0) //IF SOME FORM WAS POSTED DO VALIDATION { /////////---getting config--------- $sbq_con='select * from b2b_config where sb_id=1'; $sbrow_con=mysql_fetch_array(mysql_query($sbq_con)); $sbq_gro='select * from b2b_groups where sb_memtype='.$_SESSION["b2b_memtype"]; $sbrow_gro=mysql_fetch_array(mysql_query($sbq_gro)); /////////--------------getting information bout user's privious postings $sbq_off="select * from b2b_offers where sb_uid=".$_SESSION["b2b_userid"]; $sbsell_count=mysql_num_rows(mysql_query($sbq_off)); //////////////////////////////////--------------------------- if( $sbsell_count >= $sbrow_gro["sb_sell_cnt"] ) { header("Location: gen_confirm_mem.php?err=post_offer&errmsg=".urlencode("Sorry, some error occurred and unable to post sell offer.")); die(); } ////////////////////-------------------- $sb_cat_list=str_replace(";",",",$_REQUEST["category"]); $cid_list=str_replace(";",",",$_REQUEST["cid"]); $cat=explode(",",$cid_list); // $cat_name=explode(",",$_REQUEST["category"]); $sb_title=$_REQUEST["sb_title"]; $sb_description=$_REQUEST["sb_description"]; $sb_quantity=$_REQUEST["sb_quantity"]; $sb_keywords=$_REQUEST["sb_keywords"]; $key=explode(",",$sb_keywords); $sb_location=$_REQUEST["sb_location"]; $sb_min_order=$_REQUEST["sb_min_order"]; $sb_price_cur_id=$_REQUEST["sb_price_cur_id"]; $sb_price=$_REQUEST["sb_price"]; $sb_samples_available=$_REQUEST["sb_samples_available"]; $sb_product_status=$_REQUEST["sb_product_status"]; $sb_delivery_time=$_REQUEST["sb_delivery_time"]; $sb_payment_mode='-1'; if(isset($_REQUEST["sb_cash"]) && ($_REQUEST["sb_cash"]=='yes') ) $sb_payment_mode.=',cash'; if(isset($_REQUEST["sb_cheque"]) && ($_REQUEST["sb_cheque"]=='yes') ) $sb_payment_mode.=',cheque'; if(isset($_REQUEST["sb_credit"]) && ($_REQUEST["sb_credit"]=='yes') ) $sb_payment_mode.=',credit'; if(isset($_REQUEST["sb_bank"]) && ($_REQUEST["sb_bank"]=='yes') ) $sb_payment_mode.=',bank'; if(isset($_REQUEST["sb_loc"]) && ($_REQUEST["sb_loc"]=='yes') ) $sb_payment_mode.=',loc'; if(isset($_REQUEST["sb_escrow"]) && ($_REQUEST["sb_escrow"]=='yes') ) $sb_payment_mode.=',escrow'; //echo $sb_payment_mode; $sb_other_mode=$_REQUEST["sb_other_mode"]; $sb_shipping_cost=$_REQUEST["sb_shipping_cost"]; // echo $cid_list."---hello"; if( $cid_list == '' ) { $errs[$errcnt]="Atleast one Category must be provided"; $errcnt++; } elseif(count($cat) > $sbrow_gro["sb_cat_cnt"]) { $errs[$errcnt]="Too many Categories provided"; $errcnt++; } if ( strlen(trim($sb_title)) == 0 ) { $errs[$errcnt]="Title must be provided"; $errcnt++; } elseif(preg_match ("/[<>&]/", $sb_title)) { $errs[$errcnt]="Title can not have any special character i.e. & < >"; $errcnt++; } if ( strlen(trim($sb_description)) == 0 ) { $errs[$errcnt]="Description must be provided"; $errcnt++; } elseif ( strlen(strip_tags($sb_description)) > $sbrow_con['sb_description_length'] ) { $errs[$errcnt]="Description length must not exceed ".$sbrow_con['sb_description_length']." characters"; $errcnt++; } elseif( $sbrow_con["sb_approval_type_offer"] == 'auto') { if ( check_msg($sb_description,0) == 'yes' ) { $errs[$errcnt]="Description must not contain bad words"; $errcnt++; } } if ( !is_numeric($sb_quantity) || ($sb_quantity <= 0) ) { $errs[$errcnt]="Quantity must be non-zero positive integer"; $errcnt++; } if ( strlen(trim($sb_keywords)) == 0 ) { $errs[$errcnt]="Keywords must be provided"; $errcnt++; } elseif(preg_match ("/[<>&]/", $sb_keywords)) { $errs[$errcnt]="Keywords can not have any special character i.e. & < >"; $errcnt++; } elseif(count($key) > $sbrow_gro["sb_keyword_cnt"]) { $errs[$errcnt]="Too many keywords provided"; $errcnt++; } if ( strlen(trim($sb_location)) == 0 ) { $errs[$errcnt]="Location must be provided"; $errcnt++; } elseif(preg_match ("/[<>&]/", $sb_location)) { $errs[$errcnt]="Location can not have any special character i.e. & < >"; $errcnt++; } if ( !is_numeric($sb_min_order) || ($sb_min_order <= 0) ) { $errs[$errcnt]="Minimum Order must be non-zero positive integer"; $errcnt++; } if ( !is_numeric($sb_price_cur_id) || ($sb_price_cur_id == 0) ) { $errs[$errcnt]="Price currency must be selected"; $errcnt++; } if ( !is_numeric($sb_price) || ($sb_price <= 0) ) { $errs[$errcnt]="Price must be non-zero positive number"; $errcnt++; } if ( !is_numeric($sb_delivery_time) || ($sb_delivery_time < 0) ) { $errs[$errcnt]="Delivery Time must be positive integer"; $errcnt++; } if ( !isset($_REQUEST["sb_cash"]) && !isset($_REQUEST["sb_cheque"]) && !isset($_REQUEST["sb_credit"]) && !isset($_REQUEST["sb_bank"]) && !isset($_REQUEST["sb_loc"]) && !isset($_REQUEST["sb_escrow"]) && (strlen(trim($sb_other_mode))==0) ) { $errs[$errcnt]="Atleast one Payment Mode must be provided"; $errcnt++; } if ( !is_numeric($sb_shipping_cost) || ($sb_shipping_cost < 0) ) { $errs[$errcnt]="Shipping Cost must be positive number"; $errcnt++; } if($errcnt==0) { if(!get_magic_quotes_gpc()) { $sb_title=str_replace("$","\$",addslashes($sb_title)); $sb_description=str_replace("$","\$",addslashes($sb_description)); $sb_quantity=str_replace("$","\$",addslashes($sb_quantity)); $sb_keywords=str_replace("$","\$",addslashes($sb_keywords)); $sb_location=str_replace("$","\$",addslashes($sb_location)); $sb_samples_available=str_replace("$","\$",addslashes($sb_samples_available)); $sb_product_status=str_replace("$","\$",addslashes($sb_product_status)); $sb_other_mode=str_replace("$","\$",addslashes($sb_other_mode)); } else { $sb_title=str_replace("$","\$",$sb_title); $sb_description=str_replace("$","\$",$sb_description); $sb_quantity=str_replace("$","\$",$sb_quantity); $sb_keywords=str_replace("$","\$",$sb_keywords); $sb_location=str_replace("$","\$",$sb_location); $sb_samples_available=str_replace("$","\$",$sb_samples_available); $sb_product_status=str_replace("$","\$",$sb_product_status); $sb_other_mode=str_replace("$","\$",$sb_other_mode); } $sb_min_order=(int)$sb_min_order; $sb_price_cur_id=(int)$sb_price_cur_id; $sb_price=$sb_price; $sb_delivery_time=(int)$sb_delivery_time; $sb_shipping_cost=$sb_shipping_cost; $sb_postedon=date("YmdHis",time()); $sb_approved='yes'; $sb_uid=$_SESSION["b2b_userid"]; // $sb_expireson=; $sbq_con='select * from b2b_config where sb_id=1'; $sbrow_con=mysql_fetch_array(mysql_query($sbq_con)); if($sbrow_con['sb_approval_type_offer']=='auto') { $sb_new='no'; $sb_approved='yes'; $sb_msg='Your sell offer has been posted successfully.'; } else { $sb_new='yes'; $sb_approved='no'; $sb_msg='Your sell offer has been sent for admin approval.'; } $sbqi_off="Insert into `b2b_offers` (sb_uid, sb_title, sb_description, sb_quantity, sb_postedon, sb_keywords, sb_location, sb_min_order, sb_price_cur_id, sb_price, sb_samples_available, sb_product_status, sb_delivery_time, sb_payment_mode, sb_other_mode, sb_shipping_cost, sb_approved, sb_new) values ($sb_uid, '$sb_title', '$sb_description', $sb_quantity, $sb_postedon, '$sb_keywords', '$sb_location', $sb_min_order, $sb_price_cur_id, $sb_price, '$sb_samples_available', '$sb_product_status', $sb_delivery_time, '$sb_payment_mode', '$sb_other_mode', $sb_shipping_cost, '$sb_approved', '$sb_new')"; // die($sbqi_off); mysql_query($sbqi_off); if(mysql_affected_rows()>0) { ///-adding to categories $sbq_off="select max(sb_id) as max_id from b2b_offers where 1"; $sbrow_off=mysql_fetch_array(mysql_query($sbq_off)); $sb_offer_id=$sbrow_off["max_id"]; foreach($cat as $sb_value) { $sbq_off_cat="select * from b2b_offer_cats where sb_offer_id=$sb_offer_id and sb_cid=$sb_value"; //echo $sbq_off_cat; // $sbrs_off_cat= if( mysql_num_rows(mysql_query($sbq_off_cat)) > 0 ) continue; //skips if record already exists $sbqi_off_cat="insert into b2b_offer_cats (sb_offer_id, sb_cid) values ($sb_offer_id, $sb_value)"; mysql_query($sbqi_off_cat); } ////--------mail to member/admin if approval is not auto if($sbrow_con['sb_approval_type_offer']<>'auto') { //SENDING MAIL TO MEMBER//////////////////////// // $sbq_res="select * from sbrrs_resources where sbres_id=$sbres_id"; // $sbrow_res=mysql_fetch_array(mysql_query($sbq_res)); $sbq_mem="select * from b2b_members where sb_id=".