edit_offer_buy.php

通达OA部分源代码

<?php
include_once'logincheck.php';
include_once("myconnect.php");
include_once("check_msg_function.php");

function RTESafe($strText) {
	//returns safe code for preloading in the RTE
	$tmpString = trim($strText);
	
	//convert all types of single quotes
	$tmpString = str_replace(chr(145), chr(39), $tmpString);
	$tmpString = str_replace(chr(146), chr(39), $tmpString);
	$tmpString = str_replace("'", "&#39;", $tmpString);
	
	//convert all types of double quotes
	$tmpString = str_replace(chr(147), chr(34), $tmpString);
	$tmpString = str_replace(chr(148), chr(34), $tmpString);
//	$tmpString = str_replace("\"", "\"", $tmpString);
	
	//replace carriage returns & line feeds
	$tmpString = str_replace(chr(10), " ", $tmpString);
	$tmpString = str_replace(chr(13), " ", $tmpString);
	
	return $tmpString;
}


/////////---getting config---------
	$sbq_con='select * from sbbleads_config where sb_id=1';
	$sbrow_con=mysql_fetch_array(mysql_query($sbq_con));
	
	$sbq_gro='select * from sbbleads_groups where sb_memtype='.$_SESSION["sbbleads_memtype"];
	$sbrow_gro=mysql_fetch_array(mysql_query($sbq_gro));

$errcnt=0;
if(count($_POST)<>0)		//IF SOME FORM WAS POSTED DO VALIDATION
{
	$sb_id=$_REQUEST["sb_id"];

	$cat_list=str_replace(";",",",$_REQUEST["category"]);
	$cid_list=str_replace(";",",",$_REQUEST["cid"]);
	
	$cat=explode(",",$cid_list);
//	$cat_name=explode(",",$_REQUEST["category"]);
	
	$sb_title=$_REQUEST["sb_title"];
	$sb_description=$_REQUEST["sb_description"];
	$sb_quantity=$_REQUEST["sb_quantity"];
	$sb_keywords=$_REQUEST["sb_keywords"];
	$key=explode(",",$sb_keywords);

	$sb_price_cur_id=$_REQUEST["sb_price_cur_id"];
	$sb_price=$_REQUEST["sb_price"];

		if( $cid_list == '' )
		{
			$errs[$errcnt]="Atleast one Category must be provided";
			$errcnt++;
		}
		elseif(count($cat) > $sbrow_gro["sb_cat_cnt"])
		{
			$errs[$errcnt]="Too many Categories provided";
			$errcnt++;
		}
		if ( strlen(trim($sb_title)) == 0 )
		{
			$errs[$errcnt]="Title must be provided";
			$errcnt++;
		}
		elseif(preg_match ("/[<>&]/", $sb_title))
		{
			$errs[$errcnt]="Title can not have any special character i.e. & < >";
			$errcnt++;
		}

		if ( strlen(trim($sb_description)) == 0 )
		{
			$errs[$errcnt]="Description must be provided";
			$errcnt++;
		}
		elseif ( strlen(strip_tags($sb_description)) > $sbrow_con['sb_description_length'] )
		{
			$errs[$errcnt]="Description length must not exceed ".$sbrow_con['sb_description_length']." characters";
			$errcnt++;
		}
		elseif( $sbrow_con["sb_approval_type_offer"] == 'auto')
		{
			if ( check_msg($sb_description,0) == 'yes' )
			{
				$errs[$errcnt]="Description must not contain bad words";
				$errcnt++;
			}
		}
		
		if ( !is_numeric($sb_quantity) || ($sb_quantity <= 0) )
		{
			$errs[$errcnt]="Quantity must be non-zero positive integer";
			$errcnt++;
		}
		
		if ( strlen(trim($sb_keywords)) == 0 )
		{
			$errs[$errcnt]="Keywords must be provided";
			$errcnt++;
		}
		elseif(preg_match ("/[<>&]/", $sb_keywords))
		{
			$errs[$errcnt]="Keywords can not have any special character i.e. & < >";
			$errcnt++;
		}
		elseif(count($key) > $sbrow_gro["sb_keyword_cnt"])
		{
			$errs[$errcnt]="Too many keywords provided";
			$errcnt++;
		}
		
