diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/active_auctions.php b/active_auctions.php old mode 100644 new mode 100755 index 2caadddda..0791f8d2a --- a/active_auctions.php +++ b/active_auctions.php @@ -1,6 +1,6 @@ checkUserValid($user_id); -} elseif ($user->logged_in) { - $user_id = $user->user_data['id']; -} else { - $_SESSION['LOGIN_MESSAGE'] = $MSG['5000']; - $_SESSION['REDIRECT_AFTER_LOGIN'] = 'active_auctions.php'; - header('location: user_login.php'); - exit; +if (isset($_GET['user_id']) && !empty($_GET['user_id'])) +{ + $user_id = intval($_GET['user_id']); + // check trying to access valid user id + $user->checkUserValid($user_id); } +elseif ($user->logged_in) +{ + $user_id = $user->user_data['id']; +} +else +{ + $_SESSION['LOGIN_MESSAGE'] = $MSG['5000']; + $_SESSION['REDIRECT_AFTER_LOGIN'] = 'active_auctions.php'; + header('location: user_login.php'); + exit; +} + +$NOW = time(); // get number of active auctions for this user $query = "SELECT count(id) AS auctions FROM " . $DBPrefix . "auctions WHERE user = :user_id AND closed = 0 - AND suspended = 0 - AND starts <= CURRENT_TIMESTAMP"; + AND starts <= :time"; $params = array(); $params[] = array(':user_id', $user_id, 'int'); +$params[] = array(':time', $NOW, 'int'); $db->query($query, $params); $num_auctions = $db->result('auctions'); // Handle pagination -if (!isset($_GET['PAGE']) || $_GET['PAGE'] == '' || $_GET['PAGE'] < 1) { - $OFFSET = 0; - $PAGE = 1; -} else { - $PAGE = intval($_GET['PAGE']); - $OFFSET = ($PAGE - 1) * $system->SETTINGS['perpage']; +if (!isset($_GET['PAGE']) || $_GET['PAGE'] == '' || $_GET['PAGE'] < 1) +{ + $OFFSET = 0; + $PAGE = 1; } -$PAGES = ceil($num_auctions / $system->SETTINGS['perpage']); -if (!isset($PAGES) || $PAGES < 1) { - $PAGES = 1; +else +{ + $PAGE = intval($_GET['PAGE']); + $OFFSET = ($PAGE - 1) * $system->SETTINGS['perpage']; } +$PAGES = ceil($num_auctions / $system->SETTINGS['perpage']); +if (!isset($PAGES) || $PAGES < 1) $PAGES = 1; $query = "SELECT * FROM " . $DBPrefix . "auctions WHERE user = :user_id AND closed = 0 - AND suspended = 0 - AND starts <= CURRENT_TIMESTAMP + AND starts <= :time ORDER BY ends ASC LIMIT :offset, :perpage"; $params = array(); $params[] = array(':user_id', $user_id, 'int'); +$params[] = array(':time', $NOW, 'int'); $params[] = array(':offset', $OFFSET, 'int'); $params[] = array(':perpage', $system->SETTINGS['perpage'], 'int'); $db->query($query, $params); $k = 0; -while ($row = $db->fetch()) { - if (strlen($row['pict_url']) > 0) { - $row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&auction_id=' . $row['id'] . '&fromfile=' . $row['pict_url']; - } else { - $row['pict_url'] = get_lang_img('nopicture.gif'); - } - - $current_time = new DateTime('now', $dt->UTCtimezone); - $end_time = new DateTime($row['ends'], $dt->UTCtimezone); - $difference = $current_time->diff($end_time); - - $template->assign_block_vars('auctions', array( - 'BGCOLOUR' => (!($k % 2)) ? '' : 'class="alt-row"', - 'ID' => $row['id'], - 'PIC_URL' => $row['pict_url'], - 'TITLE' => htmlspecialchars($row['title']), - 'BNIMG' => get_lang_img(($row['bn_only'] == 0) ? 'buy_it_now.gif' : 'bn_only.png'), - 'BNVALUE' => $row['buy_now'], - 'BNFORMAT' => $system->print_money($row['buy_now']), - 'BIDVALUE' => $row['current_bid'], - 'BIDFORMAT' => $system->print_money($row['current_bid']), - 'NUM_BIDS' => $row['num_bids'], - 'TIMELEFT' => $dt->formatTimeLeft($difference), - - 'B_BUY_NOW' => ($row['buy_now'] > 0 && ($row['bn_only'] || $row['bn_only'] == 0 && ($row['num_bids'] == 0 || ($row['reserve_price'] > 0 && $row['current_bid'] < $row['reserve_price'])))), - 'B_BNONLY' => ($row['bn_only']) - )); - $k++; +while ($row = $db->fetch()) +{ + if (strlen($row['pict_url']) > 0) + { + $row['pict_url'] = $system->SETTINGS['siteurl'] . 'getthumb.php?w=' . $system->SETTINGS['thumb_show'] . '&fromfile=' . UPLOAD_FOLDER . $row['id'] . '/' . $row['pict_url']; + } + else + { + $row['pict_url'] = get_lang_img('nopicture.gif'); + } + + $difference = $row['ends'] - $NOW; + + $template->assign_block_vars('auctions', array( + 'BGCOLOUR' => (!($k % 2)) ? '' : 'class="alt-row"', + 'ID' => $row['id'], + 'PIC_URL' => $row['pict_url'], + 'TITLE' => htmlspecialchars($row['title']), + 'BNIMG' => get_lang_img(($row['bn_only'] == 0) ? 'buy_it_now.gif' : 'bn_only.png'), + 'BNVALUE' => $row['buy_now'], + 'BNFORMAT' => $system->print_money($row['buy_now']), + 'BIDVALUE' => $row['current_bid'], + 'BIDFORMAT' => $system->print_money($row['current_bid']), + 'NUM_BIDS' => $row['num_bids'], + 'TIMELEFT' => FormatTimeLeft($difference), + + 'B_BUY_NOW' => ($row['buy_now'] > 0 && ($row['bn_only'] || $row['bn_only'] == 0 && ($row['num_bids'] == 0 || ($row['reserve_price'] > 0 && $row['current_bid'] < $row['reserve_price'])))), + 'B_BNONLY' => ($row['bn_only']) + )); + $k++; } // get this user's nick @@ -102,39 +112,41 @@ $page_title = $MSG['219'] . ': ' . $TPL_user_nick; $LOW = $PAGE - 5; -if ($LOW <= 0) { - $LOW = 1; -} +if ($LOW <= 0) $LOW = 1; $COUNTER = $LOW; $pagenation = ''; -while ($COUNTER <= $PAGES && $COUNTER < ($PAGE + 6)) { - if ($PAGE == $COUNTER) { - $pagenation .= '' . $COUNTER . '  '; - } else { - $pagenation .= '' . $COUNTER . '  '; - } - $COUNTER++; +while ($COUNTER <= $PAGES && $COUNTER < ($PAGE + 6)) +{ + if ($PAGE == $COUNTER) + { + $pagenation .= '' . $COUNTER . '  '; + } + else + { + $pagenation .= '' . $COUNTER . '  '; + } + $COUNTER++; } $template->assign_vars(array( - 'B_MULPAG' => ($PAGES > 1), - 'B_NOTLAST' => ($PAGE < $PAGES), - 'B_NOTFIRST' => ($PAGE > 1), - - 'USER_RSSFEED' => sprintf($MSG['932'], $TPL_user_nick), - 'USER_ID' => $user_id, - 'USERNAME' => $TPL_user_nick, - 'THUMBWIDTH' => $system->SETTINGS['thumb_show'], - 'NEXT' => intval($PAGE + 1), - 'PREV' => intval($PAGE - 1), - 'PAGE' => $PAGE, - 'PAGES' => $PAGES, - 'PAGENA' => $pagenation - )); + 'B_MULPAG' => ($PAGES > 1), + 'B_NOTLAST' => ($PAGE < $PAGES), + 'B_NOTFIRST' => ($PAGE > 1), + + 'USER_RSSFEED' => sprintf($MSG['932'], $TPL_user_nick), + 'USER_ID' => $user_id, + 'USERNAME' => $TPL_user_nick, + 'THUMBWIDTH' => $system->SETTINGS['thumb_show'], + 'NEXT' => intval($PAGE + 1), + 'PREV' => intval($PAGE - 1), + 'PAGE' => $PAGE, + 'PAGES' => $PAGES, + 'PAGENA' => $pagenation + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'active_auctions.tpl' - )); + 'body' => 'active_auctions.tpl' + )); $template->display('body'); include 'footer.php'; diff --git a/admin/aboutus.php b/admin/aboutus.php old mode 100644 new mode 100755 index f152b1aec..c641c092b --- a/admin/aboutus.php +++ b/admin/aboutus.php @@ -1,6 +1,6 @@ writesetting("aboutus", ynbool($_POST['aboutus']), "str"); - $system->writesetting("aboutustext", $system->cleanvars($_POST['aboutustext'], true), "str"); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // Update database + $system->writesetting("aboutus", ynbool($_POST['aboutus']), "str"); + $system->writesetting("aboutustext", $system->cleanvars($_POST['aboutustext'], true), "str"); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['about_us_updated'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['5079'])); } -loadblock($MSG['active_about_us'], $MSG['active_about_us_explain'], 'yesno', 'aboutus', $system->SETTINGS['aboutus'], array($MSG['yes'], $MSG['no'])); +loadblock($MSG['5077'], $MSG['5076'], 'yesno', 'aboutus', $system->SETTINGS['aboutus'], array($MSG['030'], $MSG['029'])); $CKEditor = new CKEditor(); $CKEditor->basePath = $system->SETTINGS['siteurl'] . '/js/ckeditor/'; @@ -35,17 +36,18 @@ $CKEditor->config['width'] = 550; $CKEditor->config['height'] = 400; -loadblock($MSG['about_us_content'], $MSG['about_us_content_explain'], $CKEditor->editor('aboutustext', $system->SETTINGS['aboutustext'])); +loadblock($MSG['5078'], $MSG['5080'], $CKEditor->editor('aboutustext', $system->SETTINGS['aboutustext'])); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0018'], - 'PAGENAME' => $MSG['about_us_page'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0018'], + 'PAGENAME' => $MSG['5074'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/accounts.php b/admin/accounts.php old mode 100644 new mode 100755 index 44346757c..894bcc381 --- a/admin/accounts.php +++ b/admin/accounts.php @@ -1,6 +1,6 @@ SETTINGS['perpage']; -} elseif (isset($_SESSION['RETURN_LIST_OFFSET']) && $_SESSION['RETURN_LIST'] == 'accounts.php') { - $PAGE = intval($_SESSION['RETURN_LIST_OFFSET']); - $OFFSET = ($PAGE - 1) * $system->SETTINGS['perpage']; -} else { - $OFFSET = 0; - $PAGE = 1; +if (isset($_GET['PAGE']) && is_numeric($_GET['PAGE'])) +{ + $PAGE = intval($_GET['PAGE']); + $OFFSET = ($PAGE - 1) * $system->SETTINGS['perpage']; +} +elseif (isset($_SESSION['RETURN_LIST_OFFSET']) && $_SESSION['RETURN_LIST'] == 'accounts.php') +{ + $PAGE = intval($_SESSION['RETURN_LIST_OFFSET']); + $OFFSET = ($PAGE - 1) * $system->SETTINGS['perpage']; +} +else +{ + $OFFSET = 0; + $PAGE = 1; } $where_sql = ''; $params = array(); -if ($from_date != 0) { - $where_sql = 'paid_date > \'' . $dt->convertToDatetime($from_date) . '\''; - $params[] = array(':from_date', $dt->convertToDatetime($from_date) , 'str'); +if ($from_date != 0) +{ + $where_sql = 'paid_date > \'' . FormatTimeStamp($from_date) . '\''; + $params[] = array(':from_date', FormatTimeStamp($from_date) , 'str'); } -if ($to_date != 0) { - if (!empty($where_sql)) { - $where_sql .= ' AND '; - } - $where_sql .= 'paid_date < \'' . $dt->convertToDatetime($to_date) . '\''; - $params[] = array(':to_date', $dt->convertToDatetime($to_date) , 'str'); +if ($to_date != 0) +{ + if (!empty($where_sql)) + { + $where_sql .= ' AND '; + } + $where_sql .= 'paid_date < \'' . FormatTimeStamp($to_date) . '\''; + $params[] = array(':to_date', FormatTimeStamp($to_date) , 'str'); } -if ($list_type == 'm' || $list_type == 'w' || $list_type == 'd') { - $OFFSET = 0; - $PAGE = 1; - $PAGES = 1; - $show_pagnation = false; - if ($list_type == 'm') { - $query = "SELECT *, SUM(amount) As total FROM " . $DBPrefix . "accounts +if ($list_type == 'm' || $list_type == 'w' || $list_type == 'd') +{ + $OFFSET = 0; + $PAGE = 1; + $PAGES = 1; + $show_pagnation = false; + if ($list_type == 'm') + { + $query = "SELECT *, SUM(amount) As total FROM " . $DBPrefix . "accounts " . ((!empty($where_sql)) ? ' WHERE ' . $where_sql : '') . " GROUP BY month, year ORDER BY year, month"; - } elseif ($list_type == 'w') { - $query = "SELECT *, SUM(amount) As total FROM " . $DBPrefix . "accounts + } + elseif ($list_type == 'w') + { + $query = "SELECT *, SUM(amount) As total FROM " . $DBPrefix . "accounts " . ((!empty($where_sql)) ? ' WHERE ' . $where_sql : '') . " GROUP BY week, year ORDER BY year, week"; - } else { - $query = "SELECT *, SUM(amount) As total FROM " . $DBPrefix . "accounts + } + else + { + $query = "SELECT *, SUM(amount) As total FROM " . $DBPrefix . "accounts " . ((!empty($where_sql)) ? ' WHERE ' . $where_sql : '') . " GROUP BY day, year ORDER BY year, day"; - } - $db->query($query, $params); + } + $db->query($query, $params); - while ($row = $db->fetch()) { - if ($list_type == 'm') { - $date = $MSG['MON_00' . $row['month'] . 'E'] . ', ' . $row['year']; - } elseif ($list_type == 'w') { - $date = $MSG['week'] . ' ' . $row['week'] . ', ' . $row['year']; - } else { - $date = $dt->formatDate($row['paid_date']); - } - $template->assign_block_vars('accounts', array( - 'DATE' => $date, - 'AMOUNT' => $system->print_money($row['amount']), - 'TOTAL' => ((!empty($row['total'])) ? $row['total'] : '') - )); - } -} else { - $_SESSION['RETURN_LIST'] = 'accounts.php'; - $_SESSION['RETURN_LIST_OFFSET'] = $PAGE; - $show_pagnation = true; + $bg = ''; + while ($row = $db->fetch()) + { + if ($list_type == 'm') + { + $date = $MSG['MON_00' . $row['month'] . 'E'] . ', ' . $row['year']; + } + elseif ($list_type == 'w') + { + $date = $MSG['828'] . ' ' . $row['week'] . ', ' . $row['year']; + } + else + { + $date = FormatDate($row['paid_date']); + } + $template->assign_block_vars('accounts', array( + 'DATE' => $date, + 'AMOUNT' => $system->print_money($row['amount']), + 'BG' => $bg, + 'TOTAL' => ((!empty($row['total'])) ? $row['total'] : '') + )); + $bg = ($bg == '') ? 'class="bg"' : ''; + } +} +else +{ + $_SESSION['RETURN_LIST'] = 'accounts.php'; + $_SESSION['RETURN_LIST_OFFSET'] = $PAGE; + $show_pagnation = true; - $query = "SELECT COUNT(id) As accounts FROM " . $DBPrefix . "accounts" . ((!empty($where_sql)) ? ' WHERE ' . $where_sql : ''); - $db->direct_query($query); - $num_accounts = $db->numrows(); - $PAGES = ($num_accounts == 0) ? 1 : ceil($num_accounts / $system->SETTINGS['perpage']); - $query = "SELECT * FROM " . $DBPrefix . "accounts + $query = "SELECT COUNT(id) As accounts FROM " . $DBPrefix . "accounts" . ((!empty($where_sql)) ? ' WHERE ' . $where_sql : ''); + $db->direct_query($query); + $num_accounts = $db->numrows(); + $PAGES = ($num_accounts == 0) ? 1 : ceil($num_accounts / $system->SETTINGS['perpage']); + $query = "SELECT * FROM " . $DBPrefix . "accounts " . ((!empty($where_sql)) ? ' WHERE ' . $where_sql : '') . " ORDER BY paid_date LIMIT " . $OFFSET . ", " . $system->SETTINGS['perpage']; - $db->direct_query($query); + $db->direct_query($query); - while ($row = $db->fetch()) { - $template->assign_block_vars('accounts', array( - 'ID' => $row['id'], - 'NICK' => $row['nick'], - 'RNAME' => $row['name'], - 'DATE' => $dt->formatDate($row['paid_date'], 'd F Y - H:i'), - 'AMOUNT' => $system->print_money($row['amount']), - 'TEXT' => $row['text'] - )); - } + $bg = ''; + while ($row = $db->fetch()) + { + $template->assign_block_vars('accounts', array( + 'ID' => $row['id'], + 'NICK' => $row['nick'], + 'RNAME' => $row['name'], + 'DATE' => ArrangeDateNoCorrection($row['paid_date']), + 'AMOUNT' => $system->print_money($row['amount']), + 'TEXT' => $row['text'], + 'BG' => $bg + )); + $bg = ($bg == '') ? 'class="bg"' : ''; + } } // get pagenation $PREV = intval($PAGE - 1); $NEXT = intval($PAGE + 1); -if ($PAGES > 1) { - $LOW = $PAGE - 5; - if ($LOW <= 0) { - $LOW = 1; - } - $COUNTER = $LOW; - while ($COUNTER <= $PAGES && $COUNTER < ($PAGE + 6)) { - $template->assign_block_vars('pages', array( - 'PAGE' => ($PAGE == $COUNTER) ? '' . $COUNTER . '' : '' . $COUNTER . '' - )); - $COUNTER++; - } +if ($PAGES > 1) +{ + $LOW = $PAGE - 5; + if ($LOW <= 0) $LOW = 1; + $COUNTER = $LOW; + while ($COUNTER <= $PAGES && $COUNTER < ($PAGE + 6)) + { + $template->assign_block_vars('pages', array( + 'PAGE' => ($PAGE == $COUNTER) ? '' . $COUNTER . '' : '' . $COUNTER . '' + )); + $COUNTER++; + } } $template->assign_vars(array( - 'TYPE' => $list_type, - 'FROM_DATE' => ($from_date == 0) ? '' : $from_date, - 'TO_DATE' => ($to_date == 0) ? '' : $to_date, - 'PAGNATION' => $show_pagnation, - 'PREV' => ($PAGES > 1 && $PAGE > 1) ? '' . $MSG['5119'] . '  ' : '', - 'NEXT' => ($PAGE < $PAGES) ? '' . $MSG['5120'] . '' : '', - 'PAGE' => $PAGE, - 'PAGES' => $PAGES - )); + 'TYPE' => $list_type, + 'FROM_DATE' => ($from_date == 0) ? '' : $from_date, + 'TO_DATE' => ($to_date == 0) ? '' : $to_date, + 'PAGNATION' => $show_pagnation, + 'PREV' => ($PAGES > 1 && $PAGE > 1) ? '' . $MSG['5119'] . '  ' : '', + 'NEXT' => ($PAGE < $PAGES) ? '' . $MSG['5120'] . '' : '', + 'PAGE' => $PAGE, + 'PAGES' => $PAGES + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'accounts.tpl' - )); + 'body' => 'accounts.