📄 edit_profile.php
字号:
<?
include_once("myconnect.php");
include_once("logincheck.php");
function RTESafe($strText) {
//returns safe code for preloading in the RTE
$tmpString = trim($strText);
//convert all types of single quotes
$tmpString = str_replace(chr(145), chr(39), $tmpString);
$tmpString = str_replace(chr(146), chr(39), $tmpString);
$tmpString = str_replace("'", "'", $tmpString);
//convert all types of double quotes
$tmpString = str_replace(chr(147), chr(34), $tmpString);
$tmpString = str_replace(chr(148), chr(34), $tmpString);
// $tmpString = str_replace("\"", "\"", $tmpString);
//replace carriage returns & line feeds
$tmpString = str_replace(chr(10), " ", $tmpString);
$tmpString = str_replace(chr(13), " ", $tmpString);
return $tmpString;
}
$errcnt=0;
if(count($_POST)<>0) //IF SOME FORM WAS POSTED DO VALIDATION
{
$sbcom=$_REQUEST["sbcom"];
$sb_uid=$_REQUEST['sb_uid'];
$sbq_mem='select * from sbbleads_members where sb_id='.$sb_uid;
$sbrow_mem=mysql_fetch_array(mysql_query($sbq_mem));
$sql="Select * from sbbleads_groups where sb_memtype=".$sbrow_mem["sb_memtype"];
$rs0_query=mysql_query($sql);
$rs0=mysql_fetch_array($rs0_query);
$cats=$rs0["sb_profilecat_cnt"];
$allowed= $rs0["sb_profile"];
$posturl= $rs0["sb_posturl"];
if(!get_magic_quotes_gpc())
{
$companyname=str_replace("$","\$",addslashes($_REQUEST["companyname"]));
$logo=str_replace("$","\$",addslashes($_REQUEST["list1"]));
$services=str_replace("$","\$",addslashes($_REQUEST["services"]));
$yearestablished=str_replace("$","\$",addslashes($_REQUEST["yearestablished"]));
$othermarkets=str_replace("$","\$",addslashes($_REQUEST["othermarkets"]));
$companyprofile=str_replace("$","\$",addslashes($_REQUEST["companyprofile"]));
$ceo=str_replace("$","\$",addslashes($_REQUEST["ceo"]));
$phone=str_replace("$","\$",addslashes($_REQUEST["phone"]));
$phone1=str_replace("$","\$",addslashes($_REQUEST["phone1"]));
$phone2=str_replace("$","\$",addslashes($_REQUEST["phone2"]));
$fax=str_replace("$","\$",addslashes($_REQUEST["fax"]));
$fax1=str_replace("$","\$",addslashes($_REQUEST["fax1"]));
$fax2=str_replace("$","\$",addslashes($_REQUEST["fax2"]));
$website=str_replace("$","\$",addslashes($_REQUEST["website"]));
}
else
{
$companyname=str_replace("$","\$",$_REQUEST["companyname"]);
$logo=str_replace("$","\$",$_REQUEST["list1"]);
$services=str_replace("$","\$",$_REQUEST["services"]);
$yearestablished=str_replace("$","\$",$_REQUEST["yearestablished"]);
$othermarkets=str_replace("$","\$",$_REQUEST["othermarkets"]);
$companyprofile=str_replace("$","\$",$_REQUEST["companyprofile"]);
$ceo=str_replace("$","\$",$_REQUEST["ceo"]);
$phone=str_replace("$","\$",$_REQUEST["phone"]);
$phone1=str_replace("$","\$",$_REQUEST["phone1"]);
$phone2=str_replace("$","\$",$_REQUEST["phone2"]);
$fax=str_replace("$","\$",$_REQUEST["fax"]);
$fax1=str_replace("$","\$",$_REQUEST["fax1"]);
$fax2=str_replace("$","\$",$_REQUEST["fax2"]);
$website=str_replace("$","\$",$_REQUEST["website"]);
}
$phone_no="";
if(strlen(trim($phone))<>0)
{$phone_no.=$phone;}
$phone_no.="-";
if(strlen(trim($phone1))<>0)
{$phone_no.=$phone1;}
$phone_no.="-";
if(strlen(trim($phone2))<>0)
{$phone_no.=$phone2;}
$fax_no="";
if(strlen(trim($fax))<>0)
{$fax_no.=$fax;}
$fax_no.="-";
if(strlen(trim($fax1))<>0)
{$fax_no.=$fax1;}
$fax_no.="-";
if(strlen(trim($fax2))<>0)
{$fax_no.=$fax2;}
$markets="0";
$rs_query_t=mysql_query("select * from sbbleads_markets order by sb_market");
$cnt=1;
while( ( $rs_t=mysql_fetch_array($rs_query_t) ))
{
$indx="market".$cnt;
$cnt++;
if ( isset($_REQUEST[$indx]) )
{
$markets =($markets==0)?$rs_t["sb_id"]:$markets.",".$rs_t["sb_id"];
}
}
$markets_arr=explode(",",$markets);
$cat_name=str_replace(";",",",$_REQUEST["category"]);
$cid_list=str_replace(";",",",$_REQUEST["cid"]);
$cat=explode(",",$cid_list);
if ( strlen(trim($companyname)) == 0 )
{
$errs[$errcnt]="Company Name must be provided";
$errcnt++;
}
elseif(preg_match ("/[;<>&]/", $_REQUEST["companyname"]))
{
$errs[$errcnt]="Company Name can not have any special character (e.g. & ; < >)";
$errcnt++;
}
if ( $_REQUEST["businesstype"]=="" )
{
$errs[$errcnt]="Business Type must be choosen";
$errcnt++;
}
if ( $_REQUEST["cid"]=="")
{
$errs[$errcnt]="Category(ies) must be provided";
$errcnt++;
}
if ( count($cat)>$cats)
{
$errs[$errcnt]="You are not allowed to choose more than $cats category(ies).";
$errcnt++;
}
if ( strlen(trim($services)) == 0 )
{
$errs[$errcnt]="Product/Services must be specified.";
$errcnt++;
}
/*elseif(preg_match ("/[;<>&]/", $_REQUEST["services"]))
{
$errs[$errcnt]="Product/Services can not have any special character (e.g. & ; < >)";
$errcnt++;
}*/
if ( $markets=="-1" && (strlen(trim($othermarkets)) == 0))
{
$errs[$errcnt]="At least one market must be choosen";
$errcnt++;
}
if ( $_REQUEST["productfocus"]=="" )
{
$errs[$errcnt]="Product Focus must be choosen";
$errcnt++;
}
if ( $_REQUEST["employees"]=="" )
{
$errs[$errcnt]="Employees must be choosen";
$errcnt++;
}
if ( strlen(trim($companyprofile)) == 0 )
{
$errs[$errcnt]="Company Profile must be given";
$errcnt++;
}
/*elseif(preg_match ("/[;<>&]/", $_REQUEST["companyprofile"]))
{
$errs[$errcnt]="Company Profile can not have any special character (e.g. & ; < >)";
$errcnt++;
}*/
if ( strlen(trim($ceo)) == 0 )
{
$errs[$errcnt]="CEO/Owner's Name Must be provided";
$errcnt++;
}
elseif(preg_match ("/[;<>&]/", $_REQUEST["ceo"]))
{
$errs[$errcnt]="CEO/Owner's Name can not have any special character (e.g. & ; < >)";
$errcnt++;
}
if(preg_match ("/[;<>&]/", $phone_no))
{
$errs[$errcnt]="Phone No. can not have any special character (e.g. & ; < >)";
$errcnt++;
}
if(preg_match ("/[;<>&]/", $fax_no))
{
$errs[$errcnt]="Fax can not have any special character (e.g. & ; < >)";
$errcnt++;
}
if($errcnt==0)
{
$approved="yes";
$config=mysql_fetch_array(mysql_query("select * from sbbleads_config"));
/* if($config["sb_profile_approval"]=="admin")
{$approved="no";}
if($_POST["profile_id"]==0)
{
$insert_query="insert into sbbleads_companyprofiles (sb_companyname,sb_logo,sb_businesstype,sb_services,sb_yearestablished,sb_markets,sb_othermarkets,sb_productfocus,sb_companyprofile,sb_employees,sb_ceo,sb_website,sb_uid,sb_type,sb_phone,sb_fax,sb_approved,sb_viewed,sb_postedon) values ('$companyname','$logo',".$_REQUEST["businesstype"].",'$services',$yearestablished,'$markets','$othermarkets',".$_REQUEST["productfocus"].",'$companyprofile',".$_REQUEST["employees"].",'$ceo','$website',".$_SESSION["sbbleads_userid"].",0,'$phone_no','$fax_no','$approved',0,'".date("YmdHis",time())."')";
mysql_query($insert_query);
if(mysql_affected_rows()>0)
{
$profile=mysql_fetch_array(mysql_query("select max(sb_id) from sbbleads_companyprofiles"));
foreach($cat as $cid)
{
$check_cat=mysql_fetch_array(mysql_query("select * from sbbleads_profile_cats where sb_cid=$cid and sb_profile_id=".$profile[0]));
if(!$check_cat)
{
mysql_query("insert into sbbleads_profile_cats (sb_cid,sb_profile_id) values ($cid,".$profile[0].")");
}
}
}
}
else
{
$approved="yes";
$config=mysql_fetch_array(mysql_query("select * from sbbleads_config"));
if($config["sb_profile_approval"]=="admin")
{$approved="no";}
*/
$update_query="update sbbleads_companyprofiles set
sb_companyname='$companyname',
sb_logo='$logo',
sb_businesstype=".$_REQUEST["businesstype"].",
sb_services='$services',
sb_yearestablished=$yearestablished,
sb_othermarkets='$othermarkets',
sb_productfocus=".$_REQUEST["productfocus"].",
sb_companyprofile='$companyprofile',
sb_employees=".$_REQUEST["employees"].",
sb_ceo='$ceo',
sb_phone='$phone_no',
sb_fax='$fax_no',
sb_website='$website'
where sb_uid=$sb_uid";
mysql_query($update_query);
//---------------IMAGE MAGIK CODE--------------------------------------------------------
if($config["sb_image_magik"]=="enable")
{
$size_str=$config["sb_th_width"] . "x" . $config["sb_th_width"];
$path1="../uploadedimages" . '/' . $logo;
$path2="../thumbs1" . '/' . $logo;
if($config["sb_water_marking"]=="enable")
{
exec("composite -dissolve 20 ../images/watermark.gif $path1 $path1");
}
exec("convert $path1 -resize $size_str $path2");
}
//------------------------------------------------------------------------------------------
mysql_query("delete from sbbleads_profile_cats where sb_profile_id=".$_POST["profile_id"]);
foreach($cat as $cid)
{
$check_cat=mysql_fetch_array(mysql_query("select * from sbbleads_profile_cats where sb_cid=$cid and sb_profile_id=".$_POST["profile_id"]));
if(!$check_cat)
{
mysql_query("insert into sbbleads_profile_cats (sb_cid,sb_profile_id) values ($cid,".$_POST["profile_id"].")");
}
}
mysql_query("delete from sbbleads_profile_markets where sb_profile_id=".$_POST["profile_id"]);
foreach($markets_arr as $market)
{
$check_market=mysql_fetch_array(mysql_query("select * from sbbleads_profile_markets
where sb_market=$market and sb_profile_id=".$_POST["profile_id"]));
if(!$check_market)
{
mysql_query("insert into sbbleads_profile_markets (sb_market,sb_profile_id) values ($market,".$_POST["profile_id"].")");
}
}
if(mysql_affected_rows()>0)
{
if($sbcom=='new')
{ //redirects to right page
header ("Location: profiles_new.php?msg=".urlencode("Company profile has been updated"));
die();
}
header("Location: profiles.php?msg=".urlencode("Company profile has been updated"));
die();
}
else
{
header("Location: profiles.php?msg=".urlencode("Unable to update company profile, please try again"));
die();
}
//}
}// end if no errs
}//if form posted
function main()
{
global $errs, $errcnt;
$sbcom='';
if(isset($_REQUEST["sbcom"]) && ($_REQUEST["sbcom"]=='new'))
$sbcom=$_REQUEST["sbcom"];
$sb_id=$_REQUEST['sb_id'];
$sbrs_com=mysql_query("Select * from sbbleads_companyprofiles where sb_id=$sb_id");
$sbrow_com=mysql_fetch_array($sbrs_com);
$sb_uid=$sbrow_com['sb_uid'];
$sbq_mem='select * from sbbleads_members where sb_id='.$sb_uid;
$sbrow_mem=mysql_fetch_array(mysql_query($sbq_mem));
$sql="Select * from sbbleads_groups where sb_memtype=".$sbrow_mem["sb_memtype"];
// $sql="Select * from sbbleads_groups where sb_memtype=".$_SESSION["sbbleads_memtype"];
$rs0_query=mysql_query($sql);
$rs0=mysql_fetch_array($rs0_query);
$cats=$rs0["sb_profilecat_cnt"];
$allowed= $rs0["sb_profile"];
$posturl= $rs0["sb_posturl"];
/*if ($allowed!="yes")
{
?>
<table width="558" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2"><font color="#FF0000" size="2" face="Arial, Helvetica, sans-serif"><strong>The user is not allowed to post a company profile.</strong></font></td>
</tr>
<tr>
<td colspan="2"><font color="#FF0000" face="Arial, Helvetica, sans-serif" size="2"> User must consider upgrading membership level if one is at bronze or silver level.</font></td>
</tr>
</table>
<?php
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -