edit_offer_buy.php

通达OA部分源代码

<?php
include_once'logincheck.php';
include_once("myconnect.php");

function RTESafe($strText) {
	//returns safe code for preloading in the RTE
	$tmpString = trim($strText);
	
	//convert all types of single quotes
	$tmpString = str_replace(chr(145), chr(39), $tmpString);
	$tmpString = str_replace(chr(146), chr(39), $tmpString);
	$tmpString = str_replace("'", "&#39;", $tmpString);
	
	//convert all types of double quotes
	$tmpString = str_replace(chr(147), chr(34), $tmpString);
	$tmpString = str_replace(chr(148), chr(34), $tmpString);
//	$tmpString = str_replace("\"", "\"", $tmpString);
	
	//replace carriage returns & line feeds
	$tmpString = str_replace(chr(10), " ", $tmpString);
	$tmpString = str_replace(chr(13), " ", $tmpString);
	
	return $tmpString;
}


/////////---getting config---------
	$sbq_con='select * from sbbleads_config where sb_id=1';
	$sbrow_con=mysql_fetch_array(mysql_query($sbq_con));
	
//	$sbq_gro='select * from sbbleads_groups where sb_memtype='.$_SESSION["sbbleads_memtype"];
//	$sbrow_gro=mysql_fetch_array(mysql_query($sbq_gro));

$errcnt=0;
if(count($_POST)<>0)		//IF SOME FORM WAS POSTED DO VALIDATION
{
//////////--------------getting group settings
	$sbenable_constraints=$_REQUEST["sbenable_constraints"];
	$sbcom=$_REQUEST["sbcom"];


	$sb_uid=$_REQUEST['sb_uid'];		
	$sbq_mem='select * from sbbleads_members where sb_id='.$sb_uid;
	$sbrow_mem=mysql_fetch_array(mysql_query($sbq_mem));
		
	$sbq_gro='select * from sbbleads_groups where sb_memtype='.$sbrow_mem["sb_memtype"];
	$sbrow_gro=mysql_fetch_array(mysql_query($sbq_gro));


	$sb_id=$_REQUEST["sb_id"];

	$cat_list=str_replace(";",",",$_REQUEST["category"]);
	$cid_list=str_replace(";",",",$_REQUEST["cid"]);
	$cat=explode(",",$cid_list);
//	$cat_name=explode(",",$_REQUEST["category"]);
	
	$sb_title=$_REQUEST["sb_title"];
	$sb_description=$_REQUEST["sb_description"];
	$sb_quantity=$_REQUEST["sb_quantity"];
	$sb_keywords=$_REQUEST["sb_keywords"];
	$key=explode(",",$sb_keywords);

	$sb_price_cur_id=$_REQUEST["sb_price_cur_id"];
	$sb_price=$_REQUEST["sb_price"];

		if( $cid_list == '' )
		{
			$errs[$errcnt]="Atleast one Category must be provided";
			$errcnt++;
		}
		elseif( ($sbenable_constraints) && (count($cat) > $sbrow_gro["sb_cat_cnt"]) )
		{
			$errs[$errcnt]="Too many Categories provided";
			$errcnt++;
		}
		
		
		if ( strlen(trim($sb_title)) == 0 )
		{
			$errs[$errcnt]="Title must be provided";
			$errcnt++;
		}
		elseif( ($sbenable_constraints) && (preg_match ("/[<>&]/", $sb_title)) )
		{
			$errs[$errcnt]="Title can not have any special character i.e. & < >";
			$errcnt++;
		}

		if ( strlen(trim($sb_description)) == 0 )
		{
			$errs[$errcnt]="Description must be provided";
			$errcnt++;
		}
		elseif (  ($sbenable_constraints) && (strlen(strip_tags($sb_description)) > $sbrow_con['sb_description_length']) )
		{
			$errs[$errcnt]="Description length must not exceed ".$sbrow_con['sb_description_length']." characters";
			$errcnt++;
		}
		
		if ( !is_numeric($sb_quantity) || ($sb_quantity <= 0) )
		{
			$errs[$errcnt]="Quantity must be non-zero positive integer";
			$errcnt++;
		}
		
		if ( strlen(trim($sb_keywords)) == 0 )
		{
			$errs[$errcnt]="Keywords must be provided";
			$errcnt++;
		}
		elseif( ($sbenable_constraints) && (preg_match ("/[<>&]/", $sb_keywords)) )
		{
			$errs[$errcnt]="Keywords can not have any special character i.e. & < >";
			$errcnt++;
		}
		elseif( ($sbenable_constraints) && (count($key) > $sbrow_gro["sb_keyword_cnt"]) )
		{
			$errs[$errcnt]="Too many keywords provided";
			$errcnt++;
		}
		
		if ( !is_numeric($sb_price_cur_id) || ($sb_price_cur_id == 0) )
		{
			$errs[$errcnt]="Price currency must be selected";
			$errcnt++;
		}

		if ( !is_numeric($sb_price) || ($sb_price <= 0) )
		{
			$errs[$errcnt]="Price must be non-zero positive number";
			$errcnt++;
		}
	
		if($errcnt==0)
		{
			if(!get_magic_quotes_gpc())
			{
				$sb_title=str_replace("$","\$",addslashes($sb_title));
				$sb_description=str_replace("$","\$",addslashes($sb_description));
				$sb_quantity=str_replace("$","\$",addslashes($sb_quantity));
				$sb_keywords=str_replace("$","\$",addslashes($sb_keywords));
			}
			else
			{
				$sb_title=str_replace("$","\$",$sb_title);
				$sb_description=str_replace("$","\$",$sb_description);
				$sb_quantity=str_replace("$","\$",$sb_quantity);
				$sb_keywords=str_replace("$","\$",$sb_keywords);
			}
			$sb_price_cur_id=(int)$sb_price_cur_id;
			$sb_price=$sb_price;
/*			$sb_uid=$_SESSION["sbbleads_userid"];
		if($sbrow_con['sb_approval_type_offer']=='auto')
		{
			$sb_approved='yes';
*/			$sb_msg='Buy offer has been updated';
/*		}
		else
		{
			$sb_approved='no';
			$sb_msg='Your update request has been sent for admin approval, it will be visible after approval';
		}
*/		
		$sbqu_off="update `sbbleads_offers_buy` set sb_title='$sb_title', sb_description='$sb_description', sb_quantity=$sb_quantity, sb_keywords='$sb_keywords', sb_price_cur_id=$sb_price_cur_id, sb_price=$sb_price where sb_id=$sb_id";
	//	die($sbqu_off);
		mysql_query($sbqu_off);
//		if(mysql_affected_rows()>0)
//		{
	///-----deleteing previous cats
			$sbq1_off_cat="delete from sbbleads_offer_cats_buy where sb_offer_id=$sb_id";
			mysql_query($sbq1_off_cat);
			foreach($cat as $sb_value)
			{
				$sbq_off_cat="select * from sbbleads_offer_cats_buy where sb_offer_id=$sb_id and sb_cid=$sb_value";
				//echo $sbq_off_cat;
//				$sbrs_off_cat=
				if( mysql_num_rows(mysql_query($sbq_off_cat)) > 0 )
					continue;		//skips if record already exists
				$sbqi_off_cat="insert into sbbleads_offer_cats_buy (sb_offer_id, sb_cid) values ($sb_id, $sb_value)";
				mysql_query($sbqi_off_cat);
			}

			if($sbcom=='new')
			{		//redirects to right page
				header ("Location: buyoffers_new.php?msg=".urlencode($sb_msg));
				die();
			}	
			
			header ("Location: buyoffers.php?msg=".urlencode($sb_msg));
			die();
/*		}// if inserted
		else
		{
			header("Location: buyoffers.php?msg=".urlencode("Unable to update offer, please try again"));
			die();
		}
*/		}// if no errors

}// if form posted
else
{

//////////////////////////////////---------------------------
	$sbenable_constraints=true;		//helps enable disable things like max cat limit for admin  etc.
$sbcom='';
if(isset($_REQUEST["sbcom"]) && ($_REQUEST["sbcom"]=='new'))
	$sbcom=$_REQUEST["sbcom"];

//////////////////////////////////---------------------------

	if( !isset($_REQUEST["sb_id"]) && !is_numeric($_REQUEST["sb_id"]) )
	{
		header("Location: buyoffers.php?msg=".urlencode("Invalid access, denied"));
		die();
	}
	$sb_id=$_REQUEST["sb_id"];
	$sbq_off="select * from sbbleads_offers_buy where sb_id=$sb_id";
//	die($sbq_off);
	$sbrow_off=mysql_fetch_array(mysql_query($sbq_off));
	if(!$sbrow_off)
	{
		header("Location: buyoffers.php?msg=".urlencode("No such buy offer exists"));
		die();
	}

	$sb_uid=$sbrow_off['sb_uid'];		
	$sbq_mem='select * from sbbleads_members where sb_id='.$sb_uid;
	$sbrow_mem=mysql_fetch_array(mysql_query($sbq_mem));
		
	$sbq_gro='select * from sbbleads_groups where sb_memtype='.$sbrow_mem["sb_memtype"];
	$sbrow_gro=mysql_fetch_array(mysql_query($sbq_gro));
	
//	$cid_list='';
//	$sb_cat_list='';
	$sb_title=$sbrow_off['sb_title'];
	$sb_description=$sbrow_off['sb_description'];
	$sb_quantity=$sbrow_off['sb_quantity'];
	$sb_keywords=$sbrow_off['sb_keywords'];
	$sb_price_cur_id=$sbrow_off['sb_price_cur_id'];
	$sb_price=$sbrow_off['sb_price'];

	$sbq_off_cat="select * from sbbleads_offer_cats_buy where sb_offer_id=$sb_id";
	$sbrs_off_cat=mysql_query($sbq_off_cat);

$cat_list="";
$cid_list="";
while($sbrow_off_cat=mysql_fetch_array($sbrs_off_cat))
{
//	$cat_id=$rs["cat".$i];
	$rs_t=mysql_query("Select * from sbbleads_categories  where sb_id =".$sbrow_off_cat["sb_cid"]);
	if ($rs_t=mysql_fetch_array($rs_t))
	{
		  $cat_path=$rs_t["sb_cat_name"];
 		  $par=mysql_query("select * from sbbleads_categories where sb_id=".$rs_t["sb_pid"]);
		  while($parent=mysql_fetch_array($par))
		  {
			$cat_path=$parent["sb_cat_name"].">".$cat_path;
			$par=mysql_query("select * from sbbleads_categories where sb_id=".$parent["sb_pid"]);
		  }
		if($cat_list=="")
		{

		$cat_list=$cat_path;
		$cid_list=$rs_t["sb_id"];
		}
		else
		{
		$cat_list.=";".$cat_path;
		$cid_list.=";".$rs_t["sb_id"];
		}
	}
}


}

function main ()
{
	global $sbcom, $sbenable_constraints, $sb_uid, $sb_id, $sbrow_con, $sbrow_gro, $errs, $errcnt, $cid_list, $cat_list, $sb_title, $sb_description, $sb_quantity, $sb_keywords, $sb_price_cur_id, $sb_price;

$showform="";

if  (count($_POST)>0)
{
$cid_list=$_POST["cid"];
$cat_list=$_POST["category"];
if ( $errcnt <> 0 )
{
?>
<table width="90%" border="0" align="center" cellpadding="2" cellspacing="0" class="errorstyle">
  <tr> 
    <td colspan="2"><strong>&nbsp;Your request cannot be processed due to following 
      reasons</strong></td>
  </tr>
  <tr height="10"> 
    <td colspan="2"></td>
  </tr>
  <?

for ($i=0;$i<$errcnt;$i++)
{
?>
  <tr valign="top"> 
    <td width="6%">&nbsp;<?php echo $i+1;?></td>
    <td width="94%"><?php echo  $errs[$i]; ?></td>
  </tr>
  <?
}
?>
</table>