📄 companyprofile.php
字号:
<?
include_once("myconnect.php");
include_once("logincheck.php");
include_once("check_msg_function.php");
function RTESafe($strText) {
//returns safe code for preloading in the RTE
$tmpString = trim($strText);
//convert all types of single quotes
$tmpString = str_replace(chr(145), chr(39), $tmpString);
$tmpString = str_replace(chr(146), chr(39), $tmpString);
$tmpString = str_replace("'", "'", $tmpString);
//convert all types of double quotes
$tmpString = str_replace(chr(147), chr(34), $tmpString);
$tmpString = str_replace(chr(148), chr(34), $tmpString);
// $tmpString = str_replace("\"", "\"", $tmpString);
//replace carriage returns & line feeds
$tmpString = str_replace(chr(10), " ", $tmpString);
$tmpString = str_replace(chr(13), " ", $tmpString);
return $tmpString;
}
$errcnt=0;
if(count($_POST)<>0) //IF SOME FORM WAS POSTED DO VALIDATION
{
$config=mysql_fetch_array(mysql_query("select * from sbbleads_config"));
$sql="Select * from sbbleads_groups where sb_memtype=".$_SESSION["sbbleads_memtype"];
$rs0_query=mysql_query($sql);
$rs0=mysql_fetch_array($rs0_query);
$cats=$rs0["sb_profilecat_cnt"];
$allowed= $rs0["sb_profile"];
$posturl= $rs0["sb_posturl"];
if(!get_magic_quotes_gpc())
{
$companyname=str_replace("$","\$",addslashes($_REQUEST["companyname"]));
$logo=str_replace("$","\$",addslashes($_REQUEST["list1"]));
$services=str_replace("$","\$",addslashes($_REQUEST["services"]));
$yearestablished=str_replace("$","\$",addslashes($_REQUEST["yearestablished"]));
$othermarkets=str_replace("$","\$",addslashes($_REQUEST["othermarkets"]));
$companyprofile=str_replace("$","\$",addslashes($_REQUEST["companyprofile"]));
$ceo=str_replace("$","\$",addslashes($_REQUEST["ceo"]));
$phone=str_replace("$","\$",addslashes($_REQUEST["phone"]));
$phone1=str_replace("$","\$",addslashes($_REQUEST["phone1"]));
$phone2=str_replace("$","\$",addslashes($_REQUEST["phone2"]));
$fax=str_replace("$","\$",addslashes($_REQUEST["fax"]));
$fax1=str_replace("$","\$",addslashes($_REQUEST["fax1"]));
$fax2=str_replace("$","\$",addslashes($_REQUEST["fax2"]));
$website=str_replace("$","\$",addslashes($_REQUEST["website"]));
}
else
{
$companyname=str_replace("$","\$",$_REQUEST["companyname"]);
$logo=str_replace("$","\$",$_REQUEST["list1"]);
$services=str_replace("$","\$",$_REQUEST["services"]);
$yearestablished=str_replace("$","\$",$_REQUEST["yearestablished"]);
$othermarkets=str_replace("$","\$",$_REQUEST["othermarkets"]);
$companyprofile=str_replace("$","\$",$_REQUEST["companyprofile"]);
$ceo=str_replace("$","\$",$_REQUEST["ceo"]);
$phone=str_replace("$","\$",$_REQUEST["phone"]);
$phone1=str_replace("$","\$",$_REQUEST["phone1"]);
$phone2=str_replace("$","\$",$_REQUEST["phone2"]);
$fax=str_replace("$","\$",$_REQUEST["fax"]);
$fax1=str_replace("$","\$",$_REQUEST["fax1"]);
$fax2=str_replace("$","\$",$_REQUEST["fax2"]);
$website=str_replace("$","\$",$_REQUEST["website"]);
}
$phone_no="";
if(strlen(trim($phone))<>0)
{$phone_no.=$phone;}
$phone_no.="-";
if(strlen(trim($phone1))<>0)
{$phone_no.=$phone1;}
$phone_no.="-";
if(strlen(trim($phone2))<>0)
{$phone_no.=$phone2;}
$fax_no="";
if(strlen(trim($fax))<>0)
{$fax_no.=$fax;}
$fax_no.="-";
if(strlen(trim($fax1))<>0)
{$fax_no.=$fax1;}
$fax_no.="-";
if(strlen(trim($fax2))<>0)
{$fax_no.=$fax2;}
$markets="0";
$rs_query_t=mysql_query("select * from sbbleads_markets order by sb_market");
$cnt=1;
while( ( $rs_t=mysql_fetch_array($rs_query_t) ))
{
$indx="market".$cnt;
$cnt++;
if ( isset($_REQUEST[$indx]) )
{
$markets =($markets==0)?$rs_t["sb_id"]:$markets.",".$rs_t["sb_id"];
}
}
$markets_arr=explode(",",$markets);
$cat_name=str_replace(";",",",$_REQUEST["category"]);
$sbcid_list=str_replace(";",",",$_REQUEST["cid"]);
$cat=explode(",",$sbcid_list);
if ( strlen(trim($companyname)) == 0 )
{
$errs[$errcnt]="Company Name must be provided";
$errcnt++;
}
elseif(preg_match ("/[;<>&]/", $_REQUEST["companyname"]))
{
$errs[$errcnt]="Company Name can not have any special character (e.g. & ; < >)";
$errcnt++;
}
if ( $_REQUEST["businesstype"]=="" )
{
$errs[$errcnt]="Business Type must be choosen";
$errcnt++;
}
if ( $_REQUEST["cid"]=="")
{
$errs[$errcnt]="Atleast one Category must be provided";
$errcnt++;
}
if ( count($cat)>$cats)
{
$errs[$errcnt]="Too many Categories provided";
$errcnt++;
}
if ( strlen(trim($services)) == 0 )
{
$errs[$errcnt]="Product/Services must be specified.";
$errcnt++;
}
elseif( $config["sb_profile_approval"] == 'auto')
{
if ( check_msg($services,0) == 'yes' )
{
$errs[$errcnt]="Product/Services must not contain bad words";
$errcnt++;
}
}
/*elseif(preg_match ("/[;<>&]/", $_REQUEST["services"]))
{
$errs[$errcnt]="Product/Services can not have any special character (e.g. & ; < >)";
$errcnt++;
}*/
if ( $markets=="-1" && (strlen(trim($othermarkets)) == 0))
{
$errs[$errcnt]="At least one market must be choosen";
$errcnt++;
}
if ( $_REQUEST["productfocus"]=="" )
{
$errs[$errcnt]="Product Focus must be choosen";
$errcnt++;
}
if ( $_REQUEST["employees"]=="" )
{
$errs[$errcnt]="Employees must be choosen";
$errcnt++;
}
if ( strlen(trim($companyprofile)) == 0 )
{
$errs[$errcnt]="Company Profile must be given";
$errcnt++;
}
elseif( $config["sb_profile_approval"] == 'auto')
{
if ( check_msg($companyprofile,0) == 'yes' )
{
$errs[$errcnt]="Company Profile must not contain bad words";
$errcnt++;
}
}
/*elseif(preg_match ("/[;<>&]/", $_REQUEST["companyprofile"]))
{
$errs[$errcnt]="Company Profile can not have any special character (e.g. & ; < >)";
$errcnt++;
}*/
if ( strlen(trim($ceo)) == 0 )
{
$errs[$errcnt]="CEO/Owner's Name Must be provided";
$errcnt++;
}
elseif(preg_match ("/[;<>&]/", $_REQUEST["ceo"]))
{
$errs[$errcnt]="CEO/Owner's Name can not have any special character (e.g. & ; < >)";
$errcnt++;
}
if(preg_match ("/[;<>&]/", $phone_no))
{
$errs[$errcnt]="Phone No. can not have any special character (e.g. & ; < >)";
$errcnt++;
}
if(preg_match ("/[;<>&]/", $fax_no))
{
$errs[$errcnt]="Fax can not have any special character (e.g. & ; < >)";
$errcnt++;
}
if($errcnt==0)
{
$approved="yes";
$sb_msg='Company Profile has been updated.';
if($config["sb_profile_approval"]=="admin")
{
$approved="no";
$sb_msg='Company Profile has been sent for admin approval.';
}
$sb_profile_id=$_POST["profile_id"];
if($_POST["profile_id"]==0)
{
if($approved=="no")
{ $approved="new";}
$insert_query="insert into sbbleads_companyprofiles (sb_companyname,sb_logo,sb_businesstype,sb_services,sb_yearestablished,sb_othermarkets,sb_productfocus,sb_companyprofile,sb_employees,sb_ceo,sb_website,sb_uid,sb_type,sb_phone,sb_fax,sb_approved,sb_viewed,sb_postedon) values ('$companyname','$logo',".$_REQUEST["businesstype"].",'$services',$yearestablished,'$othermarkets',".$_REQUEST["productfocus"].",'$companyprofile',".$_REQUEST["employees"].",'$ceo','$website',".$_SESSION["sbbleads_userid"].",0,'$phone_no','$fax_no','$approved',0,'".date("YmdHis",time())."')";
mysql_query($insert_query);