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/activatenewsletter.php b/admin/activatenewsletter.php old mode 100644 new mode 100755 index f39b0fb5c..4b100f93b --- a/admin/activatenewsletter.php +++ b/admin/activatenewsletter.php @@ -1,6 +1,6 @@ writesetting('newsletter', $_POST['newsletter'], 'int'); - - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['newsletter_settings_updated'])); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // clean submission and update database + $system->writesetting("newsletter", intval($_POST['newsletter']),"int"); + + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['30_0049'])); } -loadblock($MSG['activate_newsletter'], $MSG['activate_newsletter_explain'], 'batch', 'newsletter', $system->SETTINGS['newsletter'], array($MSG['yes'], $MSG['no'])); +loadblock($MSG['603'], $MSG['604'], 'batch', 'newsletter', $system->SETTINGS['newsletter'], array($MSG['030'], $MSG['029'])); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0010'], - 'PAGENAME' => $MSG['25_0079'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0010'], + 'PAGENAME' => $MSG['25_0079'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; diff --git a/admin/addnew.php b/admin/addnew.php old mode 100644 new mode 100755 index cc0033dc7..c598c6090 --- a/admin/addnew.php +++ b/admin/addnew.php @@ -1,6 +1,6 @@ assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_112)); - } else { - $query = "INSERT INTO " . $DBPrefix . "news (title, content, suspended) - VALUES (:title, :content, :suspended)"; - $params = array(); - $params[] = array(':title', $system->cleanvars($_POST['title'][$system->SETTINGS['defaultlanguage']]), 'str'); - $params[] = array(':content', $system->cleanvars($_POST['content'][$system->SETTINGS['defaultlanguage']], true), 'str'); - $params[] = array(':suspended', $_POST['suspended'], 'int'); - $db->query($query, $params); - $news_id = $db->lastInsertId(); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // Data check + if (!isset($_POST['title']) || !isset($_POST['content'])) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_112)); + } + else + { + // clean up everything + foreach ($_POST['title'] as $k => $v) + { + $_POST['title'][$k] = $system->cleanvars($v); + $_POST['content'][$k] = $system->cleanvars($_POST['content'][$k], true); + } - // Insert into translation table - foreach ($LANGUAGES as $k => $v) { - $query = "INSERT INTO " . $DBPrefix . "news_translated VALUES (:news_id, :lang, :title, :content)"; - $params = array(); - $params[] = array(':title', $system->cleanvars($_POST['title'][$k]), 'str'); - $params[] = array(':content', $system->cleanvars($_POST['content'][$k], true), 'str'); - $params[] = array(':lang', $k, 'str'); - $params[] = array(':news_id', $news_id, 'int'); - $db->query($query, $params); - } - header('location: news.php'); - exit; - } + $query = "INSERT INTO " . $DBPrefix . "news VALUES (NULL, :title, :content, :time, :suspended)"; + $params = array(); + $params[] = array(':title', $system->cleanvars($_POST['title'][$system->SETTINGS['defaultlanguage']]), 'str'); + $params[] = array(':content', $system->cleanvars($_POST['content'][$system->SETTINGS['defaultlanguage']], true), 'str'); + $params[] = array(':time', time(), 'int'); + $params[] = array(':suspended', $_POST['suspended'], 'int'); + $db->query($query, $params); + $news_id = $db->lastInsertId(); + + // Insert into translation table + foreach ($LANGUAGES as $k => $v) + { + $query = "INSERT INTO " . $DBPrefix . "news_translated VALUES (:news_id, :lang, :title, :content)"; + $params = array(); + $params[] = array(':title', $system->cleanvars($_POST['title'][$k]), 'str'); + $params[] = array(':content', $system->cleanvars($_POST['content'][$k], true), 'str'); + $params[] = array(':lang', $k, 'str'); + $params[] = array(':news_id', $news_id, 'int'); + $db->query($query, $params); + } + header('location: news.php'); + exit; + } } $CKEditor = new CKEditor(); @@ -54,26 +66,28 @@ $CKEditor->config['width'] = 550; $CKEditor->config['height'] = 400; -foreach ($LANGUAGES as $k => $language) { - $template->assign_block_vars('lang', array( - 'LANG' => $language, - 'TITLE' => (isset($_POST['title'][$k])) ? $_POST['title'][$k] : '', - 'CONTENT' => $CKEditor->editor('content[' . $k . ']', (isset($_POST['content'][$k]) ? $_POST['content'][$k] : '')) - )); +foreach ($LANGUAGES as $k => $language) +{ + $template->assign_block_vars('lang', array( + 'LANG' => $language, + 'TITLE' => (isset($_POST['title'][$k])) ? $_POST['title'][$k] : '', + 'CONTENT' => $CKEditor->editor('content[' . $k . ']', (isset($_POST['content'][$k]) ? $_POST['content'][$k] : '')) + )); } $template->assign_vars(array( - 'TITLE' => $MSG['518'], - 'BUTTON' => $MSG['518'], - 'ID' => '', // inserting new user so needs to be blank + 'TITLE' => $MSG['518'], + 'BUTTON' => $MSG['518'], + 'ID' => '', // inserting new user so needs to be blank - 'B_ACTIVE' => ((isset($_POST['suspended']) && $_POST['suspended'] == 0) || !isset($_POST['suspended'])), - 'B_INACTIVE' => (isset($_POST['suspended']) && $_POST['suspended'] == 1) - )); + 'B_ACTIVE' => ((isset($_POST['suspended']) && $_POST['suspended'] == 0) || !isset($_POST['suspended'])), + 'B_INACTIVE' => (isset($_POST['suspended']) && $_POST['suspended'] == 1) + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'addnew.tpl' - )); + 'body' => 'addnew.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/adminusers.php b/admin/adminusers.php old mode 100644 new mode 100755 index 8674293b3..07f314011 --- a/admin/adminusers.php +++ b/admin/adminusers.php @@ -1,6 +1,6 @@ assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['1100'])); - } else { - $query = "DELETE FROM " . $DBPrefix . "adminusers WHERE id IN (:delete)"; - $params = array(); - $params[] = array(':delete', implode(',', $_POST['delete']), 'str'); - $db->query($query, $params); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['1101'])); - } +if (isset($_POST['delete']) && is_array($_POST['delete'])) +{ + if (in_array($_SESSION['WEBID_ADMIN_IN'], $_POST['delete'])) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['1100'])); + } + else + { + $query = "DELETE FROM " . $DBPrefix . "adminusers WHERE id IN (:delete)"; + $params = array(); + $params[] = array(':delete', implode(',', $_POST['delete']), 'str'); + $db->query($query, $params); + } } $STATUS = array( - 0 => '' . $MSG['567'] . '', - 1 => '' . $MSG['566'] . '' + 0 => '' . $MSG['567'] . '', + 1 => '' . $MSG['566'] . '' ); $query = "SELECT * FROM " . $DBPrefix . "adminusers ORDER BY username"; $db->direct_query($query); -while ($User = $db->fetch()) { - $created = $dt->printDateTz($User['created']); - if ($User['lastlogin'] == $User['created']) { - $lastlogin = $MSG['570']; - } else { - $lastlogin = $dt->printDateTz($User['lastlogin']); - } - $template->assign_block_vars('users', array( - 'ID' => $User['id'], - 'USERNAME' => $User['username'], - 'STATUS' => $STATUS[$User['status']], - 'CREATED' => $created, - 'LASTLOGIN' => $lastlogin - )); +$bg = ''; +while ($User = $db->fetch()) +{ + $created = substr($User['created'], 4, 2) . '/' . substr($User['created'], 6, 2) . '/' . substr($User['created'], 0, 4); + if ($User['lastlogin'] == 0) + { + $lastlogin = $MSG['570']; + } + else + { + $lastlogin = date('d/m/Y H:i:s', $User['lastlogin'] + $system->tdiff); + } + $template->assign_block_vars('users', array( + 'ID' => $User['id'], + 'USERNAME' => $User['username'], + 'STATUS' => $STATUS[$User['status']], + 'CREATED' => $created, + 'LASTLOGIN' => $lastlogin, + 'BG' => $bg + )); + $bg = ($bg == '') ? 'class="bg"' : ''; } include 'header.php'; $template->set_filenames(array( - 'body' => 'adminusers.tpl' - )); + 'body' => 'adminusers.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/analytics.php b/admin/analytics.php old mode 100644 new mode 100755 index 426d9e165..bcefaceac --- a/admin/analytics.php +++ b/admin/analytics.php @@ -1,6 +1,6 @@ assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['google_analytics_updated'])); } -loadblock($MSG['analytics_tracking_code'], $MSG['analytics_tracking_code_hint'], 'textarea', 'trackingcode', $system->SETTINGS['googleanalytics']); +loadblock($MSG['google_analytics_tracking_code'], $MSG['google_analytics_tracking_code_hint'], 'textarea', 'trackingcode', $system->SETTINGS['googleanalytics']); $template->assign_vars(array( 'SITEURL' => $system->SETTINGS['siteurl'], 'TYPENAME' => $MSG['25_0023'], - 'PAGENAME' => $MSG['analytics'], + 'PAGENAME' => $MSG['google_analytics'], )); include 'header.php'; @@ -40,3 +40,4 @@ )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/auctions.php b/admin/auctions.php old mode 100644 new mode 100755 index a948902a5..861cadec3 --- a/admin/auctions.php +++ b/admin/auctions.php @@ -1,6 +1,6 @@ assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['error_numeric_values'])); - } elseif ($_POST['maxpicturesize'] == 0) { - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['error_max_pic_size_zero'])); - } elseif (!empty($_POST['maxpicturesize']) && !intval($_POST['maxpicturesize'])) { - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['error_max_pic_size_numeric'])); - } elseif (!empty($_POST['maxpictures']) && !intval($_POST['maxpictures'])) { - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['error_max_num_pics_numeric'])); - } else { - $system->writesetting("proxy_bidding", ynbool($_POST['proxy_bidding']), 'str'); - $system->writesetting("edit_starttime", $_POST['edit_starttime'], 'int'); - $system->writesetting("edit_endtime", $_POST['edit_endtime'], 'int'); - $system->writesetting("cust_increment", $_POST['cust_increment'], 'int'); - $system->writesetting("hours_countdown", $_POST['hours_countdown'], 'int'); - $system->writesetting("ao_hpf_enabled", ynbool($_POST['ao_hpf_enabled']), 'str'); - $system->writesetting("ao_hi_enabled", ynbool($_POST['ao_hi_enabled']), 'str'); - $system->writesetting("ao_bi_enabled", ynbool($_POST['ao_bi_enabled']), 'str'); - $system->writesetting("subtitle", ynbool($_POST['subtitle']), 'str'); - $system->writesetting("extra_cat", ynbool($_POST['extra_cat']), 'str'); - $system->writesetting("autorelist", ynbool($_POST['autorelist']), 'str'); - $system->writesetting("autorelist_max", $_POST['autorelist_max'], 'int'); - $system->writesetting("ae_status", ynbool($_POST['status']), 'str'); - $system->writesetting("ae_timebefore", $_POST['timebefore'], 'int'); - $system->writesetting("ae_extend", $_POST['extend'], 'int'); - $system->writesetting("picturesgallery", $_POST['picturesgallery'], 'int'); - $system->writesetting("maxpictures", $_POST['maxpictures'], 'int'); - $system->writesetting("maxuploadsize", ($_POST['maxpicturesize'] * 1024), 'int'); - $system->writesetting("thumb_show", $_POST['thumb_show'], 'int'); - $system->writesetting("gallery_max_width_height", $_POST['gallery_max_width_height'], 'int'); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + if ($_POST['status'] == 'enabled' && (!is_numeric($_POST['timebefore']) || !is_numeric($_POST['extend']))) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['2_0038'])); + } + elseif ($_POST['maxpicturesize'] == 0) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_707)); + } + elseif (!empty($_POST['maxpicturesize']) && !intval($_POST['maxpicturesize'])) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_708)); + } + elseif (!empty($_POST['maxpictures']) && !intval($_POST['maxpictures'])) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_706)); + } + else + { + $system->writesetting("proxy_bidding",ynbool($_POST['proxy_bidding']), 'str'); + $system->writesetting("edit_starttime", $_POST['edit_starttime'], 'int'); + $system->writesetting("edit_endtime", $_POST['edit_endtime'], 'int'); + $system->writesetting("cust_increment", $_POST['cust_increment'], 'int'); + $system->writesetting("hours_countdown", $_POST['hours_countdown'], 'int'); + $system->writesetting("ao_hpf_enabled", ynbool($_POST['ao_hpf_enabled']), 'str'); + $system->writesetting("ao_hi_enabled", ynbool($_POST['ao_hi_enabled']), 'str'); + $system->writesetting("ao_bi_enabled", ynbool($_POST['ao_bi_enabled']), 'str'); + $system->writesetting("subtitle", ynbool($_POST['subtitle']), 'str'); + $system->writesetting("extra_cat", ynbool($_POST['extra_cat']), 'str'); + $system->writesetting("autorelist", ynbool($_POST['autorelist']), 'str'); + $system->writesetting("autorelist_max", $_POST['autorelist_max'], 'int'); + $system->writesetting("ae_status", ynbool($_POST['status']), 'str'); + $system->writesetting("ae_timebefore", $_POST['timebefore'], 'int'); + $system->writesetting("ae_extend", $_POST['extend'], 'int'); + $system->writesetting("picturesgallery", $_POST['picturesgallery'], 'int'); + $system->writesetting("maxpictures", $_POST['maxpictures'], 'int'); + $system->writesetting("maxuploadsize", ($_POST['maxpicturesize'] * 1024), 'int'); + $system->writesetting("thumb_show", $_POST['thumb_show'], 'int'); + $system->writesetting("gallery_max_width_height", $_POST['gallery_max_width_height'], 'int'); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['auction_settings_updated'])); - } + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['5088'])); + } } -loadblock($MSG['enable_proxy_bidding'], $MSG['enable_proxy_bidding_explain'], 'yesno', 'proxy_bidding', $system->SETTINGS['proxy_bidding'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['enable_custom_start_date'], $MSG['enable_custom_start_date_explain'], 'batch', 'edit_starttime', $system->SETTINGS['edit_starttime'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['enable_custom_end_date'], $MSG['enable_custom_end_date_explain'], 'batch', 'edit_endtime', $system->SETTINGS['edit_endtime'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['enable_custom_increments'], $MSG['enable_custom_increments_explain'], 'batch', 'cust_increment', $system->SETTINGS['cust_increment'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['hours_until_countdown'], $MSG['hours_until_countdown_explain'], 'days', 'hours_countdown', $system->SETTINGS['hours_countdown'], array($MSG['25_0037'])); +loadblock($MSG['427'], $MSG['428'], 'yesno', 'proxy_bidding', $system->SETTINGS['proxy_bidding'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['5090'], $MSG['5089'], 'batch', 'edit_starttime', $system->SETTINGS['edit_starttime'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['allow_custom_end_date'], $MSG['allow_custom_end_date_explain'], 'batch', 'edit_endtime', $system->SETTINGS['edit_endtime'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['068'], $MSG['070'], 'batch', 'cust_increment', $system->SETTINGS['cust_increment'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['5091'], $MSG['5095'], 'days', 'hours_countdown', $system->SETTINGS['hours_countdown'], array($MSG['25_0037'])); -loadblock($MSG['additional_auction_options'], '', '', '', '', array(), true); -loadblock($MSG['enable_featured_items'], $MSG['enable_featured_items_explain'], 'yesno', 'ao_hpf_enabled', $system->SETTINGS['ao_hpf_enabled'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['enable_hightlighted_items'], $MSG['enable_hightlighted_items_explain'], 'yesno', 'ao_hi_enabled', $system->SETTINGS['ao_hi_enabled'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['enable_bold_items'], $MSG['enable_bold_items_explain'], 'yesno', 'ao_bi_enabled', $system->SETTINGS['ao_bi_enabled'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['enable_subtitles'], $MSG['enable_subtitles_explain'], 'yesno', 'subtitle', $system->SETTINGS['subtitle'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['enable_second_cat'], $MSG['enable_second_cat_explain'], 'yesno', 'extra_cat', $system->SETTINGS['extra_cat'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['enable_auto_relist'], $MSG['enable_auto_relist_explain'], 'yesno', 'autorelist', $system->SETTINGS['autorelist'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['max_relists'], $MSG['max_relists_explain'], 'days', 'autorelist_max', $system->SETTINGS['autorelist_max']); +loadblock($MSG['897'], '', '', '', '', array(), true); +loadblock($MSG['142'], $MSG['157'], 'yesno', 'ao_hpf_enabled', $system->SETTINGS['ao_hpf_enabled'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['162'], $MSG['164'], 'yesno', 'ao_hi_enabled', $system->SETTINGS['ao_hi_enabled'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['174'], $MSG['194'], 'yesno', 'ao_bi_enabled', $system->SETTINGS['ao_bi_enabled'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['797'], $MSG['798'], 'yesno', 'subtitle', $system->SETTINGS['subtitle'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['799'], $MSG['800'], 'yesno', 'extra_cat', $system->SETTINGS['extra_cat'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['849'], $MSG['850'], 'yesno', 'autorelist', $system->SETTINGS['autorelist'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['851'], $MSG['852'], 'days', 'autorelist_max', $system->SETTINGS['autorelist_max']); // auction extension options -loadblock($MSG['auction_extension_settings'], '', '', '', '', array(), true); // :O -loadblock($MSG['enable_auto_extension'], $MSG['enable_auto_extension_explain'], 'yesno', 'status', $system->SETTINGS['ae_status'], array($MSG['yes'], $MSG['no'])); -$string = sprintf($MSG['auto_extend_auction_by'], '', ''); +loadblock($MSG['2_0032'], '', '', '', '', array(), true); // :O +loadblock($MSG['2_0034'], $MSG['2_0039'], 'yesno', 'status', $system->SETTINGS['ae_status'], array($MSG['030'], $MSG['029'])); +$string = $MSG['2_0035'] . '' . $MSG['2_0036'] . '' . $MSG['2_0037']; loadblock('', $string, ''); // picture gallery options loadblock($MSG['663'], '', '', '', '', array(), true); -loadblock($MSG['enable_picture_gallery'], $MSG['enable_picture_gallery_explain'], 'batch', 'picturesgallery', $system->SETTINGS['picturesgallery'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['gallery_images_allowance'], '', 'days', 'maxpictures', $system->SETTINGS['maxpictures']); -loadblock($MSG['gallery_image_max_kb'], $MSG['gallery_image_max_kb_explain'], 'decimals', 'maxpicturesize', ($system->SETTINGS['maxuploadsize'] / 1024), array($MSG['672'])); -loadblock($MSG['thumbnail_size'], $MSG['thumbnail_size_explain'], 'decimals', 'thumb_show', $system->SETTINGS['thumb_show'], array($MSG['pixels'])); -loadblock($MSG['gallery_image_max_size'], $MSG['gallery_image_max_size_explain'], 'decimals', 'gallery_max_width_height', $system->SETTINGS['gallery_max_width_height'], array($MSG['pixels'])); +loadblock($MSG['665'], $MSG['664'], 'batch', 'picturesgallery', $system->SETTINGS['picturesgallery'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['666'], '', 'days', 'maxpictures', $system->SETTINGS['maxpictures']); +loadblock($MSG['671'], $MSG['25_0187'], 'decimals', 'maxpicturesize', ($system->SETTINGS['maxuploadsize'] / 1024), array($MSG['672'])); +loadblock($MSG['25_0107'], $MSG['896'], 'decimals', 'thumb_show', $system->SETTINGS['thumb_show'], array($MSG['2__0045'])); +loadblock($MSG['gallery_image_max_size'], $MSG['gallery_image_max_size_explain'], 'decimals', 'gallery_max_width_height', $system->SETTINGS['gallery_max_width_height'], array($MSG['2__0045'])); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['5142'], - 'PAGENAME' => $MSG['auction_settings'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['5142'], + 'PAGENAME' => $MSG['5087'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/banips.php b/admin/banips.php old mode 100644 new mode 100755 index c741222df..8cd4ccafc --- a/admin/banips.php +++ b/admin/banips.php @@ -1,6 +1,6 @@ cleanvars($_POST['ip']), 'str'); - $db->query($query, $params); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['ip_banned'])); - } else { - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['error_cannot_ban_self'])); - } - } - if (isset($_POST['delete']) && is_array($_POST['delete'])) { - foreach ($_POST['delete'] as $k => $v) { - $query = "DELETE FROM " . $DBPrefix . "usersips WHERE id = :ip_id"; - $params = array(); - $params[] = array(':ip_id', $v, 'int'); - $db->query($query, $params); - } - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => sprintf($MSG['ip_bans_removed'], count($_POST['delete'])))); - } - if (isset($_POST['accept']) && is_array($_POST['accept'])) { - foreach ($_POST['accept'] as $k => $v) { - $query = "UPDATE " . $DBPrefix . "usersips SET action = 'accept' WHERE id = :ip_id"; - $params = array(); - $params[] = array(':ip_id', $v, 'int'); - $db->query($query, $params); - } - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => sprintf($MSG['ip_bans_removed'], count($_POST['accept'])))); - } - if (isset($_POST['deny']) && is_array($_POST['deny'])) { - foreach ($_POST['deny'] as $k => $v) { - if ($_POST['ip'] != $admin_ip) { - $query = "UPDATE " . $DBPrefix . "usersips SET action = 'deny' WHERE id = :ip_id"; - $params = array(); - $params[] = array(':ip_id', $v, 'int'); - $db->query($query, $params); - } else { - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['error_cannot_ban_self'])); - } - } - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => sprintf($MSG['ip_bans_added'], count($_POST['deny'])))); - } +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + if (isset($_POST['ip']) && !empty($_POST['ip'])) + { + $query = "INSERT INTO " . $DBPrefix . "usersips VALUES + (NULL, 'NOUSER', :user_ip, 'next', 'deny')"; + $params = array(); + $params[] = array(':user_ip', $system->cleanvars($_POST['ip']), 'str'); + $db->query($query, $params); + } + if (isset($_POST['delete']) && is_array($_POST['delete'])) + { + foreach ($_POST['delete'] as $k => $v) + { + $query = "DELETE FROM " . $DBPrefix . "usersips WHERE id = :ip_id"; + $params = array(); + $params[] = array(':ip_id', $v, 'int'); + $db->query($query, $params); + } + } + if (isset($_POST['accept']) && is_array($_POST['accept'])) + { + foreach ($_POST['accept'] as $k => $v) + { + $query = "UPDATE " . $DBPrefix . "usersips SET action = 'accept' WHERE id = :ip_id"; + $params = array(); + $params[] = array(':ip_id', $v, 'int'); + $db->query($query, $params); + } + } + if (isset($_POST['deny']) && is_array($_POST['deny'])) + { + foreach ($_POST['deny'] as $k => $v) + { + $query = "UPDATE " . $DBPrefix . "usersips SET action = 'deny' WHERE id = :ip_id"; + $params = array(); + $params[] = array(':ip_id', $v, 'int'); + $db->query($query, $params); + } + } } $query = "SELECT * FROM " . $DBPrefix . "usersips WHERE user = 'NOUSER'"; $db->direct_query($query); -while ($row = $db->fetch()) { - $template->assign_block_vars('ips', array( - 'ID' => $row['id'], - 'IP' => $row['ip'], - 'ACTION' => $row['action'] - )); +$bg = ''; +while ($row = $db->fetch()) +{ + $template->assign_block_vars('ips', array( + 'ID' => $row['id'], + 'IP' => $row['ip'], + 'ACTION' => $row['action'], + 'BG' => $bg + )); + $bg = ($bg == '') ? 'class="bg"' : ''; } include 'header.php'; $template->set_filenames(array( - 'body' => 'banips.tpl' - )); + 'body' => 'banips.tpl' + )); $template->display('body'); include 'footer.php'; +?> \ No newline at end of file diff --git a/admin/banners.php b/admin/banners.php old mode 100644 new mode 100755 index 864ca61c2..4d67051fb --- a/admin/banners.php +++ b/admin/banners.php @@ -1,6 +1,6 @@ writesetting("banners", $_POST['banners'], "int"); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // clean submission and update database + $system->writesetting("banners", intval($_POST['banners']), "int"); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['banner_settings_updated'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['600'])); } -loadblock($MSG['activate_banner_support'], $MSG['activate_banner_support_explain'], 'batch', 'banners', $system->SETTINGS['banners'], array($MSG['yes'], $MSG['no'])); +loadblock($MSG['597'], $MSG['_0014'], 'batch', 'banners', $system->SETTINGS['banners'], array($MSG['030'], $MSG['029'])); $template->assign_vars(array( - 'TYPENAME' => $MSG['25_0011'], - 'PAGENAME' => $MSG['banner_admin'] . ' : ' . $MSG['5205'] - )); + 'TYPENAME' => $MSG['25_0011'], + 'PAGENAME' => $MSG['_0008'] . ' : ' . $MSG['5205'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; diff --git a/admin/boards.php b/admin/boards.php old mode 100644 new mode 100755 index 5ae1f2976..14050b823 --- a/admin/boards.php +++ b/admin/boards.php @@ -1,6 +1,6 @@ $v) { - $query = "DELETE FROM " . $DBPrefix . "community WHERE id = :id"; - $params = array(array(':id', $v, 'int')); - $db->query($query, $params); - $query = "DELETE FROM " . $DBPrefix . "comm_messages WHERE boardid = :id"; - $params = array(array(':id', $v, 'int')); - $db->query($query, $params); - } +if (isset($_POST['delete']) && is_array($_POST['delete'])) +{ + foreach ($_POST['delete'] as $k => $v) + { + $query = "DELETE FROM " . $DBPrefix . "community WHERE id = :id"; + $params = array(array(':id', $v, 'int')); + $db->query($query, $params); + $query = "DELETE FROM " . $DBPrefix . "comm_messages WHERE boardid = :id"; + $params = array(array(':id', $v, 'int')); + $db->query($query, $params); + } - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['boards_removed'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['5044'])); } // get list of boards $query = "SELECT * FROM " . $DBPrefix . "community ORDER BY name"; $db->direct_query($query); -while ($row = $db->fetch()) { - $template->assign_block_vars('boards', array( - 'ID' => $row['id'], - 'NAME' => $row['name'], - 'ACTIVE' => $row['active'], - 'MSGTOSHOW' => $row['msgstoshow'], - 'MSGCOUNT' => $row['messages'] - )); +while ($row = $db->fetch()) +{ + $template->assign_block_vars('boards', array( + 'ID' => $row['id'], + 'NAME' => $row['name'], + 'ACTIVE' => $row['active'], + 'MSGTOSHOW' => $row['msgstoshow'], + 'MSGCOUNT' => $row['messages'] + )); } include 'header.php'; $template->set_filenames(array( - 'body' => 'boards.tpl' - )); + 'body' => 'boards.tpl' + )); $template->display('body'); include 'footer.php'; +?> \ No newline at end of file diff --git a/admin/boardsettings.php b/admin/boardsettings.php old mode 100644 new mode 100755 index e5d858df5..c4e4db1d1 --- a/admin/boardsettings.php +++ b/admin/boardsettings.php @@ -1,6 +1,6 @@ writesetting("boards", ynbool($_POST['boards']), "str"); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // clean submission and update database + $system->writesetting("boards", ynbool($_POST['boards']), "str"); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['msg_board_settings_updated'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['5051'])); } -loadblock($MSG['enable_message_boards'], $MSG['enable_message_boards_explain'], 'yesno', 'boards', $system->SETTINGS['boards'], array($MSG['yes'], $MSG['no'])); +loadblock($MSG['5048'], '', 'yesno', 'boards', $system->SETTINGS['boards'], array($MSG['030'], $MSG['029'])); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0018'], - 'PAGENAME' => $MSG['msg_board_settings'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0018'], + 'PAGENAME' => $MSG['5047'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); -include 'footer.php'; +include 'footer.php'; \ No newline at end of file diff --git a/admin/buyerprivacy.php b/admin/buyerprivacy.php old mode 100644 new mode 100755 index 974f08b56..5fca3c881 --- a/admin/buyerprivacy.php +++ b/admin/buyerprivacy.php @@ -1,6 +1,6 @@ writesetting("buyerprivacy", ynbool($_POST['buyerprivacy']), "str"); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // Update database + $system->writesetting("buyerprivacy", ynbool($_POST['buyerprivacy']), "str"); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['bidder_privacy_updated'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['247'])); } -loadblock($MSG['enable_bidder_privacy'], $MSG['enable_bidder_privacy_explain'], 'yesno', 'buyerprivacy', $system->SETTINGS['buyerprivacy'], array($MSG['yes'], $MSG['no'])); +loadblock($MSG['237'], $MSG['238'], 'yesno', 'buyerprivacy', $system->SETTINGS['buyerprivacy'], array($MSG['030'], $MSG['029'])); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0008'], - 'PAGENAME' => $MSG['bidder_privacy'], - 'B_TITLES' => true - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0008'], + 'PAGENAME' => $MSG['236'], + 'B_TITLES' => true + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> \ No newline at end of file diff --git a/admin/buyitnow.php b/admin/buyitnow.php old mode 100644 new mode 100755 index 0afbd0fe2..78ad91b4a --- a/admin/buyitnow.php +++ b/admin/buyitnow.php @@ -1,6 +1,6 @@ 100) ? 100 : $bn_only_percent; - $bn_only_percent = ($bn_only_percent < 0) ? 0 : $bn_only_percent; - // reset the bn_only blockers - if ($bn_only_percent > $system->SETTINGS['bn_only_percent']) { - $query = "UPDATE " . $DBPrefix . "users SET bn_only = 1 WHERE bn_only = 0"; - $db->direct_query($query); - } - - $system->writesetting("buy_now", $_POST['buy_now'], "int"); - $system->writesetting("bn_only", $_POST['bn_only'], "str"); - $system->writesetting("bn_only_disable", $_POST['bn_only_disable'], "str"); - $system->writesetting("bn_only_percent", $bn_only_percent, "int"); - - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['buy_it_now_settings_updated'])); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + $bn_only_percent = ($_POST['bn_only_percent'] > 100) ? 100 : ($_POST['bn_only_percent'] < 0) ? 0 : intval($_POST['bn_only_percent']); + // reset the bn_only blockers + if ($bn_only_percent > $system->SETTINGS['bn_only_percent']) + { + $query = "UPDATE " . $DBPrefix . "users SET bn_only = 1 WHERE bn_only = 0"; + $db->direct_query($query); + } + + $system->writesetting("buy_now", $_POST['buy_now'], "int"); + $system->writesetting("bn_only", $_POST['bn_only'], "str"); + $system->writesetting("bn_only_disable", $_POST['bn_only_disable'], "str"); + $system->writesetting("bn_only_percent", $bn_only_percent, "int"); + + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['30_0066'])); } -loadblock($MSG['enable_buy_it_now'], $MSG['enable_buy_it_now_explain'], 'batch', 'buy_now', $system->SETTINGS['buy_now'], array($MSG['no'], $MSG['yes'])); -loadblock($MSG['enable_buy_it_now_only'], $MSG['enable_buy_it_now_only_explain'], 'yesno', 'bn_only', $system->SETTINGS['bn_only'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['enable_bin_only_auto_disable'], $MSG['enable_bin_only_auto_disable_explain'], 'yesno', 'bn_only_disable', $system->SETTINGS['bn_only_disable'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['buy_it_now_only_limit'], '', 'percent', 'bn_only_percent', $system->SETTINGS['bn_only_percent'], array($MSG['357'])); +loadblock($MSG['920'], $MSG['921'], 'batch', 'buy_now', $system->SETTINGS['buy_now'], array($MSG['029'], $MSG['030'])); +loadblock($MSG['30_0064'], $MSG['30_0065'], 'yesno', 'bn_only', $system->SETTINGS['bn_only'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['355'], $MSG['358'], 'yesno', 'bn_only_disable', $system->SETTINGS['bn_only_disable'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['356'], '', 'percent', 'bn_only_percent', $system->SETTINGS['bn_only_percent'], array($MSG['357'])); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0008'], - 'PAGENAME' => $MSG['2__0025'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0008'], + 'PAGENAME' => $MSG['2__0025'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/categories.php b/admin/categories.php old mode 100644 new mode 100755 index 41e2e80e8..610a69b79 --- a/admin/categories.php +++ b/admin/categories.php @@ -1,6 +1,6 @@ get_virtual_root(); - $tree = $catscontrol->display_tree($root['left_id'], $root['right_id'], '|___'); - return $tree; + global $catscontrol; + + $root = $catscontrol->get_virtual_root(); + $tree = $catscontrol->display_tree($root['left_id'], $root['right_id'], '|___'); + return $tree; } function rebuild_cat_file() { - global $system, $DBPrefix, $db; - $query = "SELECT cat_id, cat_name, parent_id FROM " . $DBPrefix . "categories ORDER BY cat_name"; - $db->direct_query($query); - $cats = array(); - while ($catarr = $db->fetch()) { - $cats[$catarr['cat_id']] = $catarr['cat_name']; - $allcats[] = $catarr; - } - - $output = "SETTINGS['defaultlanguage'] . '/categories.inc.php', 'w'); - fputs($handle, $output); + global $system, $DBPrefix, $db; + $query = "SELECT cat_id, cat_name, parent_id FROM " . $DBPrefix . "categories ORDER BY cat_name"; + $db->direct_query($query); + $cats = array(); + while ($catarr = $db->fetch()) + { + $cats[$catarr['cat_id']] = $catarr['cat_name']; + $allcats[] = $catarr; + } + + $output = ""; + + $handle = fopen (MAIN_PATH . 'language/' . $system->SETTINGS['defaultlanguage'] . '/categories.inc.php', 'w'); + fputs($handle, $output); } -if (isset($_POST['action'])) { - if ($_POST['action'] == "Process") { - //update all categories that arnt being deleted - if (isset($_POST['categories']) && is_array($_POST['categories'])) { - foreach ($_POST['categories'] as $k => $v) { - if (!isset($_POST['delete'][$k])) { - $query = "UPDATE " . $DBPrefix . "categories SET - cat_name = :name, - cat_colour = :colour, - cat_image = :image - WHERE cat_id = :cat_id"; - $params = array(); - $params[] = array(':name', $_POST['categories'][$k], 'str'); - $params[] = array(':colour', $_POST['colour'][$k], 'str'); - $params[] = array(':image', $_POST['image'][$k], 'str'); - $params[] = array(':cat_id', $k, 'int'); - $db->query($query, $params); - } - } - } - //add category if need be - if (!empty($_POST['new_category']) && isset($_POST['parent'])) { - $add_data = array( - 'cat_name' => $_POST['new_category'], - 'cat_colour' => $_POST['cat_colour'], - 'cat_image' => $_POST['cat_image'] - ); - $catscontrol->add($_POST['parent'], 0, $add_data); - } - if (!empty($_POST['mass_add']) && isset($_POST['parent'])) { - $add = explode("\n", $_POST['mass_add']); - if (is_array($add)) { - foreach ($add as $v) { - $add_data = array('cat_name' => $v); - $catscontrol->add($_POST['parent'], 0, $add_data); - } - } - } - if (isset($_POST['delete']) && is_array($_POST['delete'])) { - // Get data from the database - $query = "SELECT COUNT(a.id) as COUNT, c.* FROM " . $DBPrefix . "categories c - LEFT JOIN " . $DBPrefix . "auctions a ON ( a.category = c.cat_id ) - WHERE c.cat_id IN (" . implode(',', $_POST['delete']) . ") - GROUP BY c.cat_id ORDER BY cat_name"; - $db->direct_query($query); - - while ($row = $db->fetch()) { - $template->assign_block_vars('categories', array( - 'ID' => $row['cat_id'], - 'NAME' => $row['cat_name'], - 'HAS_CHILDREN' => ($row['COUNT'] > 0 || $row['left_id'] != ($row['right_id'] - 1)) - )); - } - // build message - $template->assign_vars(array( - 'ERROR' => (isset($ERR)) ? $ERR : '' - )); - - $template->set_filenames(array( - 'body' => 'categoryconfirm.tpl' - )); - $template->display('body'); - include 'footer.php'; - exit; - } - rebuild_cat_file(); - include 'util_cc1.php'; - } - - if ($_POST['action'] == "Yes") { - //delete categories that are selected - if (isset($_POST['delete']) && is_array($_POST['delete'])) { - foreach ($_POST['delete'] as $k => $v) { - $k = intval($k); - if ($v == 'delete') { - //never delete categories without using this function it will mess up your database big time - $catscontrol->delete($k); - } elseif ($v == 'move') { - if (isset($_POST['moveid'][$k]) && !empty($_POST['moveid'][$k]) - && is_numeric($_POST['moveid'][$k]) && $catscontrol->check_category($_POST['moveid'][$k])) { - // first move the parent - $catscontrol->move($k, $_POST['moveid'][$k]); - // remove the parent and raise the children up a level - $catscontrol->delete($k, true); - $query = "UPDATE " . $DBPrefix . "auctions SET category = :cat_new WHERE category = :cat_old"; - $params = array(); - $params[] = array(':cat_new', $_POST['moveid'][$k], 'str'); - $params[] = array(':cat_old', $k, 'int'); - $db->query($query, $params); - } else { - $ERR = $MSG['move_category_missing_id']; - } - } - } - } - rebuild_cat_file(); - resync_category_counters(); - include 'util_cc1.php'; - } - if (isset($ERR)) { - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $ERR)); - } +if (isset($_POST['action'])) +{ + if ($_POST['action'] == "Process") + { + //update all categories that arnt being deleted + if (isset($_POST['categories']) && is_array($_POST['categories'])) + { + foreach ($_POST['categories'] as $k => $v) + { + if (!isset($_POST['delete'][$k])) + { + $query = "UPDATE " . $DBPrefix . "categories SET + cat_name = :name, + cat_colour = :colour, + cat_image = :image + WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':name', $_POST['categories'][$k], 'str'); + $params[] = array(':colour', $_POST['colour'][$k], 'str'); + $params[] = array(':image', $_POST['image'][$k], 'str'); + $params[] = array(':cat_id', $k, 'int'); + $db->query($query, $params); + } + } + } + //add category if need be + if (!empty($_POST['new_category']) && isset($_POST['parent'])) + { + $add_data = array( + 'cat_name' => $_POST['new_category'], + 'cat_colour' => $_POST['cat_colour'], + 'cat_image' => $_POST['cat_image'] + ); + $catscontrol->add($_POST['parent'], 0, $add_data); + } + if (!empty($_POST['mass_add']) && isset($_POST['parent'])) + { + $add = explode("\n", $_POST['mass_add']); + if (is_array($add)) + { + foreach ($add as $v) + { + $add_data = array('cat_name' => $v); + $catscontrol->add($_POST['parent'], 0, $add_data); + } + } + } + if (isset($_POST['delete']) && is_array($_POST['delete'])) + { + // Get data from the database + $query = "SELECT COUNT(a.id) as COUNT, c.* FROM " . $DBPrefix . "categories c + LEFT JOIN " . $DBPrefix . "auctions a ON ( a.category = c.cat_id ) + WHERE c.cat_id IN (" . implode(',', $_POST['delete']) . ") + GROUP BY c.cat_id ORDER BY cat_name"; + $db->direct_query($query); + + $message = $MSG['843'] . ''; + $names = array(); + $counter = 0; + while ($row = $db->fetch()) + { + if ($row['COUNT'] > 0 || $row['left_id'] != ($row['right_id'] - 1)) + { + $names[] = $row['cat_name']; + $message .= ''; + $message .= ''; + $message .= ''; + $message .= ''; + $counter++; + } + else + { + $names[] = $row['cat_name'] . ''; + } + } + $message .= '
' . $row['cat_name'] . ''; + $message .= ''; + $message .= '
'; + // build message + $template->assign_vars(array( + 'ERROR' => (isset($ERR)) ? $ERR : '', + 'ID' => '', + 'MESSAGE' => (($counter > 0) ? $message : '') . '

' . $MSG['838'] . implode(', ', $names) . '

', + 'TYPE' => 1 + )); + + $template->set_filenames(array( + 'body' => 'confirm.tpl' + )); + $template->display('body'); + include 'footer.php'; + exit; + } + rebuild_cat_file(); + include 'util_cc1.php'; + } + + if ($_POST['action'] == "Yes") + { + //delete categories that are selected + if (isset($_POST['delete']) && is_array($_POST['delete'])) + { + foreach ($_POST['delete'] as $k => $v) + { + $k = intval($k); + if ($v == 'delete') + { + //never delete categories without using this function it will mess up your database big time + $catscontrol->delete($k); + } + elseif ($v == 'move') + { + if (isset($_POST['moveid'][$k]) && !empty($_POST['moveid'][$k]) + && is_numeric($_POST['moveid'][$k]) && $catscontrol->check_category($_POST['moveid'][$k])) + { + // first move the parent + $catscontrol->move($k, $_POST['moveid'][$k]); + // remove the parent and raise the children up a level + $catscontrol->delete($k, true); + $query = "UPDATE " . $DBPrefix . "auctions SET category = :cat_new WHERE category = :cat_old"; + $params = array(); + $params[] = array(':cat_new', $_POST['moveid'][$k], 'str'); + $params[] = array(':cat_old', $k, 'int'); + $db->query($query, $params); + } + else + { + $ERR = $MSG['844']; + } + } + } + } + rebuild_cat_file(); + resync_category_counters(); + include 'util_cc1.php'; + } + if (!isset($ERR)) + { + $ERR = $MSG['086']; + } } -//show the page -if (!isset($_GET['parent'])) { - $query = "SELECT left_id, right_id, level, cat_id FROM " . $DBPrefix . "categories WHERE parent_id = -1"; - $params = array(); -} else { - $parent = intval($_GET['parent']); - $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :parent_id"; - $params = array(); - $params[] = array(':parent_id', $parent, 'int'); +//show the page... +if (!isset($_GET['parent'])) +{ + $query = "SELECT left_id, right_id, level, cat_id FROM " . $DBPrefix . "categories WHERE parent_id = -1"; + $params = array(); +} +else +{ + $parent = intval($_GET['parent']); + $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :parent_id"; + $params = array(); + $params[] = array(':parent_id', $parent, 'int'); } $db->query($query, $params); $parent_node = $db->result(); -if (!isset($_GET['parent'])) { - $parent = $parent_node['cat_id']; +if (!isset($_GET['parent'])) +{ + $parent = $parent_node['cat_id']; } $crumb_string = ''; -if ($parent != 0) { - $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); - for ($i = 0; $i < count($crumbs); $i++) { - $template->assign_block_vars('crumbs', array( - 'CAT_ID' => $crumbs[$i]['cat_id'], - 'CAT_NAME' => $crumbs[$i]['cat_name'] - )); - } +if ($parent != 0) +{ + $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); + for ($i = 0; $i < count($crumbs); $i++) + { + if ($i > 0) + { + $crumb_string .= ' > '; + } + $crumb_string .= '' . $crumbs[$i]['cat_name'] . ''; + } } $children = $catscontrol->get_children($parent_node['left_id'], $parent_node['right_id'], $parent_node['level']); -for ($i = 0; $i < count($children); $i++) { - $child = $children[$i]; - $template->assign_block_vars('cats', array( - 'CAT_ID' => $child['cat_id'], - 'CAT_NAME' => htmlspecialchars($child['cat_name']), - 'CAT_COLOUR' => $child['cat_colour'], - 'CAT_IMAGE' => $child['cat_image'], - - 'B_SUBCATS' => ($child['left_id'] != ($child['right_id'] - 1)), - 'B_AUCTIONS' => ($child['counter'] > 0) - )); +for ($i = 0; $i < count($children); $i++) +{ + $child = $children[$i]; + $template->assign_block_vars('cats', array( + 'CAT_ID' => $child['cat_id'], + 'CAT_NAME' => htmlspecialchars($child['cat_name']), + 'CAT_COLOUR' => $child['cat_colour'], + 'CAT_IMAGE' => $child['cat_image'], + + 'B_SUBCATS' => ($child['left_id'] != ($child['right_id'] - 1)), + 'B_AUCTIONS' => ($child['counter'] > 0) + )); } $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'CRUMBS' => $crumb_string, - 'PARENT' => $parent - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'CRUMBS' => $crumb_string, + 'PARENT' => $parent + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'categories.tpl' - )); + 'body' => 'categories.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/categoriestrans.php b/admin/categoriestrans.php old mode 100644 new mode 100755 index 6e8490fb5..6c35a6834 --- a/admin/categoriestrans.php +++ b/admin/categoriestrans.php @@ -1,6 +1,6 @@ SETTINGS['defaultlanguage']; +$lang = (isset($_GET['lang'])) ? $_GET['lang'] : 'EN'; $catscontrol = new MPTTcategories(); -function search_cats() +function search_cats($parent_id, $level) { - global $catscontrol; - $catstr = ''; - $root = $catscontrol->get_virtual_root(); - $tree = $catscontrol->display_tree($root['left_id'], $root['right_id'], '|___'); - foreach ($tree as $k => $v) { - $v = str_replace("'", "\'", $v); - $catstr .= ",\n" . $k . " => '" . addslashes($v) . "'"; - } - return $catstr; + global $catscontrol; + $catstr = ''; + $root = $catscontrol->get_virtual_root(); + $tree = $catscontrol->display_tree($root['left_id'], $root['right_id'], '|___'); + foreach ($tree as $k => $v) + { + $v = str_replace("'", "\'", $v); + $catstr .= ",\n" . $k . " => '" . addslashes($v) . "'"; + } + return $catstr; } function rebuild_cat_file($cats) { - global $lang; - $output = " $v) { - $v = str_replace("'", "\'", $v); - $output .= "$k => '$v'"; - $i++; - if ($i < $num_rows) { - $output .= ",\n"; - } else { - $output .= "\n"; - } - } + $i = 0; + foreach ($cats as $k => $v) + { + $v = str_replace("'", "\'", $v); + $output .= "$k => '$v'"; + $i++; + if ($i < $num_rows) + $output .= ",\n"; + else + $output .= "\n"; + } - $output .= ");\n\n"; + $output .= ");\n\n"; - $output .= "$" . "category_plain = array(\n0 => ''"; + $output .= "$" . "category_plain = array(\n0 => ''"; - $output .= search_cats(); + $output .= search_cats(0, 0); - $output .= ");"; + $output .= ");\n?>"; - $handle = fopen(MAIN_PATH . 'language/' . $lang . '/categories.inc.php', 'w'); - fputs($handle, $output); - fclose($handle); + $handle = fopen (MAIN_PATH . 'language/' . $lang . '/categories.inc.php', 'w'); + fputs($handle, $output); + fclose($handle); } -if (isset($_POST['categories'])) { - rebuild_cat_file($_POST['categories']); - include 'util_cc1.php'; +if (isset($_POST['categories'])) +{ + rebuild_cat_file($_POST['categories']); + include 'util_cc1.php'; } include MAIN_PATH . 'language/' . $lang . '/categories.inc.php'; $query = "SELECT cat_id, cat_name FROM " . $DBPrefix . "categories ORDER BY cat_name"; $db->direct_query($query); -while ($row = $db->fetch()) { - // set category data - $template->assign_block_vars('cats', array( - 'CAT_ID' => $row['cat_id'], - 'CAT_NAME' => htmlspecialchars($row['cat_name']), - 'TRAN_CAT' => isset($category_names[$row['cat_id']])? $category_names[$row['cat_id']] : '' - )); +$bg = ''; +while ($row = $db->fetch()) +{ + // set category data + $template->assign_block_vars('cats', array( + 'CAT_ID' => $row['cat_id'], + 'CAT_NAME' => htmlspecialchars($row['cat_name']), + 'TRAN_CAT' => isset($category_names[$row['cat_id']])? $category_names[$row['cat_id']] : '', + 'BG' => $bg + )); + $bg = ($bg == '') ? 'class="bg"' : ''; } $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'categoriestrans.tpl' - )); + 'body' => 'categoriestrans.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/catsorting.php b/admin/catsorting.php old mode 100644 new mode 100755 index 4a7f8830c..7e5f9bddb --- a/admin/catsorting.php +++ b/admin/catsorting.php @@ -1,6 +1,6 @@ writesetting("catsorting", $system->cleanvars($_POST['catsorting']), "str"); - $system->writesetting("catstoshow", $_POST['catstoshow'], "int"); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // clean submission and update database + $system->writesetting("catsorting", $system->cleanvars($_POST['catsorting']), "str"); + $system->writesetting("catstoshow", intval($_POST['catstoshow']),"int"); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['category_sorting_updated'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['25_0150'])); } -loadblock('', $MSG['category_sorting_explain'], 'sortstacked', 'catsorting', $system->SETTINGS['catsorting'], array($MSG['category_sorting_alpha'], $MSG['category_sorting_count'])); -loadblock($MSG['categories_to_show'], $MSG['categories_to_show_explain'], 'percent', 'catstoshow', $system->SETTINGS['catstoshow']); +loadblock('', $MSG['25_0147'], 'sortstacked', 'catsorting', $system->SETTINGS['catsorting'], array($MSG['25_0148'], $MSG['25_0149'])); +loadblock($MSG['30_0030'], $MSG['30_0029'], 'percent', 'catstoshow', $system->SETTINGS['catstoshow']); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0008'], - 'PAGENAME' => $MSG['category_sorting'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0008'], + 'PAGENAME' => $MSG['25_0146'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/checkversion.php b/admin/checkversion.php old mode 100644 new mode 100755 index 309a6d2ab..950414a84 --- a/admin/checkversion.php +++ b/admin/checkversion.php @@ -1,6 +1,6 @@ SETTINGS['version_check']) { - case 'unstable': - $url = 'http://raw.githubusercontent.com/renlok/WeBid/dev/install/thisversion.txt'; - break; - default: - $url = 'http://raw.githubusercontent.com/renlok/WeBid/master/install/thisversion.txt'; - break; -} -if (!($realversion = load_file_from_url($url))) { - $text = $MSG['error_file_access_disabled']; - $realversion = $MSG['unknown']; - $myversion = $system->SETTINGS['version']; -} else { - if (version_compare($system->SETTINGS['version'], $realversion, "<")) { - $myversion = '' . $system->SETTINGS['version'] . ''; - $text = $MSG['outdated_version']; - } else { - $myversion = '' . $system->SETTINGS['version'] . ''; - $text = $MSG['current_version']; - } +if (!($realversion = load_file_from_url('http://www.webidsupport.com/version.txt'))) +{ + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_25_0002)); + $realversion = 'Unknown'; } +if (version_compare($system->SETTINGS['version'], $realversion, "<")) +{ + $myversion = '' . $system->SETTINGS['version'] . ''; + $text = $MSG['30_0211']; +} +else +{ + $myversion = '' . $system->SETTINGS['version'] . ''; + $text = $MSG['30_0212']; +} $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TEXT' => $text, - 'MYVERSION' => $myversion, - 'REALVERSION' => $realversion - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TEXT' => $text, + 'MYVERSION' => $myversion, + 'REALVERSION' => $realversion + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'checkversion.tpl' - )); + 'body' => 'checkversion.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/clear_image_cache.php b/admin/clear_image_cache.php old mode 100644 new mode 100755 index fd5ac1537..57ceba98b --- a/admin/clear_image_cache.php +++ b/admin/clear_image_cache.php @@ -1,6 +1,6 @@ assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['image_cache_cleared'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['30_0033'])); } $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'clear_image_cache.tpl' - )); + 'body' => 'clear_image_cache.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/clearcache.php b/admin/clearcache.php old mode 100644 new mode 100755 index ae04a9628..5bffd5cb1 --- a/admin/clearcache.php +++ b/admin/clearcache.php @@ -1,6 +1,6 @@ assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['cache_cleared'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['30_0033'])); } $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'clearcache.tpl' - )); + 'body' => 'clearcache.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/contactseller.php b/admin/contactseller.php old mode 100644 new mode 100755 index 8ba777e9a..dbef7463a --- a/admin/contactseller.php +++ b/admin/contactseller.php @@ -1,6 +1,6 @@ writesetting("contactseller", $system->cleanvars($_POST['contactseller']), "str"); - $system->writesetting("users_email", ynbool($_POST['users_email']), 'str'); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // clean submission and update database + $system->writesetting("contactseller", $system->cleanvars($_POST['contactseller']), "str"); + $system->writesetting("users_email", ynbool($_POST['users_email']), 'str'); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['25_0155'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['25_0155'])); } -loadblock($MSG['contact_seller'], $MSG['contact_seller_explain'], 'select3contact', 'contactseller', $system->SETTINGS['contactseller'], array($MSG['contact_seller_anyone'], $MSG['contact_seller_users_only'], $MSG['contact_seller_disabled'])); -loadblock($MSG['hide_user_emails'], $MSG['hide_user_emails_explain'], 'yesno', 'users_email', $system->SETTINGS['users_email'], array($MSG['yes'], $MSG['no'])); +loadblock($MSG['25_0216'], $MSG['25_0217'], 'select3contact', 'contactseller', $system->SETTINGS['contactseller'], array($MSG['25_0218'], $MSG['25_0219'], $MSG['25_0220'])); +loadblock($MSG['30_0085'], $MSG['30_0084'], 'yesno', 'users_email', $system->SETTINGS['users_email'], array($MSG['030'], $MSG['029'])); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0008'], - 'PAGENAME' => $MSG['contact_seller'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0008'], + 'PAGENAME' => $MSG['25_0216'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/cookiespolicy.php b/admin/cookiespolicy.php index 8c9f0dfd9..720624a40 100755 --- a/admin/cookiespolicy.php +++ b/admin/cookiespolicy.php @@ -1,50 +1,52 @@ -writesetting("cookiespolicy", ynbool($_POST['cookiespolicy']), "str"); - $system->writesetting("cookiespolicytext", $system->cleanvars($_POST['cookiespolicytext'], true), "str"); - - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['cookie_policy_updated'])); -} -loadblock($MSG['enable_cookie_policy'], $MSG['enable_cookie_policy_explain'], 'yesno', 'cookiespolicy', $system->SETTINGS['cookiespolicy'], array($MSG['yes'], $MSG['no'])); - -$CKEditor = new CKEditor(); -$CKEditor->basePath = $system->SETTINGS['siteurl'] . '/js/ckeditor/'; -$CKEditor->returnOutput = true; -$CKEditor->config['width'] = 550; -$CKEditor->config['height'] = 400; - -loadblock($MSG['cookie_policy_content'], $MSG['editor_help'], $CKEditor->editor('cookiespolicytext', $system->SETTINGS['cookiespolicytext'])); - -$template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0018'], - 'PAGENAME' => $MSG['cookie_policy'] - )); - -include 'header.php'; -$template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); -$template->display('body'); -include 'footer.php'; +writesetting("cookiespolicy", ynbool($_POST['cookiespolicy']), "str"); + $system->writesetting("cookiespolicytext", $system->cleanvars($_POST['cookiespolicytext'], true), "str"); + + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['1115'])); +} +loadblock($MSG['1111'], $MSG['1112'], 'yesno', 'cookiespolicy', $system->SETTINGS['cookiespolicy'], array($MSG['030'], $MSG['029'])); + +$CKEditor = new CKEditor(); +$CKEditor->basePath = $system->SETTINGS['siteurl'] . '/js/ckeditor/'; +$CKEditor->returnOutput = true; +$CKEditor->config['width'] = 550; +$CKEditor->config['height'] = 400; + +loadblock($MSG['1113'], $MSG['5080'], $CKEditor->editor('cookiespolicytext', $system->SETTINGS['cookiespolicytext'])); + +$template->assign_vars(array( + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0018'], + 'PAGENAME' => $MSG['1114'] + )); + +include 'header.php'; +$template->set_filenames(array( + 'body' => 'adminpages.tpl' + )); +$template->display('body'); +include 'footer.php'; +?> diff --git a/admin/counters.php b/admin/counters.php old mode 100644 new mode 100755 index 39ee8bca6..626ec28fa --- a/admin/counters.php +++ b/admin/counters.php @@ -1,6 +1,6 @@ writesetting("counter_auctions", isset($_POST['auctions'])? 'y' : 'n', "str"); - $system->writesetting("counter_users", isset($_POST['users'])? 'y' : 'n', "str"); - $system->writesetting("counter_online", isset($_POST['online'])? 'y' : 'n', "str"); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // clean submission + $system->writesetting("counter_auctions", isset($_POST['auctions'])? 'y' : 'n',"str"); + $system->writesetting("counter_users", isset($_POST['users'])? 'y' : 'n',"str"); + $system->writesetting("counter_online", isset($_POST['online'])? 'y' : 'n',"str"); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['counter_settings_updated'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['2__0063'])); } -loadblock($MSG['counters_shown'], $MSG['counters_shown_explain']); -loadblock($MSG['counters_active'], '', 'checkbox', 'auctions', $system->SETTINGS['counter_auctions']); -loadblock($MSG['counters_registered'], '', 'checkbox', 'users', $system->SETTINGS['counter_users']); -loadblock($MSG['counters_online'], '', 'checkbox', 'online', $system->SETTINGS['counter_online']); +loadblock($MSG['2__0062'], $MSG['2__0058']); +loadblock($MSG['2__0060'], '', 'checkbox', 'auctions', $system->SETTINGS['counter_auctions']); +loadblock($MSG['2__0061'], '', 'checkbox', 'users', $system->SETTINGS['counter_users']); +loadblock($MSG['2__0059'], '', 'checkbox', 'online', $system->SETTINGS['counter_online']); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0008'], - 'PAGENAME' => $MSG['counter_settings'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0008'], + 'PAGENAME' => $MSG['2__0057'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> \ No newline at end of file diff --git a/admin/countries.php b/admin/countries.php old mode 100644 new mode 100755 index 0d48e26c3..062da7b73 --- a/admin/countries.php +++ b/admin/countries.php @@ -1,6 +1,6 @@ 0) { - // we use a single SQL query to quickly do ALL our deletes - $query = "DELETE FROM " . $DBPrefix . "countries WHERE "; - $params = array(); +if (isset($_POST['act'])) +{ + // remove any countries that need to be + if (isset($_POST['delete']) && count($_POST['delete']) > 0) + { + // we use a single SQL query to quickly do ALL our deletes + $query = "DELETE FROM " . $DBPrefix . "countries WHERE "; + $params = array(); - // if this is the first country being deleted it don't - // precede it with an " or " in the SQL string - for ($i = 0; $i < count($_POST['delete']); $i++) { - if ($i > 0) { - $query .= " OR "; - } - $query .= "country = :country" . $i; - $params[] = array(':country' . $i, $_POST['delete'][$i], 'str'); - } - $db->query($query, $params); - } + // if this is the first country being deleted it don't + // precede it with an " or " in the SQL string + for ($i = 0; $i < count($_POST['delete']); $i++) + { + if ($i > 0) + { + $query .= " OR "; + } + $query .= "country = :country" . $i; + $params[] = array(':country' . $i, $_POST['delete'][$i], 'str'); + } + $db->query($query, $params); + } - //update countries with new names - for ($i = 0; $i < count($_POST['old_countries']); $i++) { - if ($_POST['old_countries'][$i] != $_POST['new_countries'][$i]) { - $query = "UPDATE " . $DBPrefix . "countries SET - country = :country_new - WHERE country = :country_old"; - $params = array(); - $params[] = array(':country_new', $_POST['new_countries'][$i], 'str'); - $params[] = array(':country_old', $_POST['old_countries'][$i], 'str'); - $db->query($query, $params); - } - } + //update countries with new names + for ($i = 0; $i < count($_POST['old_countries']); $i++) + { + if ($_POST['old_countries'][$i] != $_POST['new_countries'][$i]) + { + $query = "UPDATE " . $DBPrefix . "countries SET + country = :country_new + WHERE country = :country_old"; + $params = array(); + $params[] = array(':country_new', $_POST['new_countries'][$i], 'str'); + $params[] = array(':country_old', $_POST['old_countries'][$i], 'str'); + $db->query($query, $params); + } + } - // If a new country was added, insert it into database - if (!empty($_POST['new_countries'][(count($_POST['new_countries']) - 1)])) { - $query = "INSERT INTO " . $DBPrefix . "countries (country) VALUES (:country)"; - $params = array(); - $params[] = array(':country', $_POST['new_countries'][(count($_POST['new_countries']) - 1)], 'str'); - $db->query($query, $params); - } + // If a new country was added, insert it into database + if (!empty($_POST['new_countries'][(count($_POST['new_countries']) - 1)])) + { + $query = "INSERT INTO " . $DBPrefix . "countries (country) VALUES (:country)"; + $params = array(); + $params[] = array(':country', $_POST['new_countries'][(count($_POST['new_countries']) - 1)], 'str'); + $db->query($query, $params); + } - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['countries_updated'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['1028'])); } -$query = "SELECT country_id, c.country, count(u.id) AS user_count - FROM " . $DBPrefix . "countries c - LEFT JOIN " . $DBPrefix . "users u ON (c.country = u.country) - GROUP BY country_id, c.country"; +$query = "SELECT country_id, c.country, count(u.id) AS user_count + FROM " . $DBPrefix . "countries c + LEFT JOIN " . $DBPrefix . "users u ON (c.country = u.country) + GROUP BY country_id, c.country"; $db->direct_query($query); $countries = $db->fetchall(); -foreach ($countries as $country) { - $can_delete = true; - if ($country['user_count'] != 0 || $country['country'] == $system->SETTINGS['defaultcountry']) { - $can_delete = false; - } +foreach($countries as $country) +{ + $can_delete = true; + if ($country['user_count'] != 0 || $country['country'] == $system->SETTINGS['defaultcountry']) { + $can_delete = false; + } - $template->assign_block_vars('countries', array( - 'COUNTRY' => $country['country'], - 'B_CAN_DELETE' => $can_delete - )); + $template->assign_block_vars('countries', array( + 'COUNTRY' => $country['country'], + 'SELECTBOX' => ($can_delete) ? '' : 'You cannot delete this' + )); } include 'header.php'; $template->set_filenames(array( - 'body' => 'countries.tpl' - )); + 'body' => 'countries.tpl' + )); $template->display('body'); + include 'footer.php'; +?> diff --git a/admin/currency.php b/admin/currency.php old mode 100644 new mode 100755 index 77e0290d7..6aa3a5b12 --- a/admin/currency.php +++ b/admin/currency.php @@ -1,6 +1,6 @@ direct_query($query); -if ($db->numrows() > 0) { - while ($row = $db->fetch()) { - $CURRENCIES[$row['id']] = $row['symbol'] . ' ' . $row['ime'] . ' (' . $row['valuta'] . ')'; - $CURRENCIES_SYMBOLS[$row['id']] = $row['symbol']; - } +if ($db->numrows() > 0) +{ + while ($row = $db->fetch()) + { + $CURRENCIES[$row['id']] = $row['symbol'] . ' ' . $row['ime'] . ' (' . $row['valuta'] . ')'; + $CURRENCIES_SYMBOLS[$row['id']] = $row['symbol']; + } } -if (isset($_POST['action']) && $_POST['action'] == 'update') { - // Data check - if (empty($_POST['currency'])) { - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_047)); - } elseif (!empty($_POST['moneydecimals']) && !is_numeric($_POST['moneydecimals'])) { - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_051)); - } else { - if (!empty($_POST['country']) && !empty($_POST['currency_type']) && !empty($_POST['currency_abbreviation'])) { - $query = "INSERT INTO " . $DBPrefix . "rates VALUES (NULL, :country, :currency_type, :currency_abbreviation);"; - $params = array(); - $params[] = array(':country', $system->cleanvars($_POST['country']), 'str'); - $params[] = array(':currency_type', $system->cleanvars($_POST['currency_type']), 'str'); - $params[] = array(':currency_abbreviation', $system->cleanvars($_POST['currency_abbreviation']), 'str'); - $db->query($query, $params); - $new_id = $db->lastInsertId(); - $CURRENCIES[$new_id] = $_POST['currency_abbreviation'] . ' ' . $_POST['country'] . ' (' . $_POST['currency_type'] . ')'; - $system->writesetting("currency", $system->cleanvars($_POST['currency_abbreviation']), 'str'); - } else { - $system->writesetting("currency", $system->cleanvars($CURRENCIES_SYMBOLS[$_POST['currency']]), 'str'); - } +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // Data check + if (empty($_POST['currency'])) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_047)); + } + elseif (!empty($_POST['moneydecimals']) && !is_numeric($_POST['moneydecimals'])) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_051)); + } + else + { + if (!empty($_POST['country']) && !empty($_POST['currency_type']) && !empty($_POST['currency_abbreviation'])) + { + $query = "INSERT INTO " . $DBPrefix . "rates VALUES (NULL, :country, :currency_type, :currency_abbreviation);"; + $params = array(); + $params[] = array(':country', $system->cleanvars($_POST['country']), 'str'); + $params[] = array(':currency_type', $system->cleanvars($_POST['currency_type']), 'str'); + $params[] = array(':currency_abbreviation', $system->cleanvars($_POST['currency_abbreviation']), 'str'); + $db->query($query, $params); + $new_id = $db->lastInsertId(); + $CURRENCIES[$new_id] = $_POST['currency_abbreviation'] . ' ' . $_POST['country'] . ' (' . $_POST['currency_type'] . ')'; + $system->writesetting("currency", $system->cleanvars($_POST['currency_abbreviation']), 'str'); + } + else + { + $system->writesetting("currency", $system->cleanvars($CURRENCIES_SYMBOLS[$_POST['currency']]), 'str'); + } - // Update database - $system->writesetting("moneyformat", $_POST['moneyformat'], 'int'); - $system->writesetting("moneydecimals", $_POST['moneydecimals'], 'int'); - $system->writesetting("moneysymbol", $_POST['moneysymbol'], 'int'); + // Update database + $system->writesetting("moneyformat", $_POST['moneyformat'], 'int'); + $system->writesetting("moneydecimals", $_POST['moneydecimals'], 'int'); + $system->writesetting("moneysymbol", $_POST['moneysymbol'], 'int'); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['currency_settings_updated'])); - } + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['553'])); + } } -foreach ($CURRENCIES_SYMBOLS as $k => $v) { - if ($v == $system->SETTINGS['currency']) { - $selectsetting = $k; - } +foreach ($CURRENCIES_SYMBOLS as $k => $v) +{ + if ($v == $system->SETTINGS['currency']) + { + $selectsetting = $k; + } } -loadblock($MSG['default_currency'], $MSG['default_currency_explain'], generateSelect('currency', $CURRENCIES)); -loadblock($MSG['money_format'], '', 'batchstacked', 'moneyformat', $system->SETTINGS['moneyformat'], array($MSG['money_format_us'], $MSG['money_format_euro'])); -loadblock($MSG['money_decimals'], $MSG['money_decimals_explain'], 'decimals', 'moneydecimals', $system->SETTINGS['moneydecimals']); -loadblock($MSG['money_symbol_position'], '', 'batchstacked', 'moneysymbol', $system->SETTINGS['moneysymbol'], array($MSG['money_symbol_position_before'], $MSG['money_symbol_position_after'])); +loadblock($MSG['5008'], '', generateSelect('currency', $CURRENCIES)); +loadblock('', $MSG['5138']); +loadblock($MSG['544'], '', 'batchstacked', 'moneyformat', $system->SETTINGS['moneyformat'], array($MSG['545'], $MSG['546'])); +loadblock($MSG['548'], $MSG['547'], 'decimals', 'moneydecimals', $system->SETTINGS['moneydecimals']); +loadblock($MSG['549'], '', 'batchstacked', 'moneysymbol', $system->SETTINGS['moneysymbol'], array($MSG['550'], $MSG['551'])); loadblock($MSG['new_currency'], '', '', '', '', array(), true); loadblock($MSG['014'], $MSG['curreny_country_explain'], 'text', 'country', (isset($_POST['country'])) ? $_POST['country'] : ''); loadblock($MSG['currency_name'], $MSG['curreny_name_explain'], 'text', 'currency_type', (isset($_POST['currency_type'])) ? $_POST['currency_type'] : ''); loadblock($MSG['curreny_symbol'], $MSG['curreny_symbol_explain'], 'text', 'currency_abbreviation', (isset($_POST['currency_abbreviation'])) ? $_POST['currency_abbreviation'] : ''); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'OPTIONHTML' => '', - 'TYPENAME' => $MSG['25_0008'], - 'PAGENAME' => $MSG['currency_settings'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'OPTIONHTML' => $html, + 'TYPENAME' => $MSG['25_0008'], + 'PAGENAME' => $MSG['5004'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/defaultcountry.php b/admin/defaultcountry.php old mode 100644 new mode 100755 index 1ceb032f1..f7f22817b --- a/admin/defaultcountry.php +++ b/admin/defaultcountry.php @@ -1,6 +1,6 @@ writesetting("defaultcountry", $_POST['country'], "str"); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // clean submission and update database + $system->writesetting("defaultcountry", $_POST['country'], "str"); - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['default_country_updated'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['5323'])); } $query = "SELECT country_id, country FROM " . $DBPrefix . "countries"; @@ -30,22 +31,24 @@ $countries = $db->fetchall(); $options = array(); -foreach ($countries as $country) { - $options[$country['country']] = $country['country']; +foreach($countries as $country) +{ + $options[$country['country']] = $country['country']; } $selectsetting = $system->SETTINGS['defaultcountry']; -loadblock($MSG['default_country'], $MSG['default_country_explain'], generateSelect('country', $options, false)); +loadblock($MSG['5322'], $MSG['5321'], generateSelect('country', $options, false)); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['25_0008'], - 'PAGENAME' => $MSG['default_country'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['25_0008'], + 'PAGENAME' => $MSG['5322'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/deleteauction.php b/admin/deleteauction.php old mode 100644 new mode 100755 index 1d6736985..de2c4c8af --- a/admin/deleteauction.php +++ b/admin/deleteauction.php @@ -1,6 +1,6 @@ query($query, $params); - $auc_data = $db->result(); - - if ($auc_data['suspended'] == 2) { - $query = "DELETE FROM `" . $DBPrefix . "auction_moderation` WHERE auction_id = :auc_id"; - $db->query($query, $params); - } - - // Delete related values - $query = "DELETE FROM " . $DBPrefix . "auctions WHERE id = :auc_id"; - $db->query($query, $params); - - // delete bids - $query = "DELETE FROM " . $DBPrefix . "bids WHERE auction = :auc_id"; - $db->query($query, $params); - - // Delete proxybids - $query = "DELETE FROM " . $DBPrefix . "proxybid WHERE itemid = :auc_id"; - $db->query($query, $params); - - // Delete file in counters - $query = "DELETE FROM " . $DBPrefix . "auccounter WHERE auction_id = :auc_id"; - $db->query($query, $params); - - if ($auc_data['suspended'] == 0 && $auc_data['closed'] == 0) { - // update main counters - $query = "UPDATE " . $DBPrefix . "counters SET auctions = (auctions - 1), bids = (bids - :num_bids)"; - $params = array(); - $params[] = array(':num_bids', $auc_data['num_bids'], 'int'); - $db->query($query, $params); - - // update recursive categories - $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; - $params = array(); - $params[] = array(':cat_id', $auc_data['category'], 'int'); - $db->query($query, $params); - - $parent_node = $db->result(); - $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); - - for ($i = 0; $i < count($crumbs); $i++) { - $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; - $params = array(); - $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); - $db->query($query, $params); - } - } - - // Delete auctions images - if (is_dir(UPLOAD_PATH . $auc_id)) { - if ($dir = opendir(UPLOAD_PATH . $auc_id)) { - while ($file = readdir($dir)) { - if ($file != '.' && $file != '..') { - @unlink(UPLOAD_PATH . $auc_id . '/' . $file); - } - } - closedir($dir); - rmdir(UPLOAD_PATH . $auc_id); - } - } - - $URL = $_SESSION['RETURN_LIST']; - //unset($_SESSION['RETURN_LIST']); - header('location: ' . $URL); - exit; -} elseif (isset($_POST['action']) && $_POST['action'] == "No") { - $URL = $_SESSION['RETURN_LIST']; - //unset($_SESSION['RETURN_LIST']); - header('location: ' . $URL); - exit; +if (isset($_POST['action']) && $_POST['action'] == "Yes") +{ + $catscontrol = new MPTTcategories(); + $auc_id = intval($_POST['id']); + // uses same parameters in every query + $params = array(); + $params[] = array(':auc_id', $auc_id, 'int'); + + // get auction data + $query = "SELECT category, num_bids, suspended, closed FROM " . $DBPrefix . "auctions WHERE id = :auc_id"; + $db->query($query, $params); + $auc_data = $db->result(); + + if ($auc_data['suspended'] == 2) + { + $query = "DELETE FROM `" . $DBPrefix . "auction_moderation` WHERE auction_id = :auc_id"; + $params = array(); + $params[] = array(':auc_id', $auc_id, 'int'); + $db->query($query, $params); + } + + $params = array(); + $params[] = array(':auc_id', $auc_id, 'int'); + + // Delete related values + $query = "DELETE FROM " . $DBPrefix . "auctions WHERE id = :auc_id"; + $db->query($query, $params); + + // delete bids + $query = "DELETE FROM " . $DBPrefix . "bids WHERE auction = :auc_id"; + $db->query($query, $params); + + // Delete proxybids + $query = "DELETE FROM " . $DBPrefix . "proxybid WHERE itemid = :auc_id"; + $db->query($query, $params); + + // Delete file in counters + $query = "DELETE FROM " . $DBPrefix . "auccounter WHERE auction_id = :auc_id"; + $db->query($query, $params); + + if ($auc_data['suspended'] == 0 && $auc_data['closed'] == 0) + { + // update main counters + $query = "UPDATE " . $DBPrefix . "counters SET auctions = (auctions - 1), bids = (bids - :num_bids)"; + $params = array(); + $params[] = array(':num_bids', $auc_data['num_bids'], 'int'); + $db->query($query, $params); + + // update recursive categories + $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $auc_data['category'], 'int'); + $db->query($query, $params); + + $parent_node = $db->result(); + $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); + + for ($i = 0; $i < count($crumbs); $i++) + { + $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); + $db->query($query, $params); + } + } + + // Delete auctions images + if (is_dir(UPLOAD_PATH . $auc_id)) + { + if ($dir = opendir(UPLOAD_PATH . $auc_id)) + { + while ($file = readdir($dir)) + { + if ($file != '.' && $file != '..') + { + @unlink(UPLOAD_PATH . $auc_id . '/' . $file); + } + } + closedir($dir); + rmdir(UPLOAD_PATH . $auc_id); + } + } + + $URL = $_SESSION['RETURN_LIST']; + //unset($_SESSION['RETURN_LIST']); + header('location: ' . $URL); + exit; +} +elseif (isset($_POST['action']) && $_POST['action'] == "No") +{ + $URL = $_SESSION['RETURN_LIST']; + //unset($_SESSION['RETURN_LIST']); + header('location: ' . $URL); + exit; } $query = "SELECT title FROM " . $DBPrefix . "auctions WHERE id = :auc_id"; @@ -113,14 +130,15 @@ $title = $db->result('title'); $template->assign_vars(array( - 'ID' => $_GET['id'], - 'MESSAGE' => sprintf($MSG['confirm_auction_delete'], $title), - 'TYPE' => 1 - )); + 'ID' => $_GET['id'], + 'MESSAGE' => sprintf($MSG['833'], $title), + 'TYPE' => 1 + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'confirm.tpl' - )); + 'body' => 'confirm.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/deletebanner.php b/admin/deletebanner.php old mode 100644 new mode 100755 index fdc8436a7..2b4b1fcd4 --- a/admin/deletebanner.php +++ b/admin/deletebanner.php @@ -1,6 +1,6 @@ query($query, $params); @@ -43,3 +45,4 @@ // Redirect header('location: userbanners.php?id=' . $banneruser); +?> diff --git a/admin/deletemessage.php b/admin/deletemessage.php old mode 100644 new mode 100755 index 9fd18d6f1..a189701e8 --- a/admin/deletemessage.php +++ b/admin/deletemessage.php @@ -1,6 +1,6 @@ query($query, $params); - // Update messages counter - $query = "UPDATE " . $DBPrefix . "community SET messages = messages - 1 WHERE id = :board_id"; - $params = array(); - $params[] = array(':board_id', $board_id, 'int'); - $db->query($query, $params); - header('location: editmessages.php?id=' . $board_id); - exit; -} elseif (isset($_POST['action']) && $_POST['action'] == "No") { - header('location: editmessages.php?id=' . $board_id); - exit; +if (isset($_POST['action']) && $_POST['action'] == "Yes") +{ + $query = "DELETE FROM " . $DBPrefix . "comm_messages WHERE id = :msg_id"; + $params = array(); + $params[] = array(':msg_id', $msg_id, 'int'); + $db->query($query, $params); + // Update messages counter + $query = "UPDATE " . $DBPrefix . "community SET messages = messages - 1 WHERE id = :board_id"; + $params = array(); + $params[] = array(':board_id', $board_id, 'int'); + $db->query($query, $params); + header('location: editmessages.php?id=' . $board_id); + exit; +} +elseif (isset($_POST['action']) && $_POST['action'] == "No") +{ + header('location: editmessages.php?id=' . $board_id); + exit; } $template->assign_vars(array( - 'ID' => $msg_id, - 'MESSAGE' => sprintf($MSG['confirm_msg_delete'], $msg_id), - 'TYPE' => 1 - )); + 'ID' => $msg_id, + 'MESSAGE' => sprintf($MSG['834'], $msg_id), + 'TYPE' => 1 + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'confirm.tpl' - )); + 'body' => 'confirm.tpl' + )); $template->display('body'); include 'footer.php'; +?> \ No newline at end of file diff --git a/admin/deletenews.php b/admin/deletenew.php old mode 100644 new mode 100755 similarity index 61% rename from admin/deletenews.php rename to admin/deletenew.php index 42daf1d8c..1f60d9e7d --- a/admin/deletenews.php +++ b/admin/deletenew.php @@ -1,6 +1,6 @@ query($query, $params); + header('location: news.php'); + exit; } - -if (isset($_POST['action']) && $_POST['action'] == "Yes") { - $query = "DELETE FROM " . $DBPrefix . "news WHERE id = :news_id"; - $params = array(); - $params[] = array(':news_id', $_POST['id'], 'int'); - $db->query($query, $params); - header('location: news.php'); - exit; -} elseif (isset($_POST['action']) && $_POST['action'] == "No") { - header('location: news.php'); - exit; +elseif (isset($_POST['action']) && $_POST['action'] == "No") +{ + header('location: news.php'); + exit; } $query = "SELECT title FROM " . $DBPrefix . "news WHERE id = :news_id"; @@ -44,15 +40,16 @@ $title = $db->result('title'); $template->assign_vars(array( - 'ID' => $_GET['id'], - 'MESSAGE' => sprintf($MSG['confirm_news_delete'], $title), - 'TYPE' => 1 - )); + 'ID' => $_GET['id'], + 'MESSAGE' => sprintf($MSG['832'], $title), + 'TYPE' => 1 + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'confirm.tpl' - )); + 'body' => 'confirm.tpl' + )); $template->display('body'); include 'footer.php'; +?> \ No newline at end of file diff --git a/admin/deleteuser.php b/admin/deleteuser.php old mode 100644 new mode 100755 index b3360db33..005f32a99 --- a/admin/deleteuser.php +++ b/admin/deleteuser.php @@ -1,6 +1,6 @@ query($query, $params); - $num_auctions = $db->result('COUNT'); - - if ($num_auctions > 0) { - $has_auctions = true; - } - - // Check if the user is BIDDER in some auction - $query = "SELECT COUNT(id) As COUNT FROM " . $DBPrefix . "bids WHERE bidder = :user_id"; - $params = array(); - $params[] = array(':user_id', $id, 'int'); - $db->query($query, $params); - $num_bids = $db->result('COUNT'); - - if ($num_bids > 0) { - $has_bids = true; - } - - // check if user is suspended or not - $query = "SELECT suspended FROM " . $DBPrefix . "users WHERE id = :user_id"; - $params = array(); - $params[] = array(':user_id', $id, 'int'); - $db->query($query, $params); - $suspended = $db->result('suspended'); - - // delete user - $query = "DELETE FROM " . $DBPrefix . "users WHERE id = :user_id"; - $params = array(); - $params[] = array(':user_id', $id, 'int'); - $db->query($query, $params); - - if ($has_auctions) { - // update categories table - $query = "SELECT c.level, c.left_id, c.right_id FROM " . $DBPrefix . "auctions a - LEFT JOIN " . $DBPrefix . "categories c ON (a.category = c.cat_id) - WHERE a.user = :user_id"; - $params = array(); - $params[] = array(':user_id', $id, 'int'); - $db->query($query, $params); - $auction_data = $db->fetchall(); - foreach ($auction_data as $row) { - $crumbs = $catscontrol->get_bread_crumbs($row['left_id'], $row['right_id']); - for ($i = 0; $i < count($crumbs); $i++) { - $query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; - $params = array(); - $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); - $db->query($query, $params); - } - } - - // delete user's auctions - $query = "DELETE FROM " . $DBPrefix . "auctions WHERE user = :user_id"; - $params = array(); - $params[] = array(':user_id', $id, 'int'); - $db->query($query, $params); - } - - if ($has_bids) { - // update auctions table - $query = "SELECT a.id, a.current_bid, b.bid FROM " . $DBPrefix . "bids b - LEFT JOIN " . $DBPrefix . "auctions a ON (b.auction = a.id) - WHERE b.bidder = :user_id ORDER BY b.bid DESC"; - $params = array(); - $params[] = array(':user_id', $id, 'int'); - $db->query($query, $params); - $bid_data = $db->fetchall(); - foreach ($bid_data as $row) { - $params = array(); - $extra = ''; - // check if user is highest bidder - if ($row['current_bid'] == $row['bid']) { - $query = "SELECT id, bid FROM " . $DBPrefix . "bids WHERE auction = :auc_id ORDER BY bid DESC LIMIT 1, 1"; - $params[] = array(':auc_id', $row['id'], 'int'); - $db->query($query, $params); - $next_bid = $db->result(); - // set new highest bid - $params = array(); - $extra = ", current_bid = :current_bid, current_bid_id = :current_bid_id"; - $params[] = array(':current_bid', $next_bid['bid'], 'float'); - $params[] = array(':current_bid_id', $next_bid['bid_id'], 'int'); - } - $query = "UPDATE " . $DBPrefix . "auctions SET num_bids = num_bids - 1" . $extra . " WHERE id = :auc_id"; - $params[] = array(':auc_id', $row['id'], 'int'); - $db->query($query, $params); - } - - // delete bids - $query = "DELETE FROM " . $DBPrefix . "bids WHERE bidder = :user_id"; - $params = array(); - $params[] = array(':user_id', $id, 'int'); - $db->query($query, $params); - } - - // Update user counters - if ($suspended == 0) { - $query = "UPDATE " . $DBPrefix . "counters set users = users - 1, bids = bids - :num_bids, auctions = auctions - :num_auctions"; - } else { - $query = "UPDATE " . $DBPrefix . "counters set inactiveusers = inactiveusers - 1, bids = bids - :num_bids, auctions = auctions - :num_auctions"; - } - $params = array(); - $params[] = array(':num_bids', $num_bids, 'int'); - $params[] = array(':num_auctions', $num_auctions, 'int'); - $db->query($query, $params); - - header('location: listusers.php'); - exit; -} elseif (isset($_POST['action']) && $_POST['action'] == "No") { - header('location: listusers.php'); - exit; +if (isset($_POST['action']) && $_POST['action'] == "Yes") +{ + $catscontrol = new MPTTcategories(); + + // Check if the users has some auction + $query = "SELECT COUNT(id) As COUNT FROM " . $DBPrefix . "auctions WHERE user = :user_id"; + $params = array(); + $params[] = array(':user_id', $id, 'int'); + $db->query($query, $params); + $num_auctions = $db->result('COUNT'); + + if ($num_auctions > 0) + { + $has_auctions = true; + } + + // Check if the user is BIDDER in some auction + $query = "SELECT COUNT(id) As COUNT FROM " . $DBPrefix . "bids WHERE bidder = :user_id"; + $params = array(); + $params[] = array(':user_id', $id, 'int'); + $db->query($query, $params); + $num_bids = $db->result('COUNT'); + + if ($num_bids > 0) + { + $has_bids = true; + } + + // check if user is suspended or not + $query = "SELECT suspended FROM " . $DBPrefix . "users WHERE id = :user_id"; + $params = array(); + $params[] = array(':user_id', $id, 'int'); + $db->query($query, $params); + $suspended = $db->result('suspended'); + + // delete user + $query = "DELETE FROM " . $DBPrefix . "users WHERE id = :user_id"; + $params = array(); + $params[] = array(':user_id', $id, 'int'); + $db->query($query, $params); + + if ($has_auctions) + { + // update categories table + $query = "SELECT c.level, c.left_id, c.right_id FROM " . $DBPrefix . "auctions a + LEFT JOIN " . $DBPrefix . "categories c ON (a.category = c.cat_id) + WHERE a.user = :user_id"; + $params = array(); + $params[] = array(':user_id', $id, 'int'); + $db->query($query, $params); + $auction_data = $db->fetchall(); + foreach ($auction_data as $row) + { + $crumbs = $catscontrol->get_bread_crumbs($row['left_id'], $row['right_id']); + for ($i = 0; $i < count($crumbs); $i++) + { + $query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); + $db->query($query, $params); + } + } + + // delete user's auctions + $query = "DELETE FROM " . $DBPrefix . "auctions WHERE user = :user_id"; + $params = array(); + $params[] = array(':user_id', $id, 'int'); + $db->query($query, $params); + } + + if ($has_bids) + { + // update auctions table + $query = "SELECT a.id, a.current_bid, b.bid FROM " . $DBPrefix . "bids b + LEFT JOIN " . $DBPrefix . "auctions a ON (b.auction = a.id) + WHERE b.bidder = :user_id ORDER BY b.bid DESC"; + $params = array(); + $params[] = array(':user_id', $id, 'int'); + $db->query($query, $params); + $bid_data = $db->fetchall(); + foreach ($bid_data as $row) + { + $params = array(); + // check if user is highest bidder + if ($row['current_bid'] == $row['bid']) + { + $query = "SELECT bid FROM " . $DBPrefix . "bids WHERE auction = :auc_id ORDER BY bid DESC LIMIT 1, 1"; + $params[] = array(':auc_id', $row['id'], 'int'); + $db->query($query, $params); + $next_bid = $db->result('bid'); + // set new highest bid + $params = array(); + $extra = ", current_bid = :next_bid, current_bid_id = :current_bid_id"; + $params[] = array(':next_bid', $next_bid, 'float'); + $params[] = array(':current_bid_id', $row['id'], 'int'); + } + $query = "UPDATE " . $DBPrefix . "auctions SET num_bids = num_bids - 1" . $extra . " WHERE id = :auc_id"; + $params[] = array(':auc_id', $row['id'], 'int'); + $db->query($query, $params); + } + + // delete bids + $query = "DELETE FROM " . $DBPrefix . "bids WHERE bidder = :user_id"; + $params = array(); + $params[] = array(':user_id', $id, 'int'); + $db->query($query, $params); + } + + // Update user counters + if ($suspended == 0) + { + $query = "UPDATE " . $DBPrefix . "counters set users = users - 1, bids = bids - :num_bids, auctions = auctions - :num_auctions"; + } + else + { + $query = "UPDATE " . $DBPrefix . "counters set inactiveusers = inactiveusers - 1, bids = bids - :num_bids, auctions = auctions - :num_auctions"; + } + $params = array(); + $params[] = array(':num_bids', $num_bids, 'int'); + $params[] = array(':num_auctions', $num_auctions, 'int'); + $db->query($query, $params); + + header('location: listusers.php'); + exit; +} +elseif (isset($_POST['action']) && $_POST['action'] == "No") +{ + header('location: listusers.php'); + exit; } // Check if the users has some auction @@ -154,22 +167,24 @@ $db->query($query, $params); $num_auctions = $db->result('COUNT'); -if ($num_auctions > 0) { - $error_message = $MSG['user_has_active_auctions']; - $i = 0; - while ($row = $db->fetch()) { - if ($i >= 10) { - break; - } - $has_auctions = true; - $error_message .= $row['id'] . ' - ' . $row['title'] . '
'; - $i++; - } - if ($num_auctions != $i) { - $error_message .= '

' . sprintf($MSG['plus_x_more'], $num_auctions - $i) . '

'; - } - - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $error_message)); +if ($num_auctions > 0) +{ + $error_message = $MSG['420']; + $i = 0; + while ($row = $db->fetch()) + { + if ($i >= 10) + break; + $has_auctions = true; + $error_message .= $row['id'] . ' - ' . $row['title'] . '
'; + $i++; + } + if ($num_auctions != $i) + { + $error_message .= '

' . sprintf($MSG['568'], $num_auctions - $i) . '

'; + } + + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $error_message)); } // Check if the user is BIDDER in some auction @@ -179,10 +194,11 @@ $db->query($query, $params); $num_bids = $db->result('COUNT'); -if ($num_bids > 0) { - $has_bids = true; +if ($num_bids > 0) +{ + $has_bids = true; - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => sprintf($MSG['user_has_x_bids'], $num_bids))); + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => sprintf($MSG['421'], $num_bids))); } $query = "SELECT nick FROM " . $DBPrefix . "users WHERE id = :user_id"; @@ -192,15 +208,16 @@ $username = $db->result('nick'); $template->assign_vars(array( - 'ID' => $id, - 'MESSAGE' => sprintf($MSG['confirm_user_delete'], $username), - 'TYPE' => 1 - )); + 'ID' => $id, + 'MESSAGE' => sprintf($MSG['835'], $username), + 'TYPE' => 1 + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'confirm.tpl' - )); + 'body' => 'confirm.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/deleteuserfeed.php b/admin/deleteuserfeed.php old mode 100644 new mode 100755 index 4c7cfca18..615fb4ab4 --- a/admin/deleteuserfeed.php +++ b/admin/deleteuserfeed.php @@ -1,6 +1,6 @@ query($query, $params); - // get the current feedback count - $query = "SELECT SUM(rate) as FSUM, COUNT(feedback) as FNUM FROM " . $DBPrefix . "feedbacks WHERE rated_user_id = :user_id"; - $params = array(); - $params[] = array(':user_id', $user_id, 'int'); - $db->query($query, $params); - $fb_data = $db->result(); - // update feedback count - $query = "UPDATE " . $DBPrefix . "users SET rate_sum = :rate_sum, rate_num = :rate_num WHERE id = :user_id"; - $params = array(); - $params[] = array(':rate_sum', $fb_data['SUM'], 'int'); - $params[] = array(':rate_num', $fb_data['NUM'], 'int'); - $params[] = array(':user_id', $user_id, 'int'); - $db->query($query, $params); - header('location: userfeedback.php?id=' . $user_id); - exit; -} elseif (isset($_POST['action']) && $_POST['action'] == "No") { - header('location: userfeedback.php?id=' . $user_id); - exit; +if (isset($_POST['action']) && $_POST['action'] == "Yes") +{ + // delete the feedback entry + $query = "DELETE FROM " . $DBPrefix . "feedbacks WHERE id = :feedback_id"; + $params = array(); + $params[] = array(':feedback_id', $id, 'int'); + $db->query($query, $params); + // get the current feedback count + $query = "SELECT SUM(rate) as FSUM, count(feedback) as FNUM FROM " . $DBPrefix . "feedbacks WHERE rated_user_id = :user_id"; + $params = array(); + $params[] = array(':user_id', $user_id, 'int'); + $db->query($query, $params); + $fb_data = $db->result(); + // update feedback count + $query = "UPDATE " . $DBPrefix . "users SET rate_sum = :rate_sum, rate_num = :rate_num WHERE id = :user_id"; + $params = array(); + $params[] = array(':rate_sum', $fb_data['SUM'], 'int'); + $params[] = array(':rate_num', $fb_data['NUM'], 'int'); + $params[] = array(':user_id', $user_id, 'int'); + $db->query($query, $params); + header('location: userfeedback.php?id=' . $user_id); + exit; +} +elseif (isset($_POST['action']) && $_POST['action'] == "No") +{ + header('location: userfeedback.php?id=' . $user_id); + exit; } $template->assign_vars(array( - 'ID' => $id, - 'USERID' => $user_id, - 'MESSAGE' => sprintf($MSG['confirm_feedback_delete'], $id), - 'TYPE' => 2 - )); + 'ID' => $id, + 'USERID' => $user_id, + 'MESSAGE' => sprintf($MSG['848'], $id), + 'TYPE' => 2 + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'confirm.tpl' - )); + 'body' => 'confirm.tpl' + )); $template->display('body'); include 'footer.php'; +?> \ No newline at end of file diff --git a/admin/displaysettings.php b/admin/displaysettings.php old mode 100644 new mode 100755 index 20239545f..8b4820eed --- a/admin/displaysettings.php +++ b/admin/displaysettings.php @@ -1,6 +1,6 @@ writesetting("perpage", $_POST['perpage'], 'int'); - $system->writesetting("featuredperpage", $_POST['featuredperpage'], 'int'); - $system->writesetting("thumb_list", $_POST['thumb_list'], 'int'); - $system->writesetting("loginbox", $_POST['loginbox'], 'int'); - $system->writesetting("newsbox", $_POST['newsbox'], 'int'); - $system->writesetting("newstoshow", $_POST['newstoshow'], 'int'); - $system->writesetting("homefeaturednumber", $_POST['homefeaturednumber'], 'int'); - $system->writesetting("lastitemsnumber", $_POST['lastitemsnumber'], 'int'); - $system->writesetting("hotitemsnumber", $_POST['hotitemsnumber'], 'int'); - $system->writesetting("endingsoonnumber", $_POST['endingsoonnumber'], 'int'); - - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['display_settings_updated'])); +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + // clean submission & update database + $system->writesetting("perpage", $_POST['perpage'], 'int'); + $system->writesetting("featuredperpage", $_POST['featuredperpage'], 'int'); + $system->writesetting("thumb_list", $_POST['thumb_list'], 'int'); + $system->writesetting("loginbox", $_POST['loginbox'], 'int'); + $system->writesetting("newsbox", $_POST['newsbox'], 'int'); + $system->writesetting("newstoshow",$_POST['newstoshow'], 'int'); + $system->writesetting("homefeaturednumber", $_POST['homefeaturednumber'], 'int'); + $system->writesetting("lastitemsnumber", $_POST['lastitemsnumber'], 'int'); + $system->writesetting("hotitemsnumber", $_POST['hotitemsnumber'], 'int'); + $system->writesetting("endingsoonnumber", $_POST['endingsoonnumber'], 'int'); + + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['795'])); } -loadblock($MSG['show_per_page'], $MSG['show_per_page_explain'], 'days', 'perpage', $system->SETTINGS['perpage']); -loadblock($MSG['max_featured_items'], $MSG['max_featured_items_explain'], 'days', 'featuredperpage', $system->SETTINGS['featuredperpage']); -loadblock($MSG['thumbnail_size'], $MSG['thumbnail_size_explain'], 'decimals', 'thumb_list', $system->SETTINGS['thumb_list'], array($MSG['pixels'])); +loadblock($MSG['789'], $MSG['790'], 'days', 'perpage', $system->SETTINGS['perpage']); +loadblock('', $MSG['max_featured_items'], 'days', 'featuredperpage', $system->SETTINGS['featuredperpage']); +loadblock($MSG['25_0107'], $MSG['808'], 'decimals', 'thumb_list', $system->SETTINGS['thumb_list'], array($MSG['2__0045'])); -loadblock($MSG['front_page_settings'], '', '', '', '', array(), true); -loadblock($MSG['home_page_featured'], $MSG['home_page_featured_explain'], 'days', 'homefeaturednumber', $system->SETTINGS['homefeaturednumber']); -loadblock($MSG['home_page_recent'], $MSG['home_page_recent_explain'], 'days', 'lastitemsnumber', $system->SETTINGS['lastitemsnumber']); -loadblock($MSG['home_page_hot'], $MSG['home_page_hot_explain'], 'days', 'hotitemsnumber', $system->SETTINGS['hotitemsnumber']); -loadblock($MSG['home_page_ending_soon'], $MSG['home_page_ending_soon_explain'], 'days', 'endingsoonnumber', $system->SETTINGS['endingsoonnumber']); -loadblock($MSG['home_page_login'], $MSG['home_page_login_explain'], 'batch', 'loginbox', $system->SETTINGS['loginbox'], array($MSG['yes'], $MSG['no'])); -loadblock($MSG['home_page_news'], $MSG['home_page_news_explain'], 'batch', 'newsbox', $system->SETTINGS['newsbox'], array($MSG['yes'], $MSG['no'])); -loadblock('', $MSG['number_news_shown'], 'days', 'newstoshow', $system->SETTINGS['newstoshow']); +loadblock($MSG['807'], '', '', '', '', array(), true); +loadblock($MSG['5011'], $MSG['5012'], 'days', 'homefeaturednumber', $system->SETTINGS['homefeaturednumber']); +loadblock($MSG['5013'], $MSG['5014'], 'days', 'lastitemsnumber', $system->SETTINGS['lastitemsnumber']); +loadblock($MSG['5015'], $MSG['5016'], 'days', 'hotitemsnumber', $system->SETTINGS['hotitemsnumber']); +loadblock($MSG['5017'], $MSG['5018'], 'days', 'endingsoonnumber', $system->SETTINGS['endingsoonnumber']); +loadblock($MSG['532'], $MSG['537'], 'batch', 'loginbox', $system->SETTINGS['loginbox'], array($MSG['030'], $MSG['029'])); +loadblock($MSG['533'], $MSG['538'], 'batch', 'newsbox', $system->SETTINGS['newsbox'], array($MSG['030'], $MSG['029'])); +loadblock('', $MSG['554'], 'days', 'newstoshow', $system->SETTINGS['newstoshow']); $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'], - 'TYPENAME' => $MSG['5142'], - 'PAGENAME' => $MSG['display_settings'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'], + 'TYPENAME' => $MSG['5142'], + 'PAGENAME' => $MSG['788'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'adminpages.tpl' - )); + 'body' => 'adminpages.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/durations.php b/admin/durations.php old mode 100644 new mode 100755 index 03f095103..ed9cee946 --- a/admin/durations.php +++ b/admin/durations.php @@ -1,6 +1,6 @@ $v) { - if ((isset($_POST['delete']) && !in_array($k, $_POST['delete']) || !isset($_POST['delete'])) && !empty($_POST['new_durations'][$k]) && !empty($_POST['new_days'][$k])) { - $rebuilt_durations[] = $_POST['new_durations'][$k]; - $rebuilt_days[] = $_POST['new_days'][$k]; - } - } + foreach ($_POST['new_durations'] as $k => $v) + { + if ((isset($_POST['delete']) && !in_array($k, $_POST['delete']) || !isset($_POST['delete'])) && !empty($_POST['new_durations'][$k]) && !empty($_POST['new_days'][$k])) + { + $rebuilt_durations[] = $_POST['new_durations'][$k]; + $rebuilt_days[] = $_POST['new_days'][$k]; + } + } - $query = "DELETE FROM " . $DBPrefix . "durations"; - $db->direct_query($query); + $query = "DELETE FROM " . $DBPrefix . "durations"; + $db->direct_query($query); - for ($i = 0; $i < count($rebuilt_durations); $i++) { - $query = "INSERT INTO " . $DBPrefix . "durations VALUES (:day_count, :day_string)"; - $params = array(); - $params[] = array(':day_count', $rebuilt_days[$i], 'int'); - $params[] = array(':day_string', $rebuilt_durations[$i], 'str'); - $db->query($query, $params); - } + for ($i = 0; $i < count($rebuilt_durations); $i++) + { + $query = "INSERT INTO " . $DBPrefix . "durations VALUES (:day_count, :day_string)"; + $params = array(); + $params[] = array(':day_count', $rebuilt_days[$i], 'int'); + $params[] = array(':day_string', $rebuilt_durations[$i], 'str'); + $db->query($query, $params); + } - $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['duration_table_updated'])); + $template->assign_block_vars('alerts', array('TYPE' => 'success', 'MESSAGE' => $MSG['123'])); } $query = "SELECT * FROM " . $DBPrefix . "durations ORDER BY days"; $db->direct_query($query); -while ($row = $db->fetch()) { - $template->assign_block_vars('dur', array( - 'DAYS' => $row['days'], - 'DESC' => $row['description'] - )); +$i = 0; +while ($row = $db->fetch()) +{ + $template->assign_block_vars('dur', array( + 'ID' => $i, + 'DAYS' => $row['days'], + 'DESC' => $row['description'] + )); + $i++; } $template->assign_vars(array( - 'SITEURL' => $system->SETTINGS['siteurl'] - )); + 'SITEURL' => $system->SETTINGS['siteurl'] + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'durations.tpl' - )); + 'body' => 'durations.tpl' + )); $template->display('body'); include 'footer.php'; +?> \ No newline at end of file diff --git a/admin/editadminuser.php b/admin/editadminuser.php old mode 100644 new mode 100755 index 75029b4b9..c687c570b --- a/admin/editadminuser.php +++ b/admin/editadminuser.php @@ -1,6 +1,6 @@ assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_054)); - } elseif ($_POST['password'] != $_POST['repeatpassword']) { - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_006)); - } else { - // Update - $query = "UPDATE " . $DBPrefix . "adminusers SET"; - $params = array(); - if (!empty($_POST['password'])) { - include PACKAGE_PATH . 'PasswordHash.php'; - $phpass = new PasswordHash(8, false); - $query .= " password = :password, "; - $params[] = array(':password', $phpass->HashPassword($_POST['password']), 'str'); - } - $query .= " status = :status WHERE id = :admin_id"; - $params[] = array(':status', $_POST['status'], 'bool'); - $params[] = array(':admin_id', $id, 'int'); - $db->query($query, $params); - header('location: adminusers.php'); - exit; - } +if (isset($_POST['action']) && $_POST['action'] == 'update') +{ + if ((!empty($_POST['password']) && empty($_POST['repeatpassword'])) || (empty($_POST['password']) && !empty($_POST['repeatpassword']))) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_054)); + } + elseif ($_POST['password'] != $_POST['repeatpassword']) + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_006)); + } + else + { + // Update + $query = "UPDATE " . $DBPrefix . "adminusers SET"; + $params = array(); + if (!empty($_POST['password'])) + { + include PACKAGE_PATH . 'PasswordHash.php'; + $phpass = new PasswordHash(8, false); + $query .= " password = :password, "; + $params[] = array(':password', $phpass->HashPassword($_POST['password']), 'str'); + } + $query .= " status = :status WHERE id = :admin_id"; + $params[] = array(':status', $_POST['status'], 'bool'); + $params[] = array(':admin_id', $id, 'int'); + $db->query($query, $params); + header('location: adminusers.php'); + exit; + } } $query = "SELECT * FROM " . $DBPrefix . "adminusers WHERE id = :admin_id"; @@ -55,32 +56,39 @@ $db->query($query, $params); $user_data = $db->result(); -// Data check -if (!$user_data) { - header('location: adminusers.php'); - exit; +if ($system->SETTINGS['datesformat'] == 'USA') +{ + $CREATED = substr($user_data['created'], 4, 2) . '/' . substr($user_data['created'], 6, 2) . '/' . substr($user_data['created'], 0, 4); +} +else +{ + $CREATED = substr($user_data['created'], 6, 2) . '/' . substr($user_data['created'], 4, 2) . '/' . substr($user_data['created'], 0, 4); } -if ($user_data['lastlogin'] == $user_data['created']) { - $LASTLOGIN = $MSG['570']; -} else { - $LASTLOGIN = $dt->printDateTz($user_data['lastlogin']); +if ($user_data['lastlogin'] == 0) +{ + $LASTLOGIN = $MSG['570']; +} +else +{ + $LASTLOGIN = FormatDate($user_data['lastlogin']); } $template->assign_vars(array( - 'ID' => $id, - 'USERNAME' => $user_data['username'], - 'CREATED' => $dt->printDateTz($user_data['created']), - 'LASTLOGIN' => $LASTLOGIN, + 'ID' => $id, + 'USERNAME' => $user_data['username'], + 'CREATED' => $CREATED, + 'LASTLOGIN' => $LASTLOGIN, - 'B_ACTIVE' => ($user_data['status'] == 1), - 'B_INACTIVE' => ($user_data['status'] == 0) - )); + 'B_ACTIVE' => ($user_data['status'] == 1), + 'B_INACTIVE' => ($user_data['status'] == 0) + )); include 'header.php'; $template->set_filenames(array( - 'body' => 'editadminuser.tpl' - )); + 'body' => 'editadminuser.tpl' + )); $template->display('body'); include 'footer.php'; +?> diff --git a/admin/editauction.php b/admin/editauction.php old mode 100644 new mode 100755 index 26757aa77..81b78d059 --- a/admin/editauction.php +++ b/admin/editauction.php @@ -1,6 +1,6 @@ assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_601)); - } elseif (isset($_POST['current_bid']) && $_POST['current_bid'] < $_POST['min_bid'] && $_POST['current_bid'] != 0) { // bid > min_bid - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $MSG['error_current_bid_too_low'])); - } else { - // Retrieve auction data - $query = "SELECT * from " . $DBPrefix . "auctions WHERE id = :auc_id"; - $params = array(); - $params[] = array(':auc_id', $_POST['id'], 'int'); - $db->query($query, $params); - $AUCTION = $db->result(); - - if ($AUCTION['category'] != $_POST['category']) { - // and increase new category counters - $ct = intval($_POST['category']); - $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; - $params = array(); - $params[] = array(':cat_id', $ct, 'int'); - $db->query($query, $params); - $parent_node = $db->result(); - - $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); - - for ($i = 0; $i < count($crumbs); $i++) { - if ($crumbs[$i]['cat_id'] == $ct) { - $query = "UPDATE " . $DBPrefix . "categories SET counter = counter + 1, sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; - } else { - $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; - } - $params = array(); - $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); - $db->query($query, $params); - } - - // and decrease old category counters - $cta = intval($AUCTION['category']); - $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; - $params = array(); - $params[] = array(':cat_id', $cta, 'int'); - $db->query($query, $params); - $parent_node = $db->result(); - $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); - - for ($i = 0; $i < count($crumbs); $i++) { - if ($crumbs[$i]['cat_id'] == $cta) { - $query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; - } else { - $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; - } - $params = array(); - $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); - $db->query($query, $params); - } - } - - if ($AUCTION['secondcat'] != $_POST['secondcat']) { - // and increase new category counters - $ct = intval($_POST['secondcat']); - $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; - $params = array(); - $params[] = array(':cat_id', $ct, 'int'); - $db->query($query, $params); - $parent_node = $db->result(); - - $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); - - for ($i = 0; $i < count($crumbs); $i++) { - if ($crumbs[$i]['cat_id'] == $ct) { - $query = "UPDATE " . $DBPrefix . "categories SET counter = counter + 1, sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; - } else { - $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; - } - $params = array(); - $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); - $db->query($query, $params); - } - - // and decrease old category counters - $cta = intval($AUCTION['secondcat']); - $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; - $params = array(); - $params[] = array(':cat_id', $cta, 'int'); - $db->query($query, $params); - $parent_node = $db->result(); - - $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); - - for ($i = 0; $i < count($crumbs); $i++) { - if ($crumbs[$i]['cat_id'] == $cta) { - $query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; - } else { - $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; - } - $params = array(); - $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); - $db->query($query, $params); - } - } - - // clean unwanted images - if (isset($_POST['gallery']) && is_array($_POST['gallery'])) { - $uploaded = load_gallery($_POST['id']); - foreach ($uploaded as $img) { - if (in_array($img, $_POST['gallery'])) { - unlink(MAIN_PATH . $img); - } - } - } - - $start_date = new DateTime($AUCTION['starts'], $dt->UTCtimezone); - $start_date->add(new DateInterval('P' . intval($_POST['duration']) . 'D')); - $auction_ends = $start_date->format('Y-m-d H:i:s'); - - $query = "UPDATE " . $DBPrefix . "auctions SET - title = :title, - subtitle = :subtitle, - ends = :ends, - duration = :duration, - category = :category, - secondcat = :secondcat, - description = :description, - quantity = :quantity, - minimum_bid = :minimum_bid, - shipping_cost = :shipping_cost, - buy_now = :buy_now, - bn_only = :bn_only, - reserve_price = :reserve_price, - increment = :increment, - shipping = :shipping, - payment = :payment, - international = :international, - shipping_terms = :shipping_terms, - bold = :bold, - highlighted = :highlighted, - featured = :featured - WHERE id = :auc_id"; - $params = array(); - $params[] = array(':title', $system->cleanvars($_POST['title']), 'str'); - $params[] = array(':subtitle', $system->cleanvars($_POST['subtitle']), 'str'); - $params[] = array(':ends', $auction_ends, 'str'); - $params[] = array(':duration', $_POST['duration'], 'int'); - $params[] = array(':category', $_POST['category'], 'int'); - $params[] = array(':secondcat', $_POST['secondcat'], 'int'); - $params[] = array(':description', $_POST['description'], 'str'); - $params[] = array(':quantity', $_POST['quantity'], 'int'); - $params[] = array(':minimum_bid', $system->input_money($_POST['min_bid']), 'float'); - $params[] = array(':shipping_cost', $system->input_money($_POST['shipping_cost']), 'float'); - $params[] = array(':buy_now', $system->input_money($_POST['buy_now']), 'float'); - $params[] = array(':bn_only', $_POST['buy_now_only'], 'bool'); - $params[] = array(':reserve_price', $system->input_money($_POST['reserve_price']), 'float'); - $params[] = array(':increment', $system->input_money($_POST['customincrement']), 'float'); - $params[] = array(':shipping', $_POST['shipping'], 'str'); - $params[] = array(':payment', implode(', ', $_POST['payment']), 'str'); - $params[] = array(':international', (isset($_POST['international'])), 'bool'); - $params[] = array(':shipping_terms', $system->cleanvars($_POST['shipping_terms']), 'str'); - $params[] = array(':bold', (isset($_POST['is_bold'])), 'bool'); - $params[] = array(':highlighted', (isset($_POST['is_highlighted'])), 'bool'); - $params[] = array(':featured', (isset($_POST['is_featured'])), 'bool'); - $params[] = array(':auc_id', $_POST['id'], 'int'); - $db->query($query, $params); - - $URL = $_SESSION['RETURN_LIST']; - header('location: ' . $URL); - exit; - } - } else { - $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_112)); - } +if (isset($_POST['action'])) +{ + // Check that all the fields are not NULL + if (!empty($_POST['id']) && !empty($_POST['title']) && !empty($_POST['duration']) && !empty($_POST['category']) && !empty($_POST['description']) && !empty($_POST['min_bid'])) + { + // fix values + $_POST['quantity'] = (empty($_POST['quantity'])) ? 1 : $_POST['quantity']; + $_POST['customincrement'] = (empty($_POST['customincrement'])) ? 0 : $_POST['customincrement']; + // Check the input values for validity. + if ($_POST['quantity'] < 1) // 1 or more items being sold + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_701)); + } + elseif (isset($_POST['current_bid']) && $_POST['current_bid'] < $_POST['min_bid'] && $_POST['current_bid'] != 0) // bid > min_bid + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_702)); + } + else + { + // Retrieve auction data + $query = "SELECT * from " . $DBPrefix . "auctions WHERE id = :auc_id"; + $params = array(); + $params[] = array(':auc_id', $_POST['id'], 'int'); + $db->query($query, $params); + $AUCTION = $db->result(); + + $a_start = $AUCTION['starts']; + $a_ends = $a_start + ($_POST['duration'] * 24 * 60 * 60); + + if ($AUCTION['category'] != $_POST['category']) + { + // and increase new category counters + $ct = intval($_POST['category']); + $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $ct, 'int'); + $db->query($query, $params); + $parent_node = $db->result(); + + $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); + + for ($i = 0; $i < count($crumbs); $i++) + { + if ($crumbs[$i]['cat_id'] == $ct) + { + $query = "UPDATE " . $DBPrefix . "categories SET counter = counter + 1, sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; + } + else + { + $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; + } + $params = array(); + $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); + $db->query($query, $params); + } + + // and decrease old category counters + $cta = intval($AUCTION['category']); + $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $cta, 'int'); + $db->query($query, $params); + $parent_node = $db->result(); + $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); + + for ($i = 0; $i < count($crumbs); $i++) + { + if ($crumbs[$i]['cat_id'] == $cta) + { + $query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; + } + else + { + $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; + } + $params = array(); + $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); + $db->query($query, $params); + } + } + + if ($AUCTION['secondcat'] != $_POST['secondcat']) + { + // and increase new category counters + $ct = intval($_POST['secondcat']); + $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $ct, 'int'); + $db->query($query, $params); + $parent_node = $db->result(); + + $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); + + for ($i = 0; $i < count($crumbs); $i++) + { + if ($crumbs[$i]['cat_id'] == $ct) + { + $query = "UPDATE " . $DBPrefix . "categories SET counter = counter + 1, sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; + } + else + { + $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; + } + $params = array(); + $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); + $db->query($query, $params); + } + + // and decrease old category counters + $cta = intval($AUCTION['secondcat']); + $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $cta, 'int'); + $db->query($query, $params); + $parent_node = $db->result(); + + $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); + + for ($i = 0; $i < count($crumbs); $i++) + { + if ($crumbs[$i]['cat_id'] == $cta) + { + $query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; + } + else + { + $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = :cat_id"; + } + $params = array(); + $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); + $db->query($query, $params); + } + } + + // clean unwanted images + if (isset($_POST['gallery']) && is_array($_POST['gallery'])) + { + $uploaded = load_gallery($_POST['id']); + foreach ($uploaded as $img) + { + if (in_array($img, $_POST['gallery'])) + { + unlink(MAIN_PATH . $img); + } + } + } + + $query = "UPDATE " . $DBPrefix . "auctions SET + title = :title, + subtitle = :subtitle, + ends = :ends, + duration = :duration, + category = :category, + secondcat = :secondcat, + description = :description, + quantity = :quantity, + minimum_bid = :minimum_bid, + shipping_cost = :shipping_cost, + buy_now = :buy_now, + bn_only = :bn_only, + reserve_price = :reserve_price, + increment = :increment, + shipping = :shipping, + payment = :payment, + international = :international, + shipping_terms = :shipping_terms, + bold = :bold, + highlighted = :highlighted, + featured = :featured + WHERE id = :auc_id"; + $params = array(); + $params[] = array(':title', $system->cleanvars($_POST['title']), 'str'); + $params[] = array(':subtitle', $system->cleanvars($_POST['subtitle']), 'str'); + $params[] = array(':ends', $a_ends, 'int'); + $params[] = array(':duration', $system->cleanvars($_POST['duration']), 'str'); + $params[] = array(':category', $_POST['category'], 'int'); + $params[] = array(':secondcat', $_POST['secondcat'], 'int'); + $params[] = array(':description', $_POST['description'], 'str'); + $params[] = array(':quantity', $_POST['quantity'], 'int'); + $params[] = array(':minimum_bid', $system->input_money($_POST['min_bid']), 'float'); + $params[] = array(':shipping_cost', $system->input_money($_POST['shipping_cost']), 'float'); + $params[] = array(':buy_now', $system->input_money($_POST['buy_now']), 'float'); + $params[] = array(':bn_only', $_POST['buy_now_only'], 'bool'); + $params[] = array(':reserve_price', $system->input_money($_POST['reserve_price']), 'float'); + $params[] = array(':increment', $system->input_money($_POST['customincrement']), 'float'); + $params[] = array(':shipping', $_POST['shipping'], 'str'); + $params[] = array(':payment', implode(', ', $_POST['payment']), 'str'); + $params[] = array(':international', ((isset($_POST['international'])) ? 1 : 0), 'int'); + $params[] = array(':shipping_terms', $system->cleanvars($_POST['shipping_terms']), 'str'); + $params[] = array(':bold', (isset($_POST['is_bold'])), 'bool'); + $params[] = array(':highlighted', (isset($_POST['is_highlighted'])), 'bool'); + $params[] = array(':featured', (isset($_POST['is_featured'])), 'bool'); + $params[] = array(':auc_id', $_POST['id'], 'int'); + $db->query($query, $params); + + $URL = $_SESSION['RETURN_LIST'] . '?offset=' . $_SESSION['RETURN_LIST_OFFSET']; + unset($_SESSION['RETURN_LIST'], $_SESSION['RETURN_LIST_OFFSET']); + header('location: ' . $URL); + exit; + } + } + else + { + $template->assign_block_vars('alerts', array('TYPE' => 'error', 'MESSAGE' => $ERR_112)); + } } $auc_id = intval($_REQUEST['id']); -$query = "SELECT u.nick, a.* FROM " . $DBPrefix . "auctions a - LEFT JOIN " . $DBPrefix . "users u ON (u.id = a.user) - WHERE a.id = :auc_id"; +$query = "SELECT u.nick, a.* FROM " . $DBPrefix . "auctions a + LEFT JOIN " . $DBPrefix . "users u ON (u.id = a.user) + WHERE a.id = :auc_id"; $params = array(); $params[] = array(':auc_id', $auc_id, 'int'); $db->query($query, $params); -if ($db->numrows() == 0) { - $URL = $_SESSION['RETURN_LIST']; - header('location: ' . $URL); - exit; +if ($db->numrows() == 0) +{ + if (!isset($_SESSION['RETURN_LIST'])) + { + $URL = 'listauctions.php'; + } + else + { + $URL = $_SESSION['RETURN_LIST'] . '?offset=' . $_SESSION['RETURN_LIST_OFFSET']; + } + unset($_SESSION['RETURN_LIST'], $_SESSION['RETURN_LIST_OFFSET']); + header('location: ' . $URL); + exit; } $auction_data = $db->result(); // DURATIONS +$dur_list = ''; // empty string to begin HTML list $query = "SELECT days, description FROM " . $DBPrefix . "durations"; $db->direct_query($query); -while ($row = $db->fetch()) { - $template->assign_block_vars('dur', array( - 'DAYS' => $row['days'], - 'SELECTED' => ($row['days'] == $auction_data['duration']), - 'DESC' => $row['description'] - )); +while ($row = $db->fetch()) +{ + $dur_list .= '