Location: PHPKode > projects > Esvon Personals > esvon-personals/inc/pages/account.php
<?php

// --------------------------------------------------------------------------
//
// Esvon Classifieds v.4.0
// Copyright(C), Esvon LTD, 2001-2010, All Rights Reserved.
// E-mail: hide@address.com
//
// All forms of reproduction, including, but not limited to, internet posting, 
// printing, e-mailing, faxing and recording are strictly prohibited.
// One license required per site running Esvon Classifieds. 
// To obtain a license for using Esvon Classifieds, please register at
// http://www.esvon.com/pg/products/p_classifieds/
//
// --------------------------------------------------------------------------

if(!defined('SITE_PATH')) die('Access Denied');

CheckLoggedIn();

$ref = $_COOKIE['REG_FROM_URL'];
if($ref) {
  setcookie('REG_FROM_URL', '', 1);
  if(!strpos($ref,'page%3Daccount')){
    if(preg_match('/ref_url=([^&]+)/',$ref,$m)) $ref = 'http'.($_SERVER['HTTPS']=='on' ? 's' : '').'://'.$_SERVER['HTTP_HOST'].urldecode($m[1]);
    if(ctype_print($ref)){
      header('Location: '.$ref);
      exit;
    }
  }
}

if($_GET['pg']=='payment') ShowPaymentLog();
//elseif($_POST['act']=='ac_delete') DeleteUserAccount();
else ShowItems();


function ShowPaymentLog(){
global $db,$DATE_TIME_FMT,$TITLE_FIELD;
 
  $tpl = new HawkTpl;
  $tpl->InitArray('row,expired,pending');

  $cell_id = '';
  if(hwIsUserExpired()) $cell_id = 'def';
  elseif($_GET['why']=='realm') $cell_id = 'realm';
  if($cell_id) $tpl->AddCell('expired','',$cell_id);

  $ses_uid = (int)hwSessionGetVar('userid');
  
  $tpl_v = array(
    'CURR_SIGN' => CURR_SIGN,
  );

  // nav stuff
  $hw_num = 15;

  $off = (ctype_digit($_GET['off']) && $_SERVER['REQUEST_METHOD']=='GET') ? $_GET['off'] : 0;
  $num = $off * $hw_num;

  $num_rows = $db->one_data('SELECT COUNT(*) FROM '.TBL_PAY_LOG.' WHERE userid='.$ses_uid);
  $tpl_v['nav'] = GetNavigation($_SERVER['PHP_SELF'],$hw_num,10,$num_rows,$off,'&page=account&pg=payment');

  $a_v = $db->select('SELECT id AS charge_id,UNIX_TIMESTAMP(cdate) AS cdate,amount,descr,txn_id,link_id AS lid FROM '.TBL_PAY_LOG.' WHERE userid='.$ses_uid.
  " ORDER BY id DESC LIMIT $num,$hw_num");
  
  if(count($a_v)>0){

    $A_CAT = array();
    foreach($a_v as $v) {
      if($v['lid']) $A_CAT[$v['lid']] = '';
    }
    if($A_CAT) $A_CAT = $db->getAssoc('SELECT link_id,catid,'.$TITLE_FIELD.' FROM '.TBL_AD.' WHERE link_id IN('.implode(',',array_keys($A_CAT)).')');

    $ql = 'SELECT SUM(amount) FROM '.TBL_PAY_LOG.' WHERE userid='.$ses_uid;
    if($off){
      $id = $a_v[0]['id'];
      if($id) $ql.=' AND id <= '.$id;
    }

    $balance = $db->one_data($ql);
    if(!$balance) $balance = '0.00';

    foreach($a_v as $v) {

      if($v['lid']){
        $v['catid'] = $A_CAT[$v['lid']][1];
        $v['f_title'] = $A_CAT[$v['lid']][2];
      }
      else $v['catid'] = $v['f_title'] = '';

      $v['balance'] = $balance;
      $balance = sprintf('%.2f',$balance-$v['amount']);
      $v['cdate'] = strftime($DATE_TIME_FMT,$v['cdate']);
      $v['descr'] = hwGetPayInfoFmt($v['descr'],', ');
      $v['num'] = ++$num;
      $tpl->AddCell('row',$v);
    }
  }
  
  $num = 0;
  $a_v = $db->select('SELECT adid AS lid, UNIX_TIMESTAMP(odate) AS cdate, amount, details AS term, ttype FROM '.TBL_PAY_PEND.' WHERE userid='.$ses_uid.' ORDER BY id DESC');

  $A_CAT = array();
  foreach($a_v as $v) {
    if($v['lid']) $A_CAT[$v['lid']] = '';
  }
  if($A_CAT) $A_CAT = $db->getAssoc('SELECT link_id,catid,'.$TITLE_FIELD.' FROM '.TBL_AD.' WHERE link_id IN('.implode(',',array_keys($A_CAT)).')');

  foreach($a_v as $v) {

    if($v['lid']){
      $v['catid'] = $A_CAT[$v['lid']][1];
      $v['f_title'] = $A_CAT[$v['lid']][2];
    }
    else $v['catid'] = $v['f_title'] = '';

    $v['cdate'] = strftime($DATE_TIME_FMT,$v['cdate']);
    $v['descr'] = hwGetPayInfoFmt($v['term'], ', ');
    
    $a_term = explode(' ',$v['term']); 
    $v['term_hiddens'] = '';
    foreach($a_term AS $v1) $v['term_hiddens'].= '<input type=hidden name="term[]" value="'.trim($v1)."\">\n";

    $v['num'] = ++$num;
    $tpl->AddCell('pending',$v);
  }

  $tpl->Parse(TPL_PATH.'account_payments.htm', $tpl_v, 1);

}

function ShowItems(){
global $TITLE_FIELD,$DATE_FMT,$db;

  $ses_uid = (int)hwSessionGetVar('userid');
  
  //hwDeleteAds('userid='.$ses_uid.' AND hw_temp=1');

  // if only 1 ad allowed - show place ad / modify ad page
/*
  if(AD_ALLOWED == 1){
    $v = $db->one_assoc('SELECT link_id,catid FROM '.TBL_AD.' WHERE userid='.$ses_uid.' LIMIT 1');
    $url = 'index.php?page=';
    $url.= $v ? "modify&id=$v[link_id]&cid=$v[catid]" : 'add';
    header('Location: '.$url);
    exit;
  }
*/

 $whitelist = array(
   'act' => array(
     'type' => 'alpha',
   ),
   'id' => array(
     'type' => 'int',
   ),
   'off' => array(
     'type' => 'int',
   ),
   'listing' => array(
     'type' => 'alpha',
   ),
   'apr' => array(
     'type' => 'int',
   ),
 );

 $clean = esFilter($_REQUEST, $whitelist);

 $err_msg = '';
 
 if(!$err_msg && $clean['act']=='switch' && hwIsTokenOK()){
    
    $args = array(
      'ID' => $clean['id'],
      'OFF' => $clean['apr'],
      'ERR_MSG' => '',
    );
    hwModEvent('onAdUserSwitch',$args);    
    $err_msg = $args['ERR_MSG'];

    if(!$err_msg && !$clean['apr']){ // check before enabling ad
      $ads_max = $db->one_data('SELECT hw_ads_max FROM '.TBL_USER.' WHERE id='.$ses_uid);
      if(!$ads_max) $ads_max = AD_ALLOWED;
      if($ads_max>0){
        $ads_now = $db->one_data('SELECT count(*) FROM '.TBL_AD.' WHERE userid='.$ses_uid.' AND user_approved=1');
        if($ads_now>=$ads_max) $err_msg = hwLng('err_ads_max');
      }
    }
    
    if(!$err_msg) $db->query('UPDATE '.TBL_AD.' SET user_approved='.($clean['apr'] ? '0' : '1').' WHERE link_id="'.$clean['id'].'" AND userid='.$ses_uid);

    if($_POST['ajax']){
      if(!$err_msg) $err_msg = 'OK';
      header('Content-type: text/xml'); 
      echo "<xml><id>".$clean['id']."</id><msg>$err_msg</msg><appr>".(int)$_POST['apr_adm']."</appr></xml>";
      exit;
    }
 }

  if(!$err_msg && $clean['act']){

    if($clean['act']=='delete'){
      if(EN_U_DEL && hwIsTokenOK()){
        $a_id = array();
        if($clean['id']) $a_id = array($clean['id']);
        elseif(is_array($_REQUEST['id'])) $a_id = array_map('intval', $_REQUEST['id']);
        if($a_id) foreach($a_id as $lid){
          $ret = hwDeleteAds("link_id=$lid AND userid=$ses_uid");
          if($ret && EN_M_AD_DEL) hwSendMail(ADMIN_EMAIL,ADMIN_EMAIL,'{Item} Deleted - '.SITE_URL,"{Item} #$lid has been deleted");
        }
      }
    }
    $url = 'index.php?page=account';
    if($clean['listing']) $url.='&listing='.$clean['listing'];
    if($clean['off']) $url.='&off='.$clean['off'];
    header('Location: '.$url);
    exit;
  }

// active || expired
  if($clean['listing']=='expired') $sql = ' AND exp_date<'.SQL_NOW.' AND exp_date>"1900-01-01"';
  elseif($clean['listing']=='active') $sql = ' AND exp_date>'.SQL_NOW;
  else $sql = '';

  $_GET['q'] = trim($_GET['q']);
  if($_GET['q']){
    $keys = preg_split('/[\s,]+/', $_GET['q'], 5, PREG_SPLIT_NO_EMPTY); // 5 keywords max
    $a_num = array();
    $sql_like = '';
    foreach($keys as $k){
      if(ctype_digit($k)) $a_num[] = $k;
      $sql_like.= " OR $TITLE_FIELD LIKE '%".addcslashes($db->quote($k), '%_')."%'";
    }
    $sql.= ' AND (0';
    if($a_num) $sql.=' OR link_id IN("'.implode('","',$a_num).'")';
    $sql.= $sql_like.')';
    unset($sql_like,$a_num);
  }
  
  // nav stuff

  $o_Opts = &Factory::singleton('User_Options');
  if($_POST['btn_amt']) $o_Opts->set('ac_show_amt', (int)$_POST['ac_show_amt']);
  $hw_num = $o_Opts->get('ac_show_amt', 20);

  if(!$clean['off'] || $_SERVER['REQUEST_METHOD']=='POST') $clean['off'] = 0;

  $num_rows = $db->one_data('SELECT COUNT(*) FROM '.TBL_AD.' WHERE userid='.$ses_uid.$sql);
  
  if($hw_num>0) $nav = GetNavigation($_SERVER['PHP_SELF'],$hw_num,10,$num_rows,$clean['off'],'&page=account&listing='.$clean['listing'].'&q='.urlencode($_GET['q']));
  else $nav = '';

  $ql = 'SELECT '.hwSQLFieldsGet().',user_approved,approved,'.
  'UNIX_TIMESTAMP(exp_date) AS exp_ts, UNIX_TIMESTAMP(hw_added) AS hw_added,'.
  'exp_date<'.SQL_NOW.' AS expired,hw_pay_plan';
  
  if(hwModGetState('Pay_Per_Click') == 'A') $ql.=',hw_ppc_bided';
  if(hwModGetState('Multi_Lang') == 'A') $ql.=',hw_lang_id';
  
  $A_AV_FS = array();
  if(hwModGetState('Availability') == 'A'){ 
    $A_AV_FS = $db->two_col_assoc('SELECT fset,1 FROM '.TBL_FIELD.' WHERE db_f="hw_av_enabled"');
  }

  // Show extra options - begin block
  
  $A_OPTS = hwGetExtraOptions();
  foreach (array_keys($A_OPTS) AS $k) $ql.= ',hw_'.strtolower(substr($k,3,strlen($k)-3));
  
  // Show extra options - end block

  $ql.=' FROM '.TBL_AD.' WHERE userid='.$ses_uid.$sql.' ORDER BY catid,'.$TITLE_FIELD;
  if($hw_num>0) $ql.= ' LIMIT '.($clean['off']*$hw_num).','.$hw_num;
  
  $res = $db->query($ql);

/*
  if(hwModGetState('Auction') == 'A' && mysql_num_rows($res)>0){
    $A_BID = array();
    while($v = mysql_fetch_assoc($res)) $A_BID[$v['lid']]['amt'] = 0;
    mysql_data_seek($res,0);
    $res1 = $db->query('SELECT adid,count(*) AS amt FROM '.hwModTable('Auction','bid').
        ' WHERE adid IN('.implode(',',array_keys($A_BID)).') GROUP BY adid');
    while($v = mysql_fetch_assoc($res1)) $A_BID[$v['adid']]['amt'] = $v['amt'];
    $res1 = $db->query('SELECT b.adid, max(b.amount) AS maxamt,b.userid,a.hw_auct_bid FROM '.
	hwModTable('Auction','bid').' b, '.TBL_AD.' a WHERE b.adid IN("'.implode('","',array_keys($A_BID)).'")'.
	' AND b.adid = a.link_id GROUP BY b.adid, b.userid HAVING maxamt=a.hw_auct_bid');
    while($v = mysql_fetch_assoc($res1)) $A_BID[$v['adid']]['uid'] = $v['userid'];
    
  }
*/

  $catid = -1;
  $tpl = new HawkTpl;
  $tpl->InitArray('row');
  
  $z = array();
  
  if(mysql_num_rows($res) > 0){

    $GLOBALS['JQUERY'] = 1;

    $A_PP = $db->two_col_assoc('SELECT id,name FROM '.TBL_PAY_PLAN.' WHERE type="FEE" AND enabled=1');
    $A_HITS = hwGetHitsArrFromRes($res);
    while($v = mysql_fetch_assoc($res)){

      if($catid != $v['catid']){
  	    $catid = $v['catid'];
  	    $z['cname'] = GetCatPathCached($catid);
  	    $tpl->AddCell('row',$z,'cat');
    	}

      $v['hits'] = (int)$A_HITS[$v['link_id']];
      $v['lid'] = $v['link_id'];
      $v['hw_added'] = $v['hw_added'] ? strftime($DATE_FMT,$v['hw_added']) : '';

      $v['ex_p'] = '';
      // Multi_Lang 
      if(isset($v['hw_lang_id']) && $v['hw_lang_id']!=$GLOBALS['HW_LANG']){ 
        $v['ex_p'].='&lang='.($v['hw_lang_id'] ? $v['hw_lang_id'] : 'en');
      }
      $v['show_av_link'] = $A_AV_FS[ hwGetFsByCat($catid) ] ? 1 : 0;
      list($pp_id) = hwGetBasePlanFromStr($v['hw_pay_plan']);

      $v['item_plan'] = $A_PP[$pp_id] ? $A_PP[$pp_id] : $pp_id;
      
  /*
  	$v['hw_auct_bids_amt'] = $A_BID[$v['lid']]['amt'];
      $v['hw_auct_bidder_id'] = $A_BID[$v['lid']]['uid'];
  	if(!$v['hw_auct_bidder_id']) $v['hw_auct_bidder_id'] = 0;
  */
      
      $v = hwSQLRowGet($v);
    	$v['exp_date'] = $v['exp_ts'] ? strftime($DATE_FMT,$v['exp_ts']) : '';

      $tpl->AddCell('row', $v, 'item');

      // Show extra options - begin block
      
      $i = 0;
      $exopt_amt = count($A_OPTS);
      $ex_begin = true;
      foreach ($A_OPTS AS $key => $a_v) {

        $i++;
        $ex_id = strtolower(substr($key,3,strlen($key)-3));

        if($v['hw_'.$ex_id]) {

          if ($ex_begin) {
            $tpl->AddCell('row',array('lid' => $v['lid']),'ex_begin');
            $ex_begin = false;
          }

          $v1['ex_name'] = $a_v['NAME'];
          $v1['ex_val'] = $a_v['DESCR'][$v['hw_'.$ex_id]];
          $v1['ex_dt_end'] = '';

          if (preg_match("/\[$key-(\d+)-{$v['hw_'.$ex_id]}\]/",$v['hw_pay_plan'],$ex_date)){ 
            $v1['ex_dt_end'] = strftime($DATE_FMT,$ex_date[1]);
          }
          $tpl->AddCell('row',$v1,'ex_elem');
        }
        if ($i==$exopt_amt && !$ex_begin) $tpl->AddCell('row','','ex_end');
      }
      
      // Show extra options - end block

    }
  }

  $tpl_v = compact('num_rows','nav','err_msg');
  $tpl_v['EN_U_DEL'] = EN_U_DEL;
  $tpl_v['q'] = html_esc($_GET['q']);
  $tpl_v['listing'] = html_esc($clean['listing']);

  $tpl_v['ac_show_amt'] = '';
  for($i=20;$i<=100;$i+=20) $tpl_v['ac_show_amt'].='<option value='.$i.($i==$hw_num?' SELECTED':'').'>'.$i;

  /*$tpl_v['username'] = hwSessionGetVar('username');
  $tpl_v['first_view'] = hwSessionGetVar('u_ac_viewed') ? 0 : 1;
  if($tpl_v['first_view']) hwSessionSetVar('u_ac_viewed', 1);
  
  $v = $db->one_assoc('SELECT * FROM '.TBL_USER.' WHERE id='.$ses_uid);
  $O_UFS = &Factory::singleton('FieldsSet', '{user_fields}');
  $v = $O_UFS->FillCustomFieldsArray($v, true);
  $O_UFS->AdjustCustomFields($v);
  $v['u_exp_date'] = $v['exp_date'];
  unset($v['exp_date']);
  $tpl_v += $v;
  */
  
  $tpl->Parse(TPL_PATH.'account_items.htm',$tpl_v,1);

}

function DeleteUserAccount(){
  $uid = (int)hwSessionGetVar('userid');
  if(!$uid || !hwIsTokenOK()) return;
  hwDeleteUsers('SELECT * FROM '.TBL_USER.' WHERE id='.$uid);
  header('Location: index.php?page=login&logout=now');
  exit;
}

?>
Return current item: Esvon Personals