if(mysql_affected_rows()>0)
{
//---------------IMAGE MAGIK CODE--------------------------------------------------------
if($config["sb_image_magik"]=="enable")
{
$size_str=$config["sb_th_width"] . "x" . $config["sb_th_width"];
$path1="uploadedimages" . '/' . $logo;
$path2="thumbs1" . '/' . $logo;
if($config["sb_water_marking"]=="enable")
{
exec("composite -dissolve 20 images/watermark.gif $path1 $path1");
}
exec("convert $path1 -resize $size_str $path2");
}
//------------------------------------------------------------------------------------------
$profile=mysql_fetch_array(mysql_query("select max(sb_id) from sbbleads_companyprofiles"));
$sb_profile_id=$profile[0];
foreach($cat as $cid)
{
$check_cat=mysql_fetch_array(mysql_query("select * from sbbleads_profile_cats where sb_cid=$cid and sb_profile_id=".$profile[0]));
if(!$check_cat)
{
mysql_query("insert into sbbleads_profile_cats (sb_cid,sb_profile_id) values ($cid,".$profile[0].")");
}
}
foreach($markets_arr as $market)
{
$check_market=mysql_fetch_array(mysql_query("select * from sbbleads_profile_markets where sb_market=$market and sb_profile_id=".$profile[0]));
if(!$check_market)
{
mysql_query("insert into sbbleads_profile_markets (sb_market,sb_profile_id) values ($market,".$profile[0].")");
}
}
////------------mails
if($config["sb_profile_approval"]=='auto')
{
/* //////-------mail to fav cats but if approval is auto 'coz otherwise it would be unapproved
$sbq_mail="SELECT * FROM sbbleads_mails where sb_mailid=24";
$sbrs_mail=mysql_query($sbq_mail);
if ( ($sbrow_mail=mysql_fetch_array($sbrs_mail)) && ($sbrow_mail['sb_status']=='yes'))
{
////////----------getting full path ids
$cat_query=mysql_query("Select * from sbbleads_categories where sb_id in ($sbcid_list)");
$temp_cid_list=-1;
while ($rs=mysql_fetch_array($cat_query))
{
$temp_cid_list .=",".$rs["sb_id"];
$cid=$rs["sb_id"];
$cat_query1=mysql_query("Select * from sbbleads_categories where sb_id=" . $cid );
while ($rs1=mysql_fetch_array($cat_query1))
{
$temp_cid_list.="," .$rs1["sb_id"];
$cat_query1=mysql_query("Select * from sbbleads_categories where sb_id=" . $rs1["sb_pid"] );
}
}
$sbcid_list=$temp_cid_list;
//echo "<br>cats----".$temp_cid_list."----<br>";
//die();
//////-----------------------------------------
$rs_con=mysql_fetch_array(mysql_query("select * from sbbleads_config where sb_id=1"));
$sb_null_char=$rs_con["sb_null_char"];
$login_url=$rs_con["sb_site_root"]."/signin.php";
$sb_offer_url=$rs_con["sb_site_root"]."/view_profile?id=".$profile[0];
$sbuser_id_list="-1";
$sbq_fav_cat="select * from sbbleads_fav_cats where sb_type='profile' and cid in ($sbcid_list)";
//echo $sbq_off_cat;
$sbrs_fav_cat=mysql_query($sbq_fav_cat);
while($sbrow_fav_cat=mysql_fetch_array($sbrs_fav_cat))
{
$sbuser_id_list.=",".$sbrow_fav_cat["mid"];
}
$sbq3_mem="select * from sbbleads_members where sb_id in ($sbuser_id_list)";
$sbrs3_mem=mysql_query($sbq3_mem);
while($sbrow3_mem=mysql_fetch_array($sbrs3_mem))
{ //send mail
//////---getting category name only first matching cat for a user
$sbq1_fav_cat="select * from sbbleads_fav_cats where cid in ($sbcid_list) and mid=".$sbrow3_mem["sb_id"];
//echo $sbq_off_cat;
$sbrs1_fav_cat=mysql_query($sbq1_fav_cat);
$sbrow_fav_cat=mysql_fetch_array($sbrs1_fav_cat);
$sbq4_cat="select * from sbbleads_categories where sb_id=".$sbrow_fav_cat["cid"];
//echo $sbq_off_cat;
$sbrow4_cat=mysql_fetch_array(mysql_query($sbq4_cat));
$sb_cat_name=$sbrow4_cat["sb_cat_name"];