		if ( !is_numeric($sb_price_cur_id) || ($sb_price_cur_id == 0) )
		{
			$errs[$errcnt]="Price currency must be selected";
			$errcnt++;
		}

		if ( !is_numeric($sb_price) || ($sb_price <= 0) )
		{
			$errs[$errcnt]="Price must be non-zero positive number";
			$errcnt++;
		}
	
		if($errcnt==0)
		{
			if(!get_magic_quotes_gpc())
			{
				$sb_title=str_replace("$","\$",addslashes($sb_title));
				$sb_description=str_replace("$","\$",addslashes($sb_description));
				$sb_quantity=str_replace("$","\$",addslashes($sb_quantity));
				$sb_keywords=str_replace("$","\$",addslashes($sb_keywords));
			}
			else
			{
				$sb_title=str_replace("$","\$",$sb_title);
				$sb_description=str_replace("$","\$",$sb_description);
				$sb_quantity=str_replace("$","\$",$sb_quantity);
				$sb_keywords=str_replace("$","\$",$sb_keywords);
			}
			$sb_price_cur_id=(int)$sb_price_cur_id;
			$sb_price=$sb_price;
			$sb_uid=$_SESSION["sbbleads_userid"];
		if($sbrow_con['sb_approval_type_offer']=='auto')
		{
			$sb_approved='yes';
			$sb_msg='Your buy offer has been updated';
		}
		else
		{
			$sb_approved='no';
			$sb_msg='Your update request has been sent for admin approval, it will be visible after approval';
		}
		
		$sbqu_off="update `sbbleads_offers_buy` set sb_title='$sb_title', sb_description='$sb_description', sb_quantity=$sb_quantity, sb_keywords='$sb_keywords', sb_price_cur_id=$sb_price_cur_id, sb_price=$sb_price, sb_approved='$sb_approved' where sb_id=$sb_id and sb_uid=$sb_uid";
	//	die($sbqu_off);
		mysql_query($sbqu_off);
	
		///-----deleteing previous cats
			$sbq1_off_cat="delete from sbbleads_offer_cats_buy where sb_offer_id=$sb_id";
			mysql_query($sbq1_off_cat);
			foreach($cat as $sb_value)
			{
			$sbq_off_cat="select * from sbbleads_offer_cats_buy 
			where sb_offer_id=$sb_id and sb_cid=$sb_value";
			if( mysql_num_rows(mysql_query($sbq_off_cat)) > 0 )
			continue;		//skips if record already exists
			$sbqi_off_cat="insert into sbbleads_offer_cats_buy 
			(sb_offer_id, sb_cid) values ($sb_id, $sb_value)";
			mysql_query($sbqi_off_cat);
			}

	if(mysql_affected_rows()>0)
	{
	if($sb_approved=="yes")
	{
	header ("Location: gen_confirm_mem.php?sb_type=2&id=$sb_id&errmsg=".urlencode($sb_msg));
	}
	else
	{
	header ("Location: gen_confirm_mem.php?errmsg=".urlencode($sb_msg));
	}
	die();
	}// if inserted
	else
	{
	header("Location: gen_confirm_mem.php?err=edit_offer_buy&id=$sb_id&errmsg=".urlencode("Sorry, no updations carried out."));
			die();
		}
		}// if no errors

}// if form posted
else
{

//////////////////////////////////---------------------------
	if( !isset($_REQUEST["sb_id"]) && !is_numeric($_REQUEST["sb_id"]) )
	{
		header("Location: gen_confirm_mem.php?errmsg=".urlencode("No such offer found."));
		die();
	}
	$sb_id=$_REQUEST["sb_id"];
	$sbq_off="select * from sbbleads_offers_buy where sb_id=$sb_id and sb_uid=".$_SESSION["sbbleads_userid"];
//	die($sbq_off);
	$sbrow_off=mysql_fetch_array(mysql_query($sbq_off));
	if(!$sbrow_off)
	{
		header("Location: gen_confirm_mem.php?errmsg=".urlencode("Invalid access, denied."));
		die();
	}
	
//	$cid_list='';
//	$sb_cat_list='';
	$sb_title=$sbrow_off['sb_title'];
	$sb_description=$sbrow_off['sb_description'];
	$sb_quantity=$sbrow_off['sb_quantity'];
	$sb_keywords=$sbrow_off['sb_keywords'];
	$sb_price_cur_id=$sbrow_off['sb_price_cur_id'];
	$sb_price=$sbrow_off['sb_price'];

	$sbq_off_cat="select * from sbbleads_offer_cats_buy where sb_offer_id=$sb_id";
	$sbrs_off_cat=mysql_query($sbq_off_cat);

$cat_list="";
$cid_list="";
while($sbrow_off_cat=mysql_fetch_array($sbrs_off_cat))
{
//	$cat_id=$rs["cat".$i];
	$rs_t=mysql_query("Select * from sbbleads_categories  where sb_id =".$sbrow_off_cat["sb_cid"]);
	if ($rs_t=mysql_fetch_array($rs_t))
	{
		  $cat_path=$rs_t["sb_cat_name"];
 		  $par=mysql_query("select * from sbbleads_categories where sb_id=".$rs_t["sb_pid"]);
		  while($parent=mysql_fetch_array($par))
		  {
			$cat_path=$parent["sb_cat_name"].">".$cat_path;
			$par=mysql_query("select * from sbbleads_categories where sb_id=".$parent["sb_pid"]);
			}
		if($cat_list=="")
		{

		$cat_list=$cat_path;
		$cid_list=$rs_t["sb_id"];
		}
		else
		{
		$cat_list.=";".$cat_path;
		$cid_list.=";".$rs_t["sb_id"];
		}
	}
}


}

function main ()
{
	global $sb_id, $sbrow_con, $sbrow_gro, $errs, $errcnt, $cid_list, $cat_list, $sb_title, $sb_description, $sb_quantity, $sb_keywords, $sb_price_cur_id, $sb_price;

$showform="";

if  (count($_POST)>0)
{
$cid_list=$_POST["cid"];
$cat_list=$_POST["category"];

if ( $errcnt <> 0 )
{
?>
<table width="90%" border="0" align="center" cellpadding="2" cellspacing="0" class="errorstyle">
  <tr> 
    <td colspan="2"><strong>&nbsp;Your Request cannot be processed due to following 
      reasons</strong></td>
  </tr>
  <tr height="10"> 
    <td colspan="2"></td>
  </tr>
  <?

for ($i=0;$i<$errcnt;$i++)
{
?>
  <tr valign="top"> 
    <td width="6%">&nbsp;<?php echo $i+1;?></td>
    <td width="94%"><?php echo  $errs[$i]; ?></td>
  </tr>
  <?
}
?>
</table>

<?

}

}
if ($showform<>"No")
{
?>
<script language="JavaScript" type="text/javascript" src="richtext.js"></script>
<script language="JavaScript">
/*					function add_category()
					{
					if(document.form123.cats.value!=0)
					{
					var id=document.form123.cats.selectedIndex;
					if(document.form123.category.value=="")
					{
					document.form123.cid.value=document.form123.cats.value;
					document.form123.category.value=document.form123.cats.options[id].text;
					document.form123.category.focus();
					document.form123.cats.selectedIndex=0;
					}
					else
					{
					document.form123.cid.value=document.form123.cid.value+";"+document.form123.cats.value;
					document.form123.category.value=document.form123.category.value+";"+document.form123.cats.options[id].text;
					document.form123.category.focus();
					document.form123.cats.selectedIndex=0;
					}
					}
					else
					{
					alert('Choose a Category to add!');
					}
					}
*/
					function add_category()
					{
					if(document.form123.cats.value!=0)