<?php
// --------------------------------------------------------------------------
//
// Esvon Classifieds v.4.0
// Copyright(C), Esvon LTD, 2001-2010, All Rights Reserved.
// E-mail: hide@address.com
//
// All forms of reproduction, including, but not limited to, internet posting,
// printing, e-mailing, faxing and recording are strictly prohibited.
// One license required per site running Esvon Classifieds.
// To obtain a license for using Esvon Classifieds, please register at
// http://www.esvon.com/pg/products/p_classifieds/
//
// --------------------------------------------------------------------------
if(!defined('SITE_PATH')) die('Access Denied');
CheckLoggedIn();
$ref = $_COOKIE['REG_FROM_URL'];
if($ref) {
setcookie('REG_FROM_URL', '', 1);
if(!strpos($ref,'page%3Daccount')){
if(preg_match('/ref_url=([^&]+)/',$ref,$m)) $ref = 'http'.($_SERVER['HTTPS']=='on' ? 's' : '').'://'.$_SERVER['HTTP_HOST'].urldecode($m[1]);
if(ctype_print($ref)){
header('Location: '.$ref);
exit;
}
}
}
if($_GET['pg']=='payment') ShowPaymentLog();
//elseif($_POST['act']=='ac_delete') DeleteUserAccount();
else ShowItems();
function ShowPaymentLog(){
global $db,$DATE_TIME_FMT,$TITLE_FIELD;
$tpl = new HawkTpl;
$tpl->InitArray('row,expired,pending');
$cell_id = '';
if(hwIsUserExpired()) $cell_id = 'def';
elseif($_GET['why']=='realm') $cell_id = 'realm';
if($cell_id) $tpl->AddCell('expired','',$cell_id);
$ses_uid = (int)hwSessionGetVar('userid');
$tpl_v = array(
'CURR_SIGN' => CURR_SIGN,
);
// nav stuff
$hw_num = 15;
$off = (ctype_digit($_GET['off']) && $_SERVER['REQUEST_METHOD']=='GET') ? $_GET['off'] : 0;
$num = $off * $hw_num;
$num_rows = $db->one_data('SELECT COUNT(*) FROM '.TBL_PAY_LOG.' WHERE userid='.$ses_uid);
$tpl_v['nav'] = GetNavigation($_SERVER['PHP_SELF'],$hw_num,10,$num_rows,$off,'&page=account&pg=payment');
$a_v = $db->select('SELECT id AS charge_id,UNIX_TIMESTAMP(cdate) AS cdate,amount,descr,txn_id,link_id AS lid FROM '.TBL_PAY_LOG.' WHERE userid='.$ses_uid.
" ORDER BY id DESC LIMIT $num,$hw_num");
if(count($a_v)>0){
$A_CAT = array();
foreach($a_v as $v) {
if($v['lid']) $A_CAT[$v['lid']] = '';
}
if($A_CAT) $A_CAT = $db->getAssoc('SELECT link_id,catid,'.$TITLE_FIELD.' FROM '.TBL_AD.' WHERE link_id IN('.implode(',',array_keys($A_CAT)).')');
$ql = 'SELECT SUM(amount) FROM '.TBL_PAY_LOG.' WHERE userid='.$ses_uid;
if($off){
$id = $a_v[0]['id'];
if($id) $ql.=' AND id <= '.$id;
}
$balance = $db->one_data($ql);
if(!$balance) $balance = '0.00';
foreach($a_v as $v) {
if($v['lid']){
$v['catid'] = $A_CAT[$v['lid']][1];
$v['f_title'] = $A_CAT[$v['lid']][2];
}
else $v['catid'] = $v['f_title'] = '';
$v['balance'] = $balance;
$balance = sprintf('%.2f',$balance-$v['amount']);
$v['cdate'] = strftime($DATE_TIME_FMT,$v['cdate']);
$v['descr'] = hwGetPayInfoFmt($v['descr'],', ');
$v['num'] = ++$num;
$tpl->AddCell('row',$v);
}
}
$num = 0;
$a_v = $db->select('SELECT adid AS lid, UNIX_TIMESTAMP(odate) AS cdate, amount, details AS term, ttype FROM '.TBL_PAY_PEND.' WHERE userid='.$ses_uid.' ORDER BY id DESC');
$A_CAT = array();
foreach($a_v as $v) {
if($v['lid']) $A_CAT[$v['lid']] = '';
}
if($A_CAT) $A_CAT = $db->getAssoc('SELECT link_id,catid,'.$TITLE_FIELD.' FROM '.TBL_AD.' WHERE link_id IN('.implode(',',array_keys($A_CAT)).')');
foreach($a_v as $v) {
if($v['lid']){
$v['catid'] = $A_CAT[$v['lid']][1];
$v['f_title'] = $A_CAT[$v['lid']][2];
}
else $v['catid'] = $v['f_title'] = '';
$v['cdate'] = strftime($DATE_TIME_FMT,$v['cdate']);
$v['descr'] = hwGetPayInfoFmt($v['term'], ', ');
$a_term = explode(' ',$v['term']);
$v['term_hiddens'] = '';
foreach($a_term AS $v1) $v['term_hiddens'].= '<input type=hidden name="term[]" value="'.trim($v1)."\">\n";
$v['num'] = ++$num;
$tpl->AddCell('pending',$v);
}
$tpl->Parse(TPL_PATH.'account_payments.htm', $tpl_v, 1);
}
function ShowItems(){
global $TITLE_FIELD,$DATE_FMT,$db;
$ses_uid = (int)hwSessionGetVar('userid');
//hwDeleteAds('userid='.$ses_uid.' AND hw_temp=1');
// if only 1 ad allowed - show place ad / modify ad page
/*
if(AD_ALLOWED == 1){
$v = $db->one_assoc('SELECT link_id,catid FROM '.TBL_AD.' WHERE userid='.$ses_uid.' LIMIT 1');
$url = 'index.php?page=';
$url.= $v ? "modify&id=$v[link_id]&cid=$v[catid]" : 'add';
header('Location: '.$url);
exit;
}
*/
$whitelist = array(
'act' => array(
'type' => 'alpha',
),
'id' => array(
'type' => 'int',
),
'off' => array(
'type' => 'int',
),
'listing' => array(
'type' => 'alpha',
),
'apr' => array(
'type' => 'int',
),
);
$clean = esFilter($_REQUEST, $whitelist);
$err_msg = '';
if(!$err_msg && $clean['act']=='switch' && hwIsTokenOK()){
$args = array(
'ID' => $clean['id'],
'OFF' => $clean['apr'],
'ERR_MSG' => '',
);
hwModEvent('onAdUserSwitch',$args);
$err_msg = $args['ERR_MSG'];
if(!$err_msg && !$clean['apr']){ // check before enabling ad
$ads_max = $db->one_data('SELECT hw_ads_max FROM '.TBL_USER.' WHERE id='.$ses_uid);
if(!$ads_max) $ads_max = AD_ALLOWED;
if($ads_max>0){
$ads_now = $db->one_data('SELECT count(*) FROM '.TBL_AD.' WHERE userid='.$ses_uid.' AND user_approved=1');
if($ads_now>=$ads_max) $err_msg = hwLng('err_ads_max');
}
}
if(!$err_msg) $db->query('UPDATE '.TBL_AD.' SET user_approved='.($clean['apr'] ? '0' : '1').' WHERE link_id="'.$clean['id'].'" AND userid='.$ses_uid);
if($_POST['ajax']){
if(!$err_msg) $err_msg = 'OK';
header('Content-type: text/xml');
echo "<xml><id>".$clean['id']."</id><msg>$err_msg</msg><appr>".(int)$_POST['apr_adm']."</appr></xml>";
exit;
}
}
if(!$err_msg && $clean['act']){
if($clean['act']=='delete'){
if(EN_U_DEL && hwIsTokenOK()){
$a_id = array();
if($clean['id']) $a_id = array($clean['id']);
elseif(is_array($_REQUEST['id'])) $a_id = array_map('intval', $_REQUEST['id']);
if($a_id) foreach($a_id as $lid){
$ret = hwDeleteAds("link_id=$lid AND userid=$ses_uid");
if($ret && EN_M_AD_DEL) hwSendMail(ADMIN_EMAIL,ADMIN_EMAIL,'{Item} Deleted - '.SITE_URL,"{Item} #$lid has been deleted");
}
}
}
$url = 'index.php?page=account';
if($clean['listing']) $url.='&listing='.$clean['listing'];
if($clean['off']) $url.='&off='.$clean['off'];
header('Location: '.$url);
exit;
}
// active || expired
if($clean['listing']=='expired') $sql = ' AND exp_date<'.SQL_NOW.' AND exp_date>"1900-01-01"';
elseif($clean['listing']=='active') $sql = ' AND exp_date>'.SQL_NOW;
else $sql = '';
$_GET['q'] = trim($_GET['q']);
if($_GET['q']){
$keys = preg_split('/[\s,]+/', $_GET['q'], 5, PREG_SPLIT_NO_EMPTY); // 5 keywords max
$a_num = array();
$sql_like = '';
foreach($keys as $k){
if(ctype_digit($k)) $a_num[] = $k;
$sql_like.= " OR $TITLE_FIELD LIKE '%".addcslashes($db->quote($k), '%_')."%'";
}
$sql.= ' AND (0';
if($a_num) $sql.=' OR link_id IN("'.implode('","',$a_num).'")';
$sql.= $sql_like.')';
unset($sql_like,$a_num);
}
// nav stuff
$o_Opts = &Factory::singleton('User_Options');
if($_POST['btn_amt']) $o_Opts->set('ac_show_amt', (int)$_POST['ac_show_amt']);
$hw_num = $o_Opts->get('ac_show_amt', 20);
if(!$clean['off'] || $_SERVER['REQUEST_METHOD']=='POST') $clean['off'] = 0;
$num_rows = $db->one_data('SELECT COUNT(*) FROM '.TBL_AD.' WHERE userid='.$ses_uid.$sql);
if($hw_num>0) $nav = GetNavigation($_SERVER['PHP_SELF'],$hw_num,10,$num_rows,$clean['off'],'&page=account&listing='.$clean['listing'].'&q='.urlencode($_GET['q']));
else $nav = '';
$ql = 'SELECT '.hwSQLFieldsGet().',user_approved,approved,'.
'UNIX_TIMESTAMP(exp_date) AS exp_ts, UNIX_TIMESTAMP(hw_added) AS hw_added,'.
'exp_date<'.SQL_NOW.' AS expired,hw_pay_plan';
if(hwModGetState('Pay_Per_Click') == 'A') $ql.=',hw_ppc_bided';
if(hwModGetState('Multi_Lang') == 'A') $ql.=',hw_lang_id';
$A_AV_FS = array();
if(hwModGetState('Availability') == 'A'){
$A_AV_FS = $db->two_col_assoc('SELECT fset,1 FROM '.TBL_FIELD.' WHERE db_f="hw_av_enabled"');
}
// Show extra options - begin block
$A_OPTS = hwGetExtraOptions();
foreach (array_keys($A_OPTS) AS $k) $ql.= ',hw_'.strtolower(substr($k,3,strlen($k)-3));
// Show extra options - end block
$ql.=' FROM '.TBL_AD.' WHERE userid='.$ses_uid.$sql.' ORDER BY catid,'.$TITLE_FIELD;
if($hw_num>0) $ql.= ' LIMIT '.($clean['off']*$hw_num).','.$hw_num;
$res = $db->query($ql);
/*
if(hwModGetState('Auction') == 'A' && mysql_num_rows($res)>0){
$A_BID = array();
while($v = mysql_fetch_assoc($res)) $A_BID[$v['lid']]['amt'] = 0;
mysql_data_seek($res,0);
$res1 = $db->query('SELECT adid,count(*) AS amt FROM '.hwModTable('Auction','bid').
' WHERE adid IN('.implode(',',array_keys($A_BID)).') GROUP BY adid');
while($v = mysql_fetch_assoc($res1)) $A_BID[$v['adid']]['amt'] = $v['amt'];
$res1 = $db->query('SELECT b.adid, max(b.amount) AS maxamt,b.userid,a.hw_auct_bid FROM '.
hwModTable('Auction','bid').' b, '.TBL_AD.' a WHERE b.adid IN("'.implode('","',array_keys($A_BID)).'")'.
' AND b.adid = a.link_id GROUP BY b.adid, b.userid HAVING maxamt=a.hw_auct_bid');
while($v = mysql_fetch_assoc($res1)) $A_BID[$v['adid']]['uid'] = $v['userid'];
}
*/
$catid = -1;
$tpl = new HawkTpl;
$tpl->InitArray('row');
$z = array();
if(mysql_num_rows($res) > 0){
$GLOBALS['JQUERY'] = 1;
$A_PP = $db->two_col_assoc('SELECT id,name FROM '.TBL_PAY_PLAN.' WHERE type="FEE" AND enabled=1');
$A_HITS = hwGetHitsArrFromRes($res);
while($v = mysql_fetch_assoc($res)){
if($catid != $v['catid']){
$catid = $v['catid'];
$z['cname'] = GetCatPathCached($catid);
$tpl->AddCell('row',$z,'cat');
}
$v['hits'] = (int)$A_HITS[$v['link_id']];
$v['lid'] = $v['link_id'];
$v['hw_added'] = $v['hw_added'] ? strftime($DATE_FMT,$v['hw_added']) : '';
$v['ex_p'] = '';
// Multi_Lang
if(isset($v['hw_lang_id']) && $v['hw_lang_id']!=$GLOBALS['HW_LANG']){
$v['ex_p'].='&lang='.($v['hw_lang_id'] ? $v['hw_lang_id'] : 'en');
}
$v['show_av_link'] = $A_AV_FS[ hwGetFsByCat($catid) ] ? 1 : 0;
list($pp_id) = hwGetBasePlanFromStr($v['hw_pay_plan']);
$v['item_plan'] = $A_PP[$pp_id] ? $A_PP[$pp_id] : $pp_id;
/*
$v['hw_auct_bids_amt'] = $A_BID[$v['lid']]['amt'];
$v['hw_auct_bidder_id'] = $A_BID[$v['lid']]['uid'];
if(!$v['hw_auct_bidder_id']) $v['hw_auct_bidder_id'] = 0;
*/
$v = hwSQLRowGet($v);
$v['exp_date'] = $v['exp_ts'] ? strftime($DATE_FMT,$v['exp_ts']) : '';
$tpl->AddCell('row', $v, 'item');
// Show extra options - begin block
$i = 0;
$exopt_amt = count($A_OPTS);
$ex_begin = true;
foreach ($A_OPTS AS $key => $a_v) {
$i++;
$ex_id = strtolower(substr($key,3,strlen($key)-3));
if($v['hw_'.$ex_id]) {
if ($ex_begin) {
$tpl->AddCell('row',array('lid' => $v['lid']),'ex_begin');
$ex_begin = false;
}
$v1['ex_name'] = $a_v['NAME'];
$v1['ex_val'] = $a_v['DESCR'][$v['hw_'.$ex_id]];
$v1['ex_dt_end'] = '';
if (preg_match("/\[$key-(\d+)-{$v['hw_'.$ex_id]}\]/",$v['hw_pay_plan'],$ex_date)){
$v1['ex_dt_end'] = strftime($DATE_FMT,$ex_date[1]);
}
$tpl->AddCell('row',$v1,'ex_elem');
}
if ($i==$exopt_amt && !$ex_begin) $tpl->AddCell('row','','ex_end');
}
// Show extra options - end block
}
}
$tpl_v = compact('num_rows','nav','err_msg');
$tpl_v['EN_U_DEL'] = EN_U_DEL;
$tpl_v['q'] = html_esc($_GET['q']);
$tpl_v['listing'] = html_esc($clean['listing']);
$tpl_v['ac_show_amt'] = '';
for($i=20;$i<=100;$i+=20) $tpl_v['ac_show_amt'].='<option value='.$i.($i==$hw_num?' SELECTED':'').'>'.$i;
/*$tpl_v['username'] = hwSessionGetVar('username');
$tpl_v['first_view'] = hwSessionGetVar('u_ac_viewed') ? 0 : 1;
if($tpl_v['first_view']) hwSessionSetVar('u_ac_viewed', 1);
$v = $db->one_assoc('SELECT * FROM '.TBL_USER.' WHERE id='.$ses_uid);
$O_UFS = &Factory::singleton('FieldsSet', '{user_fields}');
$v = $O_UFS->FillCustomFieldsArray($v, true);
$O_UFS->AdjustCustomFields($v);
$v['u_exp_date'] = $v['exp_date'];
unset($v['exp_date']);
$tpl_v += $v;
*/
$tpl->Parse(TPL_PATH.'account_items.htm',$tpl_v,1);
}
function DeleteUserAccount(){
$uid = (int)hwSessionGetVar('userid');
if(!$uid || !hwIsTokenOK()) return;
hwDeleteUsers('SELECT * FROM '.TBL_USER.' WHERE id='.$uid);
header('Location: index.php?page=login&logout=now');
exit;
}
?>