///////----------------------
$from =$sbrow_mail["sb_fromid"];
$to = $sbrow3_mem["sb_email"];
$subject =$sbrow_mail["sb_subject"];
$header="From:" . $from . "\r\n" ."Reply-To:". $from ;
$body=str_replace("%email%", $sb_null_char,str_replace("%password%",$sb_null_char,str_replace("%lname%", $sbrow3_mem["sb_lastname"],str_replace("%fname%",$sbrow3_mem["sb_firstname"],str_replace("%username%",$sbrow3_mem["sb_username"], $sbrow_mail["sb_mail"]) ))));
$body=str_replace("%signup_url%",$sb_null_char,str_replace("%login_url%",$login_url,$body));
$body=str_replace("%message_text%",$sb_null_char,str_replace("%message_title%",$sb_null_char,str_replace("%sender_username%",$sb_null_char,str_replace("%message_date%",$sb_null_char,$body))));
$body=str_replace("%visitor_name%",$sb_null_char,$body);
$body=str_replace("%offer_title%",$companyname,str_replace("%offer_url%",$sb_offer_url,str_replace("%offer_id%",$profile[0],$body)));
$body=str_replace("%category%",$sb_cat_name,$body);
if(isset($sbrow_mail["sb_html_format"])&&($sbrow_mail["sb_html_format"]=="yes"))
{
$header .= "\r\nMIME-Version: 1.0";
$header .= "\r\nContent-type: text/html; charset=iso-8859-1\r\n";
// $body=str_replace("\n","<br>",$body);
}
// echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----";
// echo "<pre>$body</pre>";
// die();
if( $sbrow_mail["sb_status"]=='yes')
mail($to,$subject,$body,$header);
} //end while sbrow3_mem
//////////////////////////////////////////////////////////
} // end if
//die();*/
} //end if approval == auto i.e. mails only
////////////////////////////////////////////////------------------------------------
$sb_profile_id=$profile[0];
if($approved=="yes")
{
header("Location: gen_confirm_mem.php?sb_type=4&id=$sb_profile_id&errmsg=".urlencode("Company profile has been posted"));
}
else
{
header("Location: gen_confirm_mem.php?errmsg=".urlencode("Company profile has been sent for admin approval"));
}
die();
} //mysql_affected rows i.e rec inserted
else
{
header("Location: gen_confirm_mem.php?err=companyprofile&errmsg=".urlencode("Sorry, unable to post company profile."));
die();
}
} //end of profile_id ==0 i.e. insert operation
else
{
$approved="yes";
$sb_msg='Company Profile has been updated.';
$config=mysql_fetch_array(mysql_query("select * from sbbleads_config"));
if($config["sb_profile_approval"]=="admin")
{
$approved="no";
$sb_msg='Company Profile has been sent for admin approval.';
}
$update_query="update sbbleads_companyprofiles set
sb_companyname='$companyname',
sb_logo='$logo',
sb_businesstype=".$_REQUEST["businesstype"].",
sb_services='$services',
sb_yearestablished=$yearestablished,
sb_othermarkets='$othermarkets',
sb_productfocus=".$_REQUEST["productfocus"].",
sb_companyprofile='$companyprofile',
sb_employees=".$_REQUEST["employees"].",
sb_ceo='$ceo',
sb_phone='$phone_no',
sb_fax='$fax_no',
sb_website='$website',
sb_approved='$approved'
where sb_uid=".$_SESSION["sbbleads_userid"];
mysql_query($update_query);
//---------------IMAGE MAGIK CODE--------------------------------------------------------
if($config["sb_image_magik"]=="enable")
{
$size_str=$config["sb_th_width"] . "x" . $config["sb_th_width"];
$path1="uploadedimages" . '/' . $logo;
$path2="thumbs1" . '/' . $logo;
if($config["sb_water_marking"]=="enable")
{
exec("composite -dissolve 20 images/watermark.gif $path1 $path1");
}
exec("convert $path1 -resize $size_str $path2");
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -