0) //IF SOME FORM WAS POSTED DO VALIDATION { /////////---getting config--------- $esq_con='select * from esb2b_config where es_id=1'; $esrow_con=mysql_fetch_array(mysql_query($esq_con)); $esq_gro='select * from esb2b_groups where es_memtype='.$_SESSION["esb2b_memtype"]; $esrow_gro=mysql_fetch_array(mysql_query($esq_gro)); /////////--------------getting information bout user's privious postings $esq_off="select * from esb2b_offers_buy where es_uid=".$_SESSION["esb2b_userid"]; $esbuy_count=mysql_num_rows(mysql_query($esq_off)); //////////////////////////////////--------------------------- if( $esbuy_count >= $esrow_gro["es_buy_cnt"] ) { echo "dhdhhdhhdhd"; ?> $esrow_gro["es_cat_cnt"]) { $errs[$errcnt]="$Too_many_Categories_provided"; $errcnt++; } if ( strlen(trim($es_title)) == 0 ) { $errs[$errcnt]="$Title_must_be_provided"; $errcnt++; } elseif(preg_match ("/[<>&]/", $es_title)) { $errs[$errcnt]="$Title_can_not_have_any_special_character"; $errcnt++; } if ( strlen(trim($es_description)) == 0 ) { $errs[$errcnt]="$Description_Must_be_provided"; $errcnt++; } elseif ( strlen(strip_tags($es_description)) > $esrow_con['es_description_length'] ) { $errs[$errcnt]="$Description_length_must_not_exceed ".$esrow_con['es_description_length']." $characters"; $errcnt++; } elseif( $esrow_con["es_approval_type_offer"] == 'auto') { if ( check_msg($es_description,0) == 'yes' ) { $errs[$errcnt]="$Description_must_not_contain_bad_words"; $errcnt++; } } if ( !is_numeric($es_quantity) || ($es_quantity <= 0) ) { $errs[$errcnt]="$Quantity_must_be_non_zero_positive_integer"; $errcnt++; } if ( strlen(trim($es_keywords)) == 0 ) { $errs[$errcnt]="$Keywords_must_be_provided"; $errcnt++; } elseif(preg_match ("/[<>&]/", $es_keywords)) { $errs[$errcnt]="$Keywords_can_not_have_any_special_character"; $errcnt++; } elseif(count($key) > $esrow_gro["es_keyword_cnt"]) { $errs[$errcnt]="$Too_many_keywords_provided"; $errcnt++; } if ( !is_numeric($es_price_cur_id) || ($es_price_cur_id == 0) ) { $errs[$errcnt]="$Price_currency_must_be_selected"; $errcnt++; } if ( !is_numeric($es_price) || ($es_price <= 0) ) { $errs[$errcnt]="$Price_must_be_non_zero_positive_number"; $errcnt++; } if($errcnt==0) { if(!get_magic_quotes_gpc()) { $es_title=str_replace("$","\$",addslashes($es_title)); $es_description=str_replace("$","\$",addslashes($es_description)); $es_quantity=str_replace("$","\$",addslashes($es_quantity)); $es_keywords=str_replace("$","\$",addslashes($es_keywords)); $logo=str_replace("$","\$",addslashes($logo)); } else { $es_offer_type=str_replace("$","\$",$es_offer_type); $es_title=str_replace("$","\$",$es_title); $es_description=str_replace("$","\$",$es_description); $es_quantity=str_replace("$","\$",$es_quantity); $es_keywords=str_replace("$","\$",$es_keywords); $logo=str_replace("$","\$",$logo); } $es_price_cur_id=(int)$es_price_cur_id; $es_price=$es_price; $es_postedon=date("YmdHis",time()); $es_approved='yes'; $es_uid=$_SESSION["esb2b_userid"]; // $es_expireson=; // $esq_con='select * from esb2b_config where es_id=1'; // $esrow_con=mysql_fetch_array(mysql_query($esq_con)); if($esrow_con['es_approval_type_offer']=='auto') { $es_new='no'; $es_approved='yes'; $es_msg="$Your_buy_offer_has_been_posted_successfully"; } else { $es_new='yes'; $es_approved='no'; $es_msg="$Your_buy_offer_has_been_sent_for_admin_approval"; } $esqi_off="Insert into `esb2b_offers_buy` (es_uid, es_title, es_description, es_quantity, es_postedon, es_keywords, es_price_cur_id, es_price, es_approved, es_new) values ($es_uid, '$es_title', '$es_description', $es_quantity, $es_postedon, '$es_keywords', $es_price_cur_id, $es_price, '$es_approved', '$es_new')"; // die($esqi_off); mysql_query($esqi_off); if(!$logo=="") { $img_url=(string)$logo; $esqi_off_img="Insert into `esb2b_offer_buy_images`(es_offer_id, es_img_url) values ($es_offer_id, '$img_url')"; mysql_query($esqi_off_img); } if(mysql_affected_rows()>0) { ///-adding to categories $esq_off="select max(es_id) as max_id from esb2b_offers_buy where 1"; $esrow_off=mysql_fetch_array(mysql_query($esq_off)); $es_offer_id=$esrow_off["max_id"]; foreach($cat as $es_value) { $esq_off_cat="select * from esb2b_offer_cats_buy where es_offer_id=$es_offer_id and es_cid=$es_value"; //echo $esq_off_cat; // $esrs_off_cat= if( mysql_num_rows(mysql_query($esq_off_cat)) > 0 ) continue; //skips if record already exists $esqi_off_cat="insert into esb2b_offer_cats_buy (es_offer_id, es_cid) values ($es_offer_id, $es_value)"; mysql_query($esqi_off_cat); ///////////////////////////////////////////////////-------------------------- ////////////////////////////////////----------------------------------------- ////--------mail to member/admin if approval is not auto if($esrow_con['es_approval_type_offer']<>'auto') { //SENDING MAIL TO MEMBER//////////////////////// // $esq_res="select * from esrrs_resources where esres_id=$esres_id"; // $esrow_res=mysql_fetch_array(mysql_query($esq_res)); $esq_mem="select * from esb2b_members where es_id=".$_SESSION["esb2b_userid"]; $esrow_mem=mysql_fetch_array(mysql_query($esq_mem)); $rs_con=mysql_fetch_array(mysql_query("select * from esb2b_config where es_id=1")); $es_null_char=$rs_con["es_null_char"]; $login_url=$rs_con["es_site_root"]."/signin.php"; // $esresource_url=$rs_con["essite_addr"]."/details_res.php?esres_id=$esres_id"; //Reads email to be sebt $esq_mail="SELECT * FROM esb2b_mails where es_mailid=6"; $esrs_mail=mysql_query($esq_mail); if ( $esrow_mail=mysql_fetch_array($esrs_mail) ) { $from =$esrow_mail["es_fromid"]; $to = $esrow_mem["es_email"]; $subject =$esrow_mail["es_subject"]; $header="From:" . $from . "\r\n" ."Reply-To:". $from ; $body=str_replace("%email%", $esrow_mem["es_email"],str_replace("%password%",$esrow_mem["es_password"],str_replace("%lname%", $esrow_mem["es_lastname"],str_replace("%fname%",$esrow_mem["es_firstname"],str_replace("%username%",$esrow_mem["es_username"], $esrow_mail["es_mail"]) )))); $body=str_replace("%signup_url%",$es_null_char,str_replace("%login_url%",$login_url,$body)); $body=str_replace("%message_text%",$es_null_char,str_replace("%message_title%",$es_null_char,str_replace("%sender_username%",$es_null_char,str_replace("%message_date%",$es_null_char,$body)))); $body=str_replace("%visitor_name%",$es_null_char,$body); $body=str_replace("%offer_title%",$es_title,str_replace("%offer_url%",$es_null_char,str_replace("%offer_id%",$es_null_char,$body))); if(isset($esrow_mail["es_html_format"])&&($esrow_mail["es_html_format"]=="yes")) { $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-type: text/html; charset=iso-8859-1\r\n"; // $body=str_replace("\n","%br%",$body); } // echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----"; // echo "
$body
"; // die(); if( $esrow_mail["es_status"]=='yes') mail($to,$subject,$body,$header); } ////////////////////////////////////////////////////////// ///// Sending mail to admin $rs0=mysql_fetch_array(mysql_query("select * from esb2b_config where es_id=1")); //$login_url=$site_root[0]."/signinform.php"; //Reads email to be sebt $esq_mail="SELECT * FROM esb2b_mails where es_mailid=7"; $esrs_mail=mysql_query($esq_mail); if ( $esrow_mail=mysql_fetch_array($esrs_mail) ) { $from =$esrow_mail["es_fromid"]; $to = $rs0["es_admin_email"]; $subject =$esrow_mail["es_subject"]; $header="From:" . $from . "\r\n" ."Reply-To:". $from ; // $body=$rs["mail"]; $body=str_replace("%email%", $esrow_mem["es_email"],str_replace("%password%",$es_null_char,str_replace("%lname%", $esrow_mem["es_lastname"],str_replace("%fname%",$esrow_mem["es_firstname"],str_replace("%username%",$esrow_mem["es_username"], $esrow_mail["es_mail"]) )))); $body=str_replace("%signup_url%",$es_null_char,str_replace("%login_url%",$login_url,$body)); $body=str_replace("%message_text%",$es_null_char,str_replace("%message_title%",$es_null_char,str_replace("%sender_username%",$es_null_char,str_replace("%message_date%",$es_null_char,$body)))); $body=str_replace("%visitor_name%",$es_null_char,$body); $body=str_replace("%offer_title%",$es_title,str_replace("%offer_url%",$es_null_char,str_replace("%offer_id%",$es_null_char,$body))); if(isset($esrow_mail["es_html_format"])&&($esrow_mail["es_html_format"]=="yes")) { $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-type: text/html; charset=iso-8859-1\r\n"; // $body=str_replace("\n","%br%",$body); } // echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----"; // echo "
$body
"; // die(); if( $esrow_mail["es_status"]=='yes') mail($to,$subject,$body,$header); } } //end if approval <> 'auto' elseif($esrow_con['es_approval_type_offer']=='auto') { //////-------mail to fav cats but if approval is auto 'coz otherwise it would be unapproved // echo "----------hello----------"; $esq_mail="SELECT * FROM esb2b_mails where es_mailid=24"; $esrs_mail=mysql_query($esq_mail); if ( ($esrow_mail=mysql_fetch_array($esrs_mail)) && ($esrow_mail['es_status']=='yes')) { ////////----------getting full path ids $cat_query=mysql_query("Select * from esb2b_categories where es_id in ($cid_list)"); $temp_cid_list=-1; while ($rs=mysql_fetch_array($cat_query)) { $temp_cid_list .=",".$rs["es_id"]; $cid=$rs["es_id"]; $cat_query1=mysql_query("Select * from esb2b_categories where es_id=" . $cid ); while ($rs1=mysql_fetch_array($cat_query1)) { $temp_cid_list.="," .$rs1["es_id"]; $cat_query1=mysql_query("Select * from esb2b_categories where es_id=" . $rs1["es_pid"] ); } } $cid_list=$temp_cid_list; //echo "
cats----".$temp_cid_list."----
"; //die(); //////----------------------------------------- $rs_con=mysql_fetch_array(mysql_query("select * from esb2b_config where es_id=1")); $es_null_char=$rs_con["es_null_char"]; $login_url=$rs_con["es_site_root"]."/signin.php"; $es_offer_url=$rs_con["es_site_root"]."/offers_buy.php?id=$es_offer_id&prod=buy"; // foreach($cat as $es_value) // { $esq3_cat="select * from esb2b_categories where es_id=$es_value"; $esrow3_cat=mysql_fetch_array(mysql_query($esq3_cat)); $es_cat_name=$esrow3_cat["es_cat_name"]; $esuser_id_list="-1"; $esq_fav_cat="select * from esb2b_fav_cats where es_type='buy' and cid in ($cid_list)"; //echo $esq_off_cat; $esrs_fav_cat=mysql_query($esq_fav_cat); while($esrow_fav_cat=mysql_fetch_array($esrs_fav_cat)) { $esuser_id_list.=",".$esrow_fav_cat["mid"]; } $esq3_mem="select * from esb2b_members where es_id in ($esuser_id_list)"; $esrs3_mem=mysql_query($esq3_mem); while($esrow3_mem=mysql_fetch_array($esrs3_mem)) { //send mail //////---getting category name only first matching cat for a user $esq1_fav_cat="select * from esb2b_fav_cats where cid in ($cid_list) and mid=".$esrow3_mem["es_id"]; //echo $esq_off_cat; $esrs1_fav_cat=mysql_query($esq1_fav_cat); $esrow_fav_cat=mysql_fetch_array($esrs1_fav_cat); $esq4_cat="select * from esb2b_categories where es_id=".$esrow_fav_cat["cid"]; //echo $esq_off_cat; $esrow4_cat=mysql_fetch_array(mysql_query($esq4_cat)); $es_cat_name=$esrow4_cat["es_cat_name"]; ///////---------------------- $from =$esrow_mail["es_fromid"]; $to = $esrow3_mem["es_email"]; $subject =$esrow_mail["es_subject"]; $header="From:" . $from . "\r\n" ."Reply-To:". $from ; $body=str_replace("%email%", $es_null_char,str_replace("%password%",$es_null_char,str_replace("%lname%", $esrow3_mem["es_lastname"],str_replace("%fname%",$esrow3_mem["es_firstname"],str_replace("%username%",$esrow3_mem["es_username"], $esrow_mail["es_mail"]) )))); $body=str_replace("%signup_url%",$es_null_char,str_replace("%login_url%",$login_url,$body)); $body=str_replace("%message_text%",$es_null_char,str_replace("%message_title%",$es_null_char,str_replace("%sender_username%",$es_null_char,str_replace("%message_date%",$es_null_char,$body)))); $body=str_replace("%visitor_name%",$es_null_char,$body); $body=str_replace("%offer_title%",$es_title,str_replace("%offer_url%",$es_offer_url,str_replace("%offer_id%",$es_offer_id,$body))); $body=str_replace("%category%",$es_cat_name,$body); if(isset($esrow_mail["es_html_format"])&&($esrow_mail["es_html_format"]=="yes")) { $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-type: text/html; charset=iso-8859-1\r\n"; // $body=str_replace("\n","
",$body); } // echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----"; // echo "
$body
"; // die(); if( $esrow_mail["es_status"]=='yes') mail($to,$subject,$body,$header); } //end while esrow3_mem ////////////////////////////////////////////////////////// } // end if //die(); } //end if approval == auto ///////////----------------- //////////////////////////////////////////////------------------------------- /////////////////////////////////////---------------------------------------- } if($es_approved=="yes") { ?> = $esrow_gro["es_buy_cnt"] ) { ?>
 

0) { $cid_list=$_POST["cid"]; $es_cat_list=$_POST["category"]; if ( $errcnt <> 0 ) { ?>
 
 
"No") { ?>
 
: - -

(1)?' categories':' category'; ?>)
*
" onClick="add_category()"> " onClick="remove_category()">
*
*  

( 1)?' keywords':' keyword'; ?>)
*
.
*   
    ">