Free Realty PHP Cross Reference Customer Relationship Management

Source: /includes/func.php - 1573 lines - 44696 bytes - Summary - Text - Print

   1  <?php // $Id: func.php,v 2.39 2011-02-27 20:35:52 pat Exp $ 
   2  // DO NOT MODIFY ANYTHING BELOW THIS LINE
   3  /*********************************************************************************/
   4  function getdb() 
   5  { 
   6   //Creates the link code to the db
   7   global $server, $user, $password, $db;
   8   $link = mysql_connect ($server, $user, $password);
   9   if (! $link) 
  10    { die ("Couldn't connect to MySQL server"); }
  11   if (!mysql_select_db ($db, $link) )
  12    { die ("Couldn't open $db: ".mysql_error() ); }
  13   return $link;
  14  }
  15  
  16  
  17  /** nav_jump allows multiple page listings at the top and bottom of a page */
  18  function nav_jump($cur_page, $total_num_page, $page_num,  $position, 
  19          $guidestring )
  20  {
  21   if (isset ($_GET['sort']))
  22   {
  23    $sort = slashquote($_GET['sort']);
  24    if ($sort != 'price' && $sort != 'id' && $sort != 'city' 
  25     && $sort != 'beds' && $sort != 'baths' && $sort != 'sqfeet' )
  26     $sort = 'price';
  27   }
  28   else { $sort = ""; }
  29   if (isset ($_GET['owner'])) { $owner = $_GET['owner']; }
  30   else { $owner = ""; }
  31   $sortstring = "sort=$sort";
  32   if (isset( $_GET['owner']))
  33    { $sortstring = $sortstring. "&amp;owner=$owner"; }
  34   if ($total_num_page != 0)
  35   {
  36    echo "<div class=\"middle\">This is page $page_num of $total_num_page<BR>";
  37    $prevpage = $cur_page-1;
  38    $nextpage = $cur_page+1;
  39    if ($page_num != 1)
  40    {
  41     echo "<a href=\"$_SERVER[PHP_SELF]?$guidestring&amp;cur_page=$prevpage&amp;$sortstring\">Previous Page</a>     ";
  42    }
  43    if ($page_num != $total_num_page)
  44    {
  45     echo "<a href=\"$_SERVER[PHP_SELF]?$guidestring&amp;cur_page=$nextpage&amp;$sortstring\">Next Page</a>";
  46     }
  47   }
  48   if ($total_num_page >1 )
  49   {
  50    echo "<P><FORM name=pagejump_$position action=get>
  51    <SELECT NAME=\"selectpage\" 
  52    onChange=\"window.location.href=document.pagejump_$position.selectpage.options[document.pagejump_$position.selectpage.selectedIndex].value\">  
  53     <OPTION VALUE=\"./$_SERVER[PHP_SELF]?cur_page\" SELECTED>Jump To Another Page ";
  54    for ($counter=0; $counter<=$total_num_page-1; $counter++)
  55    {
  56     $page_jump = $counter +1;
  57     echo "<OPTION VALUE=\"$_SERVER[PHP_SELF]?$guidestring&amp;cur_page=$counter&amp;$sortstring\">Page $page_jump</option> ";
  58    }
  59    echo "   </SELECT></FORM>";
  60   }
  61   ?>
  62   </div>
  63   <?php
  64   //End Nav Jump function
  65  }
  66  
  67  /*****************************************************************
  68   * Display listing class
  69   ****************************************************************/
  70  class display_listing {
  71  
  72   var $friendlyurl;
  73   var $baseurl;  
  74   var $image; 
  75   
  76   function previewlisting()
  77   {
  78    global $table_prefix;
  79    $link = getdb();
  80    $baseurl = config_options('baseurl');
  81    $image = new image();
  82    $install_path = config_options('install_path');
  83    if (!isset($_GET['cur_page']) || $_GET['cur_page'] == "") { $cur_page = 0; }
  84     else { $cur_page = slashquote($_GET['cur_page']); }  
  85  
  86    echo "<!--Begin the Headers -->";
  87    include ("$install_path/templates/user_top.php");
  88  ?>
  89   <!-- Main content starts -->
  90  <?php     
  91   //set up minimum and maximum price
  92   if (isset($_GET['sort']) &&  $_GET['sort'] != "") 
  93    { $sort = $_GET['sort']; } 
  94    //default sort - add to config_options
  95   else { $sort = "price"; } 
  96   if (!isset($_GET['minprice']) || $_GET['minprice'] == '' ) 
  97    { $minprice = 0; }
  98   else { $minprice = $_GET['minprice']; } 
  99   if (!isset($_GET['maxprice']) || $_GET['maxprice'] == '') 
 100    { $maxprice = 1000000000; }
 101   else { $maxprice = $_GET['maxprice']; }
 102   //get rid of extra junk in min and max price
 103   $minprice = preg_replace("{[[:^alnum:]]}","",$minprice);
 104   $maxprice = preg_replace("{[[:^alnum:]]}","",$maxprice);
 105   
 106   //start building querystring and guidestring
 107   //the querystring is the mySQL query itself, while
 108   //guidestring is the actual url of the search -- it's used
 109   //to pass along data so you can jump to different pages easily
 110   
 111   $guidestring = "";
 112   
 113   // Check if we're searching the features table
 114   $features = ''; //Make it empty :)
 115   $count_results = ''; //Make it empty :) 
 116   if (in_array("features", array_keys($_GET))) 
 117   {
 118    $features = " ,".$table_prefix."homes_features ";
 119    if (isset ($_GET['exact']) && $_GET['exact'] == "on")
 120     { $count_results = " count(*) as count, "; }
 121   } 
 122   $querystring = "SELECT distinct $count_results ".$table_prefix."homes.id as home_id, ".$table_prefix."homes.*, ".$table_prefix."agents.agent as agent, 
 123   ".$table_prefix."agents.agenturl as agenturl, 
 124   ".$table_prefix."agents.agentemail as agentemail, 
 125   ".$table_prefix."statuses.* FROM ".$table_prefix."homes, 
 126   ".$table_prefix."agents $features, ".$table_prefix."statuses 
 127    where owner = ".$table_prefix."agents.agent_id and 
 128    ".$table_prefix."statuses.id = ".$table_prefix."homes.status
 129    and ".$table_prefix."statuses.shown != 'n' and";
 130   $querystring .= " ((price >= '$minprice' AND price <= '$maxprice') || 
 131   (price_low >= '$minprice' AND price_hi <= '$maxprice' )) ";
 132   
 133  $guidestring .= "minprice=$minprice&amp;maxprice=$maxprice";
 134   foreach ($_GET as $key=>$value) 
 135   {
 136    switch ($key)
 137    {
 138     case "citystate":
 139     $count = 0;
 140     $extra = "";
 141     $querystring = $querystring." AND (";
 142     foreach ($value as $two_dim_value)
 143     {
 144      //deal with city and state selection
 145      //break apart city and state
 146      $guidestring .= "&amp;citystate%5B%5D=$two_dim_value";
 147      $buffer = explode("___" , $two_dim_value);
 148      $city = $buffer[0];
 149      $state = $buffer[1];
 150      if ($count > 0) {$extra = " OR ";}
 151      $querystring = $querystring."$extra(city='$city' and state='$state')";
 152      $count++;
 153     }
 154     $querystring = $querystring.")";
 155     break;
 156     case "statuschoice":
 157     $count = 0;
 158     $extra = "";
 159     $querystring = $querystring." AND (";
 160     foreach ($value as $temp_value)
 161     {
 162      if ($count > 0) {$extra = " OR ";}
 163      $querystring = $querystring."$extra(homes.status='$temp_value')";
 164      $guidestring .= "&amp;statuschoice%5B%5D=$temp_value";
 165      $count++;
 166     }
 167     $querystring = $querystring.")";
 168     break;
 169  
 170     case "typechoice":
 171     $count = 0;
 172     $extra = "";
 173     $querystring = $querystring." AND (";
 174     foreach ($value as $temp_value)
 175     {
 176      if ($count > 0) 
 177      {
 178       $extra = " OR ";
 179      }
 180      $querystring = $querystring."$extra(type='$temp_value')";
 181      $guidestring .= "&amp;typechoice%5B%5D=$temp_value";
 182      $count++;
 183     }
 184     $querystring = $querystring.")";
 185     break;
 186     case 'PHPSESSID':
 187     break; 
 188     case 'features':
 189       
 190     $querystring .= " and  ref_homes = homes.id and ref_features in (" 
 191     . implode(',', $value) . ')';
 192     if (isset($_GET['exact']) && $_GET['exact'] == "on")
 193     {
 194      $features_count = count($value);
 195     }
 196     foreach ($value as $two_dim_value)
 197     {
 198      $guidestring .="&amp;features%5B%5D=$two_dim_value";
 199     }
 200     break;
 201  
 202     case "minprice":
 203     case "maxprice":
 204     case "cur_page":
 205     case "sort":
 206     case "exact":
 207     break; //do not do anything further -- already handled
 208  
 209     default:
 210     $querystring = $querystring." AND $key = '$value'";
 211     break;
 212    }  // end case
 213   } //end foreach
 214  
 215   if (isset($features_count))
 216    $querystring .= " group by ".$table_prefix."homes.id having count = '$features_count' ";
 217  
 218   if (config_options('debug') == 'y')
 219     print "$querystring<BR><div class=\"main\">";
 220      
 221   $properties_per_page = config_options('properties_per_page');
 222   
 223    if ($sort == "id")
 224     $sort = "homes.id";
 225    if ($sort == "city"){
 226     $querystring .= " order by $sort ";
 227     }
 228    else {
 229     $querystring .= " ORDER BY $sort DESC";
 230     }
 231     
 232     $result = mysql_query("$querystring",$link);
 233     $num_rows = mysql_num_rows($result);
 234     $page_num = $cur_page + 1;
 235     $total_num_page = ceil($num_rows/$properties_per_page);
 236     ?>
 237     <div class="middle">
 238     <?php
 239     if ($num_rows == "1") 
 240      {
 241       Print "There is currently one listing in this category.<BR>";
 242      }
 243     else 
 244      {
 245       Print "There are currently $num_rows listings in this category.<BR>";
 246      
 247       nav_jump($cur_page, $total_num_page, $page_num, 'top', $guidestring);    
 248       print "<P>";
 249      }
 250     
 251   //handle sort functions
 252   print "[ Sort by: ";
 253   print "&#160;&#160;<a href=\"./propview.php?$guidestring&amp;sort=price\">";
 254   if ($sort == "price") 
 255   {
 256    print "<B>Price</b>";
 257   }
 258   else 
 259   {
 260    print "Price";
 261   }
 262   print "</a>&#160;&#160;<a href=\"./propview.php?$guidestring&amp;sort=id\">";
 263   if ($sort == "id") 
 264   {
 265    print "<B>Most Recent</b>";
 266   }
 267   else 
 268   {
 269    print "Most Recent";
 270   }
 271   print "</a>&#160;&#160;<a href=\"./propview.php?$guidestring&amp;sort=beds\">";
 272   if ($sort == "beds") 
 273   {
 274    print "<B>Beds</b>";
 275   }
 276   else
 277   {
 278    print "Beds";
 279   }
 280  
 281   print "</a>&#160;&#160;<a href=\"./propview.php?$guidestring&amp;sort=baths\">";
 282   if ($sort == "baths") 
 283   {
 284    print "<B>Baths</b>";
 285   }
 286   else 
 287   {
 288    print "Baths";
 289   }
 290   print "</a>&#160;&#160;<a href=\"./propview.php?$guidestring&amp;sort=city\">";
 291   if ($sort == "city") 
 292   {
 293    print "<B>City</b>";
 294   }
 295   else 
 296   {
 297    print "City";
 298   }
 299   print "</a>&#160;&#160;<a href=\"./propview.php?$guidestring&amp;sort=sqfeet\">";
 300   if ($sort == "sqfeet") 
 301   {
 302    print "<B>Square Footage</b>";
 303   }
 304   else 
 305   {
 306    print "Square Footage";
 307   }
 308   ?>
 309   </a> ]</div>
 310   <?php
 311   //end sort functions
 312  
 313  
 314  $limit_str = "LIMIT ". $cur_page * $properties_per_page .",$properties_per_page";
 315  $query = "$querystring $limit_str";
 316  
 317  $result = mysql_query("$query;",$link);
 318  
 319  echo mysql_error();
 320  
 321   while ($a_row =mysql_fetch_array ($result) )
 322   {
 323    //strip slashes so output appears correctly
 324    $a_row['title'] = stripslashes ($a_row['title']);
 325    $a_row['address'] = stripslashes($a_row['address']);
 326    $a_row['city'] = stripslashes($a_row['city']);
 327    $a_row['previewdesc'] = stripslashes($a_row['previewdesc']);
 328    $a_row['fulldesc'] = stripslashes($a_row['fulldesc']);
 329    $a_row['neighborhood'] = stripslashes($a_row['neighborhood']);
 330    //format price
 331    $a_row['price'] = number_format ($a_row['price']);
 332    //select images connected to a given listing
 333    $image->preview_image($a_row['home_id'], '1');
 334    ?>
 335   </a>     
 336   </div>
 337   <div class="main">
 338   <?php 
 339  
 340      if (!isset($friendlyurl) || strtolower($friendlyurl) != "y")
 341      {
 342       echo "<a href=\"$baseurl/propview.php?view=$a_row[home_id]\">";
 343      }
 344     else 
 345     {
 346      echo "<a href=\"$baseurl/listing/$a_row[home_id]\">";
 347     }
 348     if (empty($a_row[title]))
 349     {
 350      $a_row['title'] = "Listing Id# $a_row[home_id]";
 351     }
 352     echo "<b>$a_row[title]</b></a> ";
 353     if ($a_row['city'] != "" && $a_row['state'] != "")
 354     {
 355      echo " ($a_row[city], $a_row[state] )";
 356     } 
 357     else 
 358     {
 359      if ($a_row['city'] != "")
 360      {
 361       echo "(".$a_row['city'] . ")";
 362      }
 363      elseif ($a_row['state'] != "")
 364      {
 365       echo "(". $a_row['state'] . ")";
 366      }
 367     }
 368    if ($a_row['country'] != "") 
 369     print " $a_row[country]";
 370     echo "<br />";
 371     print "Price: <B>\$$a_row[price]</b><BR>";
 372     print "$a_row[address]<BR>";
 373     print "$a_row[beds] beds/$a_row[baths] baths<br />";
 374     if(!$a_row['previewdesc'] != "") 
 375      print "$a_row[previewdesc]<BR>";
 376     if ($a_row['neighborhood'] != "")
 377       print "Neighborhood: $a_row[neighborhood] <br />";
 378     if ($a_row['agent'] != "")
 379      print "Agent: <a href=\"./agentdisplay.php?view=$a_row[owner]\">$a_row[agent]</a>";
 380      echo "</div>";
 381    }
 382    nav_jump($cur_page, $total_num_page, $page_num,  'bottom', $guidestring);
 383            
 384   }
 385   function full_listing () {
 386       global $table_prefix;
 387       $install_path = config_options('install_path');
 388       $link = getdb();
 389       $image = new image();
 390       
 391    if (!isset($_GET['view']) && !isset($_GET['mls']))
 392       $this->previewlisting(); 
 393    else 
 394    {
 395    // if (config_options('debug') == 'y')
 396     if (isset($_GET['view']) &&   is_numeric($_GET['view']) && $_GET['view'] !="")
 397     {
 398  
 399      $view = $_GET['view'];
 400      $selectstring = " ".$table_prefix."homes.id = '$view' ";
 401     }
 402     elseif (isset($_GET['mls']) && $_GET['mls'] != "")
 403     {
 404      $mls = slashquote($_GET['mls']);
 405      $selectstring = " ".$table_prefix."homes.mls = '$mls' ";
 406     }
 407     else
 408     {
 409      //If neither mls nor view are set kick the page back
 410      redirect_page(config_options('local_404'), config_options('refer_404'));
 411     }
 412     $query = "SELECT ".$table_prefix."homes.*, 
 413    ".$table_prefix."agents.agent as agent, 
 414    ".$table_prefix."agents.agenturl as agenturl, 
 415    ".$table_prefix."agents.agentemail as agentemail, 
 416    ".$table_prefix."agents.agentphone as agentphone,
 417    ".$table_prefix."agents.agentcell as agentcell,
 418    ".$table_prefix."statuses.id as status
 419  
 420    FROM ".$table_prefix."homes, ".$table_prefix."agents, 
 421    ".$table_prefix."statuses WHERE owner = 
 422    ".$table_prefix."agents.agent_id and "
 423    ."$selectstring and 
 424    ".$table_prefix."homes.status = ".$table_prefix."statuses.id and
 425    ".$table_prefix."statuses.shown  != 'n' ";
 426     
 427    $result = mysql_query($query, $link);
 428    $query_data = mysql_fetch_array($result);
 429    
 430    if ($query_data)
 431    {
 432     print "<!-- Here Beginneth the header -->\r\n";
 433    include("$install_path/templates/user_top.php");
 434    print "<!-- Here ends the header -->\r\n 
 435    <!-- So begins the Main Content -->\r\n";
 436    //PROCESS VARIABLES
 437    extract($query_data);
 438    $price = number_format ($query_data['price']);
 439    $proptax = number_format ($query_data['proptax']);
 440    $status = $query_data['status'];
 441    $dateposted = $query_data['dateposted'];
 442    if (isset($query_data['dateupdated']))
 443    {
 444     $dateupdated = $query_data['dateupdated'];
 445    }
 446    //strip slashes so output appears correctly
 447  //  $title = unquote($title);
 448    $title = stripslashes($title); //unquote wasn't working
 449    $address = unquote($address);
 450    $city = unquote($city);
 451    $previewdesc = unquote($previewdesc);
 452    $fulldesc = unquote($fulldesc);
 453    $neighborhood = unquote($neighborhood);
 454    $view = $query_data['id'];
 455    $mls = $query_data['mls'];
 456    ?>
 457    <h4 class="listing">
 458  
 459    <?php
 460    //print out the listing itself
 461    echo " Listing:  $title </h4>";
 462    
 463    //is there an image?
 464    //select images connected to a given listing
 465    $image->show_image($query_data['id']);
 466     ?>
 467        </div> 
 468  
 469        <div class="main">      
 470   <?php
 471   if ($mls != "") Print " MLS:&nbsp;$mls<BR>";
 472   status_list("$status", "1");
 473   
 474  //  echo " $status <br />";
 475   echo " $address<BR />";
 476   if ($city !="" && $state != "") { $separator = ", "; }
 477   else { $separator = ""; }
 478   if ($city != "") { echo $city; }
 479   
 480   if($state != "")
 481   {
 482       echo "$separator";
 483       property_state_list("$state", "1");
 484   }
 485  
 486   if ($country != ""){print ", $country";}
 487  
 488   Print "<br><BR>Price: \$$price<BR>";
 489   if (config_options('show_near') == 'y')
 490   {
 491    $near_fp_count = config_options('near_fp_count');
 492    show_near($id, $reverse,$near_fp_count );
 493   }
 494   if (config_options('show_fp') == 'y') 
 495   {
 496    $near_fp_count = config_options('near_fp_count');
 497    show_floorplan($id, $reverse, $near_fp_count);
 498   }
 499  
 500    if ($beds!="" && $beds !="0") Print "Beds: $beds<BR>";
 501    if ($baths !="" && $baths !="0") Print "Baths: $baths<BR>";
 502    if ($yearbuilt != "0" && $yearbuilt !="") Print "Year Built: $yearbuilt<BR>";
 503    if ($sqfeet != "" && $sqfeet != "0") Print "Square Footage: $sqfeet<BR>";
 504    if ($lotsize != "" &&  $lotsize !="0") Print "Lot Size: $lotsize<BR>";
 505    if ($numfloors != "" && $numfloors !="0") Print "Floors: $numfloors<BR>";
 506    if ($garagesize != "") Print "Garage Size: $garagesize<BR>";
 507    if ($proptax != "" && $proptax != "0") Print "Ann. Property Tax: \$$proptax<BR>";
 508    if ($heat)  
 509     heat_list($heat, "1");
 510    if ($style) 
 511     property_style_list($style, "1");
 512    if ($onmarket) Print "Also on sales market: $onmarket<BR>";
 513    if ($dateavailable) Print "Date Available: $dateavailable<BR>";
 514    if ((isset($show_updated) && strtolower($show_updated) == "y") || (isset($show_created) 
 515     && $strtolower(show_created) == "y" ))
 516    {
 517     if (!empty($dateposted)) 
 518      {
 519       $dateposted = show_date($dateposted);
 520       echo "Original listing date: $dateposted <br />";
 521      }
 522      if (!empty($dateupdated))
 523      {
 524       $dateupdated = show_date($dateupdated);
 525       echo "Date updated: $dateupdated <br />";
 526      }
 527     }
 528  
 529     property_type_list("$type", "1");
 530  
 531     if ($neighborhood != "") Print "Neighborhood:&nbsp;$neighborhood<BR>";
 532     if ($agent != "")
 533     {
 534      Print "Agent: <a href=\"./agentdisplay.php?view=$owner\">$agent</a><br />";
 535      if (isset($agentemail)) echo "email: $agentemail <br />";
 536      if (isset($agentphone)) echo "Phone: $agentphone <br />";
 537      if (isset($agentcell)) echo "Cell: $agentcell <br />";
 538     }
 539     if (config_options('show_tour') == "y")
 540     {
 541      if ($virtualtour != "")
 542       Print "Virtual Tour: <a href=\"$virtualtour\">Explore</a><BR>";
 543     }
 544     Print "<br />$fulldesc<br /><p>";
 545  
 546     //process home features:
 547     ?>
 548     <div class="features">
 549     <div class="leftfeatures">HOME FEATURES</div> 
 550     <div class="rightfeatures">COMMUNITY FEATURES </div>
 551     <div class="leftfeatures">
 552     <?php
 553     // Show features specific to this house
 554     show_features(false, $view, false, $table_prefix);
 555     echo "</div></div> ";
 556     show_map(config_options('yahoomaps'), $address, $city, $state);
 557     if (config_options('friendmail') == 'y')
 558     {
 559      Print "<div class=\"bottomlinks\">
 560      Send to a Friend:&nbsp; 
 561      <a href=\"$baseurl/friendmail.php?listing=$id\">Click Here to email this listing</a>
 562      </div>"; 
 563      }
 564      echo "</div>";
 565        
 566     }
 567  
 568     else 
 569     { redirect_page(config_options('local_404'), config_options('refer_404')); }
 570  
 571    }
 572  
 573           
 574    }
 575       
 576   /***********************
 577    End Display Class
 578    *********************/
 579  }
 580  
 581  
 582  
 583  
 584  
 585  function updatelog($query, $current_user, $table_prefix, $link, $propid, $log_type)
 586  {
 587  /**
 588   * updatelog allows for tracking changes when the appropriate variables are set
 589   * in common.php 
 590   */
 591   $updatequery = addslashes ($query);
 592   $updatesql = "insert into ".$table_prefix."update_log (user, prop_id, changed_items, log_type) values ('$current_user', '$propid', '$updatequery', '$log_type')";
 593  $updateresult = mysql_query ($updatesql, $link);
 594   if (!$updateresult)
 595   {
 596    echo "$updatesql";
 597    die ("<br />Logging query is broken <br />".mysql_error());
 598   }
 599  } 
 600  
 601  function valid_email($email) 
 602  {
 603   /** Email verification 
 604     * Run some simple regex checks on the entered email address.
 605     */
 606   if (!eregi("^[a-zA-Z0-9_]*@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]*$", $email))
 607   {
 608    echo "Invalid address";
 609  //  $result = "Invalid address";
 610    $result = "0";
 611   }
 612   else {
 613   $result = "Address seems ok";
 614   }
 615   
 616   return $result; 
 617  }
 618  
 619  /**************************************************************
 620  * Image Class 
 621  **************************************************************/
 622  class image {
 623  //function store_image($binFile, $binFile_type, $extra  ) 
 624  function store_image($File, $Post, $agentorprop = 'agent') 
 625  {
 626    global $table_prefix;
 627    global $thumbnails;
 628    global $thumbname;
 629    global $link;
 630   // echo "Bin file section";
 631  
 632    $images_use = config_options('images_use');
 633    $install_path = config_options('install_path');
 634    $imageloc = config_options('imageloc');
 635    $binFile_name = $File['binFile']['name'];
 636    $binFile_size = $File['binFile']['size']; 
 637    $binFile = $File['binFile']['tmp_name'];
 638    $binFile_type = $File['binFile']['type'];
 639    $edit = slashquote($Post['edit']);
 640    $txtDescription = slashquote($Post['txtDescription']);
 641    $owner = $Post['owner'];
 642    $propnum = $edit;
 643    
 644  
 645   //Are we using folders or the db?
 646    if($images_use == "db" || $images_use != "folders")
 647    {
 648     $placement = "1"; //1 = database
 649    }
 650    else
 651    {
 652     $placement = "0"; // 0 = folders
 653    }
 654    if (isset ($agentorprop))
 655    {
 656     $imagefor = $agentorprop;
 657    }
 658  
 659    $binFile_type = strtolower($binFile_type);
 660    if ($binFile_type != "image/jpg" && $binFile_type != "image/jpeg" && 
 661    $binFile_type != "image/gif" && $binFile_type != "image/png" && 
 662    $binFile_type != "image/bmp" && $binFile_type != "image/pjpeg" 
 663    //      && $binFile_type != "image/tiff" 
 664    ) 
 665    {
 666      echo "Invalid file type- File will not be uploaded"; 
 667      echo "$binFile_type";
 668    }
 669    else 
 670    {
 671     $data = (fread(fopen($binFile, "r"), filesize($binFile)));
 672     $imagedata = getimagesize($binFile);
 673     $width = $imagedata['0'];
 674     $height = $imagedata['1'];
 675     $strDescription = slashquote(nl2br($txtDescription));
 676     if (isset($thumbnails) && $thumbnails == "y")
 677     {
 678      $thdb="y";
 679      make_thumb($binFile,$binFile_name);
 680      $thumbfp = fopen(temp_dir."/$thumbname" , "r");
 681      $thumb_size= filesize(temp_dir."/$thumbname");
 682      $thumb = (fread($thumbfp, $thumb_size));
 683     }
 684     $sql = " INSERT INTO ".$table_prefix."";
 685     if (isset($imagefor) && $imagefor == "agent") //Is this an agent image or a property image?
 686     { 
 687      $sql .="agent_tbl_Files ";
 688     }
 689     else 
 690     { 
 691      $sql .="tbl_Files "; 
 692     }
 693  
 694     $sql .= "(description, ";
 695     if ($placement == "1")
 696     {
 697       $sql .= " bin_data, "; 
 698     }
 699     $sql .= " filename, filesize, filetype, owner, ";
 700     if (isset($imagefor) && $imagefor == "agent") { $sql.=" agentnum, "; }
 701     else { $sql .=" prop_num , width, height, ";  }
 702     if ($thdb =='y')
 703     {
 704      if ($placement == "1")
 705      {
 706       $sql .= " thumb, "; 
 707      }
 708      $sql .= " thumb_size, thumb_filetype ";
 709     }
 710     $sql .= " ) ";
 711     $sql .= " VALUES ('$strDescription', "; 
 712     if ($placement == "1")
 713     { 
 714      $data = addslashes($data);
 715      $sql .= "  '$data', ";
 716     }
 717     $sql .= " '$binFile_name', '$binFile_size', '$binFile_type', '$owner', '$propnum' ";
 718     if (isset($imagefor) && $imagefor != "agent" ) { $sql .= " , '$width', '$height' "; }
 719     if ($thdb =='y')
 720     {
 721      if ($placement == "1")
 722      {
 723       $thumb = addslashes($thumb);
 724       $sql .= " , '$thumb' "; 
 725      }
 726     $sql .= ", '$thumb_size', '$binFile_type' ";
 727     }
 728     $sql .=" ) ";        
 729     if (!mysql_query ($sql, $link) )
 730     {
 731      die (mysql_error());
 732     }
 733     if($placement == "0") //We're using the folders instead of the database to store images 
 734     {
 735      $id = mysql_insert_id();
 736      if ($imagefor == "agent")
 737      {
 738       $subfolder = "agents";
 739      }
 740      else 
 741      {
 742       $subfolder = "listings";
 743      }
 744      echo "Writing file to folder"; 
 745      $fp = fopen("$install_path/$imageloc/$subfolder/$id"."_"."$binFile_name", "w");
 746      fwrite($fp, $data);
 747      fclose($fp);
 748      $fp = fopen ("$install_path/$imageloc/$subfolder/$id"."_"."thumb"."_"."$binFile_name", "w");
 749      fwrite($fp,$thumb);
 750      fclose($fp);
 751     }
 752  
 753    echo "Your image has been added ($binFile_name).";
 754    if ($thdb =='y')
 755    {
 756     unlink(temp_dir."/$thumbname"); //Delete the temp file now that we've had our way with it.
 757     $thdb = 'n';
 758    }
 759   }
 760  }
 761  
 762  /**************************************************************************/
 763  
 764  function remove_image ($images_use, $current_user, $image_id, $agent_image = "")
 765  {
 766   // setup the variables that we need
 767   global $table_prefix;
 768   $install_path = config_options('install_path');
 769   $imageloc = config_options('imageloc');
 770   $link = getdb();
 771   $deleteimage = unquote($image_id);
 772   $agent_or_prop = "";
 773   if ($agent_image == "agent")
 774   {
 775    $subdirectory = "agents";
 776    $agent_or_prop = "agent_";
 777   }
 778   else
 779   {
 780    $subdirectory = "listings";
 781   }
 782  
 783   if (isset($images_use) && $images_use == "folders" )
 784   {
 785    //Get the image information....
 786  
 787    $sql = "select id_files, filename from ".$table_prefix."".$agent_or_prop."tbl_Files where id_files = '$deleteimage' ";
 788    if ($current_user != "admin")
 789    $sql .= " and owner = '$current_user' ";
 790    echo "<br />$sql";
 791    $image_query = mysql_query($sql, $link);
 792    $image_result = mysql_fetch_array($image_query);
 793     
 794  //  echo "<br />ID: $image_result[id_files] Filename: $image_result[filename]<br />";
 795    if (file_exists( "$install_path/$imageloc/$subdirectory/$image_result[id_files]"."_"."$image_result[filename]"))
 796    { 
 797     @unlink ("$install_path/$imageloc/$subdirectory/$image_result[id_files]"."_"."$image_result[filename]"); 
 798    }
 799    else 
 800    {
 801     echo "File:  $install_path/$imageloc/$subdirectory/$image_result[id_files]"."_"."$image_result[filename] does not exist <br />"; 
 802    }
 803    if (file_exists ("$install_path/$imageloc/$subdirectory/$image_result[id_files]"."_"."thumb"."_"."$image_result[filename]"))
 804    {  
 805     @unlink ("$install_path/$imageloc/$subdirectory/$image_result[id_files]"."_"."thumb"."_"."$image_result[filename]"); 
 806    }
 807    else
 808    {
 809     echo "File: $install_path/$imageloc/$subdirectory/$image_result[id_files]"."_"."thumb"."_"."$image_result[filename] does not exist <br />" ;
 810    } 
 811   }
 812  
 813  
 814   $query = "DELETE FROM ".$table_prefix.$agent_or_prop."tbl_Files WHERE (id_files = $deleteimage)";
 815    if ($current_user != "admin")
 816    $query .= " and owner = '$current_user' ";
 817   if (!mysql_query ($query, $link) )
 818   {
 819    die (mysql_error());
 820   }
 821   if (!empty($image_row))
 822     print "$image_row[filename] has been removed...";
 823   elseif (!empty($image_result))
 824     print "$image_result[filename] has been removed...";
 825   }
 826  
 827   function preview_image($id, $limit = '', $link_type = '') {
 828    global $table_prefix;
 829    global $thumbnails;
 830    global $thumbname;
 831    global $link;
 832     $baseurl = config_options('baseurl'); 
 833     $query = "SELECT id_files,thumb,filename,thumb_size,thumb_filetype FROM 
 834      ".$table_prefix."tbl_Files WHERE prop_num = $id ";
 835     if ($limit != '')
 836       $query .= "LIMIT $limit";
 837     $output = mysql_query("$query",$link);
 838  //            echo $query;
 839  
 840      $count = 0;
 841  //   print "<td valign=top align=center width=115>";
 842    ?>
 843    <div class="view">
 844  <?php
 845     if ($link_type == 'edit')
 846         echo "<a href=\"$_SERVER[PHP_SELF]?edit=$id\">";
 847     elseif (config_options('friendlyurl') != "y")
 848     {
 849      echo " <a href=\"$baseurl/propview.php?view=$id\">";
 850     }
 851     else 
 852     {
 853      echo " <a href=\"$baseurl/listing/$id\">";
 854     }
 855   while ($image_row =mysql_fetch_array ($output) )
 856    {
 857     echo "<img src='$baseurl/image.php?Id=$image_row[id_files]&amp;image=thumb' 
 858     class=\"view\" width=\"100\" height=\"100\" alt=\"View Listing\">";
 859     $count++;
 860    }
 861  
 862  
 863   if ($count == 0)
 864   {
 865     echo "<img src=\"$baseurl/images/nophoto.gif\" class=\"view\" alt=\"View Listing\">";
 866    }
 867   if ($link_type == 'edit')
 868    echo "</a>";     
 869   }
 870   function show_image($id) {
 871    global $table_prefix;
 872    global $link;
 873    $query = "select id_files from ".$table_prefix."tbl_Files where prop_num = 
 874     $id order by image_order, id_files";
 875    $images = mysql_query($query, $link);
 876  
 877  
 878    $count = 0;
 879    $query = "SELECT filename,id_files,image_order, thumb_size,thumb_filetype,description, height, width, prop_num FROM "
 880    .$table_prefix."tbl_Files WHERE prop_num =  $id order by image_order, id_files";
 881    $result = mysql_query("$query",$link);
 882    echo "
 883    <div class=\"view\"> ";
 884    
 885    while ($image_row =mysql_fetch_array ($result) )
 886    {
 887     echo "<div class=\"imagetitle\" >";
 888     echo stripslashes($image_row['description'])  ;
 889     echo "</div>";
 890    $displaywidth = "400";
 891    $displayheight = "300";
 892    if ($image_row['height'] != "")
 893    {
 894     if ($image_row['height'] <= 65)
 895     {
 896      $displayheight = "100";
 897     }
 898     else 
 899     {
 900      if (($image_row['height'] + 35) >= 600 )
 901      {
 902       $displayheight = "600";
 903      }
 904      else
 905      {
 906       $displayheight = $image_row['height'] +35;
 907      } 
 908     }
 909     if ($image_row['width'] <= 200) 
 910     {
 911      $displaywidth = "200";
 912     }
 913     elseif ($image_row['width'] >= 800)   
 914     { 
 915      $displaywidth = "800";
 916     }
 917     else 
 918     {
 919      $displaywidth = $image_row['width'] +15 ;
 920     }
 921    }
 922    $image_row['id_files'] = stripslashes($image_row['id_files']);
 923    echo "   <a href=\"\" onClick=\"window.open('./popup.php?Id=$image_row[id_files]&amp;image_array=$images' ,'Picture_window', 
 924    'resizable,height=$displayheight,width=$displaywidth'); return false;\">
 925    <img class=\"view\" src=\"image.php?Id=$image_row[id_files]&amp;image=thumb\" 
 926      alt=\"Click to Enlarge\" /></a>  ";
 927     $count++;
 928  
 929    }
 930    if ($count == 0)
 931    {
 932     echo "<img class=\"view\" src=\"./images/nophoto.gif\" 
 933     alt=\"No Photo Available\" >"; 
 934    }
 935  
 936    elseif ($count == 1)
 937    {
 938     print "<div class=\"small_bold\">Click photo to enlarge<br></div>";
 939    }
 940    else
 941    {
 942     print "<div class=\"small_bold\">Click photos to enlarge</div>";
 943    }
 944        echo "</div> ";
 945   }
 946  }
 947  /*****************************************************************************
 948   * End Image Class
 949   * **************************************************************************/
 950  
 951  /******************************************************************************
 952  Map Functions
 953  ******************************************************************************/
 954  function show_map($yahoomaps="y", $address, $city, $state) {
 955   if (isset($yahoomaps) && $yahoomaps != "" && strtolower($yahoomaps) != "n" )
 956   {
 957    echo "<div class=\"bottomlinks\">
 958   View Map:&nbsp;</div>";
 959  
 960   }
 961   if (strtolower($yahoomaps) == "y") 
 962   {
 963     echo "<a href=\"http://maps.yahoo.com/py/maps.py?Pyt=Tmap&amp;addr=$address&amp;csz=$city%2C$state&amp;Get+Map=Get+Map\" ";
 964   }
 965   if (strtolower($yahoomaps) == "g")
 966   { 
 967    $address = preg_replace("{[[:space:]]}","+", "$address");
 968    echo "<a href=\"http://maps.google.com?q=$address+$city+$state\" ";
 969    
 970   }
 971   if (isset ($yahoomaps) && $yahoomaps != "" && strtolower($yahoomaps) != "n" )
 972   {
 973    echo " target=\"_blank\">Click Here to view map of area</a>";
 974   }
 975  }
 976  
 977  function show_near($home_id, $reverse, $count = '3')
 978  {
 979    $link = getdb();
 980    global $table_prefix; 
 981    $sql = "select nearby_id from ".$table_prefix."nearby where home_id = '$home_id' limit $count ";
 982    $result = mysql_query($sql, $link);
 983    $near_count = @mysql_num_rows($result);
 984      echo "Nearby Homes:  ";
 985      echo "<br>";
 986    
 987    while ($a_row = @mysql_fetch_array($result))
 988    {
 989      $t_query = mysql_query("select title from ".$table_prefix."homes where id = $a_row[nearby_id]", $link);
 990  
 991       while ($t_result = mysql_fetch_array($t_query))
 992       {
 993        $title = stripslashes($t_result['title']);
 994        echo "<a href=\"?view=$a_row[nearby_id]\">$a_row[nearby_id] - $title</a><br>";
 995       }
 996  
 997     }
 998     if ($near_count < $count && $reverse != 'n')
 999     {
1000      $count = $count - $near_count;
1001      $sql = "select home_id from ".$table_prefix."nearby where nearby_id = '$home_id' order by rand() limit $count ";
1002  
1003      $result = mysql_query($sql, $link);
1004      $near_count = @mysql_num_rows($result);
1005      while ($a_row = @mysql_fetch_array($result))
1006      {
1007       $t_query = mysql_query("select title from ".$table_prefix."homes where id = $a_row[home_id]", $link);
1008       while ($t_result = mysql_fetch_array($t_query))
1009       {
1010        $title = stripslashes($t_result[title]);
1011        echo "<a href=\"?view=$a_row[home_id]\">$a_row[home_id] - $title</a><br>";
1012       }
1013  
1014      }
1015     }
1016     if (!empty ($t_query)) echo "<hr />";
1017  }
1018  
1019  function show_floorplan($home_id, $reverse, $count = '3')
1020  {
1021    $link = getdb();
1022    global $table_prefix;
1023    $sql = "select floorplan_id from ".$table_prefix."floorplan where home_id = '$home_id' limit $count ";
1024    $result = mysql_query($sql, $link);
1025    $floor_count = @mysql_num_rows($result);
1026      echo "Similar Floorplans:  ";
1027      echo "<br />";
1028    while ($a_row = @mysql_fetch_array($result))
1029    {
1030      $t_query = mysql_query("select title from ".$table_prefix."homes where id = $a_row[floorplan_id]", $link);
1031  
1032      while ($t_result = mysql_fetch_array($t_query))
1033      {
1034       $title = stripslashes($t_result[title]);
1035       echo "<a href=\"?view=$a_row[floorplan_id]\">$a_row[floorplan_id] - $title</a><br />";
1036      }
1037    }
1038  
1039    if ($floor_count < $count && $reverse != 'n')
1040    {
1041     $count = $count - $floor_count;
1042     $sql = "select home_id from ".$table_prefix."floorplan where floorplan_id = '$home_id' order by rand() limit $count ";
1043     $result = mysql_query($sql, $link);
1044     $floor_count = @mysql_num_rows($result);
1045     while ($a_row = @mysql_fetch_array($result))
1046     {
1047      $t_query = mysql_query("select title from ".$table_prefix."homes where id = $a_row[home_id]", $link);
1048  
1049       while ($t_result = mysql_fetch_array($t_query))
1050       {
1051        $title = stripslashes($t_result[title]);
1052        echo "<a href=\"?view=$a_row[home_id]\">$a_row[home_id] - $title</a><br />";
1053       }
1054     }
1055    }
1056     if (!empty ($t_query))
1057      echo "<hr />"; 
1058  }
1059  
1060  
1061  
1062  function edit_nearby($edit, $count = '3')
1063  {
1064   global $table_prefix;
1065   $link = getdb();
1066   echo "Nearby Homes: <br />";
1067   for ($i=0; $i<$count; $i++)
1068   {
1069    $select_check = "select nearby_id from ".$table_prefix."nearby where 
1070    home_id = $edit and nearby_idx = $i";
1071    $select_result = @mysql_fetch_array(mysql_query($select_check));
1072  
1073      
1074    $sql = "SELECT title,id from ".$table_prefix."homes order by title";
1075    $res = mysql_query($sql, $link);
1076     echo "<select name=\"nearby[$i]\">
1077    <option value=\"\"></option> ";
1078  
1079    while ($r = mysql_fetch_array($res)) 
1080    {
1081  
1082     echo "<option value=\"$r[id]\" ";
1083     if ($select_result['nearby_id'] == $r['id'])
1084        echo "SELECTED ";
1085     echo  " > $r[id] - $r[title]</option> ";
1086    }
1087    echo "</select><br />";
1088   }
1089  }
1090  
1091  function edit_floorplan($edit, $count = '3')
1092  {
1093   global $table_prefix;    
1094   $link = getdb();
1095  
1096   echo "Similar Floorplans: <br />";
1097   for ($i=0; $i<$count; $i++)
1098   {
1099    $select_check = "select floorplan_id from ".$table_prefix."floorplan where 
1100    home_id = $edit and floorplan_idx = $i";
1101    $select_result = @mysql_fetch_array(mysql_query($select_check));
1102      
1103    $sql = "SELECT title,id from ".$table_prefix."homes order by title ";
1104    $res = mysql_query($sql, $link);
1105     echo "<select name=\"floorplan[$i]\">
1106    <option value=\"\"></option> ";
1107  
1108    while ($r = mysql_fetch_array($res)) 
1109    {
1110  
1111     echo "<option value=\"$r[id]\" ";
1112     if ($select_result['floorplan_id'] == $r['id'])
1113        echo "SELECTED ";
1114     echo  " > $r[id] - $r[title]</option> ";
1115    }
1116    echo "</select><br />";
1117   }
1118  }
1119  
1120  function add_nearby($edit, $nearby, $count = '3')
1121  {
1122   $link = getdb();
1123   global $table_prefix;
1124   //First - clear out the table
1125   $sql = "delete from ".$table_prefix."nearby where home_id = $edit ";
1126   @mysql_query($sql, $link);
1127   //Now - add the current nearby homes in
1128   for ($i = 0; $i<$count; $i++)
1129   {
1130       $nearby_insert = "insert into ".$table_prefix."nearby (nearby_id, home_id, nearby_idx ) values ($nearby[$i], $edit, $i) ";
1131       mysql_query ($nearby_insert, $link);
1132   }
1133  }
1134  function add_floorplan($edit, $floorplan, $count = '3')
1135  {
1136   $link = getdb();
1137   global $table_prefix;
1138   //First - clear out the table
1139   $sql = "delete from ".$table_prefix."floorplan where home_id = $edit ";
1140   @mysql_query($sql, $link);
1141   //Now - add the current nearby homes in
1142   for ($i = 0; $i<$count; $i++)
1143   {
1144       $floorplan_insert = "insert into ".$table_prefix."floorplan (floorplan_id, home_id, floorplan_idx ) values ($floorplan[$i], $edit, $i) ";
1145       mysql_query ($floorplan_insert, $link);
1146   }
1147  
1148  }
1149  
1150  function imagefolderverify()
1151  {
1152   $install_path = config_options("install_path");
1153   $images_use = config_options("images_use");
1154   $imageloc = config_options("imageloc");
1155  
1156   if ($images_use == "folders")
1157   {
1158    $fp = @fopen ("$install_path/$imageloc/listings/test", "w");
1159    if (!$fp) 
1160    {
1161     echo "Your image listings folder \"$install_path/$imageloc/listings\" is not 
1162     writable by the web server. Image uploads will fail. <br />";
1163     return;
1164    }
1165    fclose ($fp);
1166    unlink ("$install_path/$imageloc/listings/test"); 
1167   }
1168  
1169  }
1170  
1171  function show_date($date) 
1172  {
1173   $date = explode ('-', $date);
1174   $date = "$date[1]-$date[2]-$date[0]";
1175   return $date;
1176  }
1177  
1178  function save_date()
1179  {
1180   $date = date ("Y-m-d");
1181   return $date;
1182  }
1183  
1184  function redirect_page($local_404='propview.php', $refer_404='index.php')
1185  {
1186   $referedby = $_SERVER['HTTP_REFERER'];
1187   $myname = $_SERVER['SERVER_NAME'];
1188   if ($referedby == '$myname' || $referedby == "" )
1189   {
1190    header ("Location: http://".$_SERVER['HTTP_HOST'] 
1191    .dirname($_SERVER['PHP_SELF'])
1192    ."/".$local_404);
1193    exit;
1194   }
1195   else
1196   {
1197    header ("Location: http://".$_SERVER['HTTP_HOST'] 
1198    .dirname($_SERVER['PHP_SELF'])
1199    ."/".$refer_404);
1200    exit; 
1201   }
1202  }
1203  function check_version()
1204  {
1205   global $table_prefix;
1206   $link = getdb();
1207   $version = @mysql_fetch_array(mysql_query("select version from 
1208      ".$table_prefix."freerealty", $link)); 
1209   return $version['version']; 
1210  }
1211  
1212  function slashquote($sqlquotes)
1213  {
1214   if (get_magic_quotes_gpc())
1215   {
1216    $sqlquotes = stripslashes($sqlquotes);
1217   }
1218   if (!is_numeric($sqlquotes))
1219   {
1220   $sqlquotes =  mysql_real_escape_string($sqlquotes);
1221   }
1222   return $sqlquotes;
1223  }
1224  
1225  function unquote($sqlquotes)
1226  {
1227   if (get_magic_quotes_gpc() &&!array($sqlquotes))
1228   {
1229    $sqlquotes = stripslashes($sqlquotes);
1230   }
1231   return $sqlquotes;
1232  }
1233  function heat_list ($heat= '', $single = '')
1234  {
1235   global $table_prefix;
1236   $link = getdb();
1237   $sql = "select id, heat from ".$table_prefix."heat_types";
1238   if ($single == "1")
1239    $sql .= " where id = '$heat' ";
1240    $result = mysql_query($sql, $link);
1241    if ($single != "1") 
1242    {
1243     echo "Heat: <select name = \"heat\" >";
1244     while ($display = mysql_fetch_array($result)) 
1245     {
1246      echo "<option value=\"$display[id]\"";
1247      if ("$display[id]" == "$heat")
1248      echo " selected ";
1249      echo "> $display[heat]";    
1250     }
1251     echo "</select><br />";
1252    }
1253    else
1254    {
1255     $display = mysql_fetch_array($result);
1256     echo "$display[heat]<br />";
1257     }
1258  }
1259  function property_style_list ($style = '', $single = '') 
1260  {
1261   global $table_prefix;
1262   $link = getdb();
1263   $sql = "select id, property_style from ".$table_prefix."property_styles";
1264   if ($single == "1")
1265   $sql .= " where id = '$style' ";
1266   $result = mysql_query($sql, $link);
1267   if ($single != "1")  
1268   {
1269    echo "Style: <select name = \"style\" >";
1270    while ($display = mysql_fetch_array($result)) 
1271    {
1272     echo "<option value=\"$display[id]\"";
1273     if ("$display[id]" == "$style")
1274      echo " selected ";
1275     echo "> $display[property_style]";    
1276    }
1277    echo "</select><br />";
1278   }
1279   else {
1280    $display = mysql_fetch_array($result);
1281    echo "$display[property_style]<br />";
1282   }
1283  }
1284  
1285  function property_type_list($type = '', $single = '') 
1286  {
1287   global $table_prefix;
1288   $link = getdb();
1289   $sql = "select id, property_type from ".$table_prefix."property_types";
1290   if ($single == "1")
1291    $sql .= " where id = '$type' ";
1292   $result = mysql_query($sql, $link);
1293   if ($single != "1") 
1294   {
1295    echo "Type: <select name = \"type\" >";
1296    while ($display = mysql_fetch_array($result)) 
1297    {
1298     echo "<option value=\"$display[id]\"";
1299     if ("$display[id]" == "$type")
1300      echo " selected ";
1301     echo "> $display[property_type]";    
1302    }
1303    echo "</select><br />";
1304   }
1305   else {
1306    $display = mysql_fetch_array($result);
1307    echo "$display[property_type]<br />";
1308   }
1309  
1310  }
1311  function default_city () {
1312      global $table_prefix;
1313      $link = getdb();
1314      $sql = "select defaultvalue from ".$table_prefix."defaults where 
1315          defaultid = 'city'";
1316      $city = mysql_query($sql, $link);
1317      $city = mysql_fetch_array ($city);
1318      $city = $city['defaultvalue'];
1319      return $city;
1320  }
1321  
1322  function property_state_list($state = '', $single = '') {
1323      global $table_prefix;
1324      $link = getdb();
1325      $sql = "select id, state from ".$table_prefix."states ";
1326      if ($single == "1")
1327          $sql .= " where id = '$state' ";
1328      $result = mysql_query($sql, $link);
1329  //    echo $sql;
1330  
1331      if ($single != "1") {
1332          if ($state == '')
1333          {
1334          $sql = "select defaultvalue from ".$table_prefix."defaults where defaultid = 'state' ";
1335          $default = mysql_query($sql, $link);
1336      
1337          $default_state = mysql_fetch_array($default);
1338          $state = $default_state['defaultvalue'];
1339          }
1340  
1341      echo "State: <select name = \"state\" >";
1342      while ($display = mysql_fetch_array($result)) {
1343          echo "<option value=\"$display[id]\"";
1344          if ("$display[id]" == "$state")
1345              echo " selected ";
1346          echo "> $display[state]";    
1347      }
1348      echo "</select><br />";
1349      }
1350      else {
1351          $display = mysql_fetch_array($result);
1352          echo "$display[state]<br />";
1353  
1354      }
1355  
1356  }
1357  function status_list($status = '', $single='') {
1358      global $table_prefix;
1359      $link = getdb();
1360      echo "Status: ";
1361      $sql = "select id, status, shown from ".$table_prefix."statuses ";
1362      
1363      if ($single == "1")
1364          $sql .= " where id = '$status' ";
1365      $result = mysql_query($sql, $link);
1366      
1367      if ($single != '1') {
1368        if ($status == '') {
1369        $sql = "select defaultvalue from ".$table_prefix."defaults where defaultid = 'status' ";
1370        $default = mysql_query($sql, $link);
1371        $default_status = mysql_fetch_array($default);
1372        $status = $default_status['defaultvalue'];
1373       }
1374      
1375      echo " <select name = \"status\" >";
1376      while ($display = mysql_fetch_array($result)) {
1377          echo "<option value=\"$display[id]\"";
1378          if ("$display[id]" == "$status")
1379              echo " selected ";
1380          echo "> $display[status] ";
1381          if (strtolower($display['shown']) == "n")
1382              echo " (Not Shown) ";
1383      
1384       }
1385       echo "</select>";
1386      }
1387      
1388      else {
1389          $display = mysql_fetch_array($result);
1390          echo "$display[status] ";
1391          if (strtolower($display['shown']) == "n")
1392              echo " (Not Shown) ";
1393            echo "<br />";
1394      }
1395      echo     "<br />";
1396  }
1397  
1398  function config_options($name, $edit = 'n') 
1399  {
1400   global $link;
1401   global $table_prefix;
1402  
1403   $sql = "select config_value ";
1404   if ($edit == 'edit') 
1405   {
1406    $sql .= ", config_key, config_label, allowed_values, description_text_field ";
1407   }
1408   $sql .= " from ".$table_prefix."configuration ";
1409   if ($name != '') 
1410   $sql .= " where config_key = '$name'  ";
1411   $result = mysql_query($sql, $link);
1412   if (!$result) { return; }
1413   while ($a_row = mysql_fetch_array($result))
1414   {
1415    $config_value = unquote($a_row['config_value']);
1416    if ($edit == 'edit')
1417    {
1418     echo "$a_row[config_label]";
1419     if (!empty($a_row['allowed_values']))
1420     echo "<select name = ";
1421     else     
1422     echo "<input name = ";
1423     echo "\"$a_row[config_key]\" ";
1424     if (!empty($a_row['allowed_values']))
1425     {
1426      echo ">";
1427      $allowed_values = unquote(explode(",", $a_row['allowed_values']));
1428      foreach($allowed_values as $key=>$value)
1429      {    
1430       echo "<option value=\"$value\" ";
1431       if ($value == $config_value)
1432       echo "selected "; 
1433       echo ">$value";
1434       }
1435       echo "</select>";
1436      }
1437     else 
1438     { 
1439      echo "type=\"text\" size=\"30\" value = \"$config_value\" >";
1440     }
1441     echo unquote($a_row['description_text_field']);
1442     echo "<br />";
1443    }
1444   }
1445   if ($edit == 'n')
1446   {
1447    return $config_value;
1448   }
1449  }
1450  
1451  /***********************************************************************
1452   * User Login Class
1453   * ********************************************************************/
1454  
1455  class user_login {
1456    var $user;
1457    var $password;
1458   function login($level = 'agent') 
1459   {
1460    global $table_prefix;
1461    $user = '';
1462    $password = '';
1463    $link = getdb();
1464  
1465    if (config_options('debug') == 'y') 
1466     echo "Login level $level <br />";
1467    if ((isset($_SESSION['user']) && isset($_SESSION['password']) && $_SESSION['password'] != "" && $_SESSION['password'] != "") && 
1468        isset($_SESSION['user_level']))
1469    {
1470     if ($level == $_SESSION['user_level'] || ($level == 'admin' 
1471       && $_SESSION['user_level'] == 'authorized user'))
1472     {
1473     $user = $_SESSION['user'];
1474     $password = $_SESSION['password'];
1475     $level = $_SESSION['user_level'];
1476     }
1477     else
1478     {
1479         unset($_SESSION['user']);
1480         unset($_SESSION['password']);
1481         unset($_SESSION['user_level']);
1482     }
1483     
1484     if (config_options('debug') == 'y')
1485     {
1486      echo "$user $password $level <br />";
1487     }
1488    }
1489    elseif (isset($_POST['admin_user']) && isset($_POST['admin_password']))
1490     {
1491      $user = preg_replace("{['\"]+}","", "$_POST[admin_user]");
1492      $password = preg_replace("{['\"]+}", "", "$_POST[admin_password]");
1493     }
1494    elseif (isset($_POST['agentname']) && isset($_POST['agentpassword']))
1495     {
1496      $user = preg_replace("{['\"]+}","", "$_POST[agentname]");
1497      $password = preg_replace("{['\"]+}", "", "$_POST[agentpassword]");
1498     }
1499    if ($level == 'agent')
1500    {
1501     $sql = "select agent_id, agent as user,  agentpass as password from 
1502     ".$table_prefix."agents 
1503     where agent = '$user' and agentpass = '$password' ";
1504    }
1505    elseif ($level == 'admin')
1506    {
1507       $sql = "select user, user_level, password from ".$table_prefix."users
1508       where user = '$user' and password = '$password' ";
1509    }
1510    if (config_options('debug') == 'y')
1511    echo "$sql ";
1512    if (!empty($_POST) && !mysql_fetch_array(mysql_query($sql, $link)))
1513        echo "Login Failed!";
1514    $results = mysql_query($sql, $link);
1515    while ($user_results = mysql_fetch_array($results))
1516    {
1517     if (!empty($user_results['agent_id']))
1518     $_SESSION['current_user'] = $user_results['agent_id']; 
1519     $_SESSION['user'] = $user_results['user'];
1520     $_SESSION['password'] = $user_results['password']; 
1521     if (!isset($user_results['user_level']))
1522     {
1523      $_SESSION['user_level'] = $level;
1524     }
1525     else { $_SESSION['user_level'] = $user_results['user_level']; }
1526  
1527     if (config_options('debug') == 'y')
1528         echo "User: $_SESSION[user], Password: $_SESSION[password], 
1529             User Level: $_SESSION[user_level]<br />";
1530    }
1531    if (empty($_SESSION['user']))
1532        $this->login_form($level);
1533   }    
1534   function login_form($level='agent') 
1535   {
1536    global $table_prefix;
1537    if (config_options('debug') == 'y') 
1538    {
1539     echo "Login form here <br />";
1540     echo "Level $level<br />";
1541    }
1542    if ($level == 'admin') 
1543    { 
1544     $login_name = 'admin_user';
1545     $login_password = 'admin_password'; 
1546    }
1547    else 
1548    { 
1549     $login_name = 'agentname';
1550     $login_password ='agentpassword';
1551    }
1552    if (config_options('hide_user') == 'y') { $user_entry = 'password'; }
1553    else { $user_entry = 'text'; }
1554    if (config_options('hide_pw') == 'y') { $pw_entry = 'password'; }
1555    else { $pw_entry = 'text'; }
1556  
1557    $page = $_SERVER['PHP_SELF'];
1558    print "<P><form action=\"$page\" method=\"post\">Please enter your user name and password:<P>";
1559    print "Login Name: <input type=$user_entry name=$login_name><P> ";
1560    print "Password: <input type=$pw_entry name=$login_password><P><input type=submit value=\"Log In\"></form><P>";
1561    if ($level == "agent")
1562    {
1563    echo "<form  action=\"emailpass.php\" method=\"post\">Enter your address to get your password emailed to you:
1564        <BR><input type=text name=email><P><input type=submit value=\"Email Agent Password\"></form>";
1565    }
1566    die();
1567  
1568   }
1569  }
1570  /***********************************************************************************
1571   * End User Login Class
1572   * ********************************************************************************/
1573  ?>

title

Description

title

Description

title

Description

title

title

Body