$_SESSION["b2b_userid"]; $sbrow_mem=mysql_fetch_array(mysql_query($sbq_mem)); $rs_con=mysql_fetch_array(mysql_query("select * from b2b_config where sb_id=1")); $sb_null_char=$rs_con["sb_null_char"]; $login_url=$rs_con["sb_site_root"]."/signin.php"; // $sbresource_url=$rs_con["sbsite_addr"]."/details_res.php?sbres_id=$sbres_id"; //Reads email to be sebt $sbq_mail="SELECT * FROM b2b_mails where sb_mailid=6"; $sbrs_mail=mysql_query($sbq_mail); if ( $sbrow_mail=mysql_fetch_array($sbrs_mail) ) { $from =$sbrow_mail["sb_fromid"]; $to = $sbrow_mem["sb_email"]; $subject =$sbrow_mail["sb_subject"]; $header="From:" . $from . "\r\n" ."Reply-To:". $from ; $body=str_replace("%email%", $sbrow_mem["sb_email"],str_replace("%password%",$sbrow_mem["sb_password"],str_replace("%lname%", $sbrow_mem["sb_lastname"],str_replace("%fname%",$sbrow_mem["sb_firstname"],str_replace("%username%",$sbrow_mem["sb_username"], $sbrow_mail["sb_mail"]) )))); $body=str_replace("%signup_url%",$sb_null_char,str_replace("%login_url%",$login_url,$body)); $body=str_replace("%message_text%",$sb_null_char,str_replace("%message_title%",$sb_null_char,str_replace("%sender_username%",$sb_null_char,str_replace("%message_date%",$sb_null_char,$body)))); $body=str_replace("%visitor_name%",$sb_null_char,$body); $body=str_replace("%offer_title%",$sb_title,str_replace("%offer_url%",$sb_null_char,str_replace("%offer_id%",$sb_null_char,$body))); if(isset($sbrow_mail["sb_html_format"])&&($sbrow_mail["sb_html_format"]=="yes")) { $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-type: text/html; charset=iso-8859-1\r\n"; // $body=str_replace("\n","
",$body); } // echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----"; // echo "
$body
"; // die(); if( $sbrow_mail["sb_status"]=='yes') mail($to,$subject,$body,$header); } ////////////////////////////////////////////////////////// ///// Sending mail to admin $rs0=mysql_fetch_array(mysql_query("select * from b2b_config where sb_id=1")); //$login_url=$site_root[0]."/signinform.php"; //Reads email to be sebt $sbq_mail="SELECT * FROM b2b_mails where sb_mailid=7"; $sbrs_mail=mysql_query($sbq_mail); if ( $sbrow_mail=mysql_fetch_array($sbrs_mail) ) { $from =$sbrow_mail["sb_fromid"]; $to = $rs0["sb_admin_email"]; $subject =$sbrow_mail["sb_subject"]; $header="From:" . $from . "\r\n" ."Reply-To:". $from ; // $body=$rs["mail"]; $body=str_replace("%email%", $sbrow_mem["sb_email"],str_replace("%password%",$sb_null_char,str_replace("%lname%", $sbrow_mem["sb_lastname"],str_replace("%fname%",$sbrow_mem["sb_firstname"],str_replace("%username%",$sbrow_mem["sb_username"], $sbrow_mail["sb_mail"]) )))); $body=str_replace("%signup_url%",$sb_null_char,str_replace("%login_url%",$login_url,$body)); $body=str_replace("%message_text%",$sb_null_char,str_replace("%message_title%",$sb_null_char,str_replace("%sender_username%",$sb_null_char,str_replace("%message_date%",$sb_null_char,$body)))); $body=str_replace("%visitor_name%",$sb_null_char,$body); $body=str_replace("%offer_title%",$sb_title,str_replace("%offer_url%",$sb_null_char,str_replace("%offer_id%",$sb_null_char,$body))); if(isset($sbrow_mail["sb_html_format"])&&($sbrow_mail["sb_html_format"]=="yes")) { $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-type: text/html; charset=iso-8859-1\r\n"; // $body=str_replace("\n","
",$body); } // echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----"; // echo "
$body
"; // die(); if( $sbrow_mail["sb_status"]=='yes') mail($to,$subject,$body,$header); } } //end if approval <> 'auto' elseif($sbrow_con['sb_approval_type_offer']=='auto') { /*/////-------mail to fav cats but if approval is auto 'coz otherwise it would be unapproved $sbq_mail="SELECT * FROM b2b_mails where sb_mailid=24"; $sbrs_mail=mysql_query($sbq_mail); if ( ($sbrow_mail=mysql_fetch_array($sbrs_mail)) && ($sbrow_mail['sb_status']=='yes')) { ////////----------getting full path ids ///////////////////////////////////////////////////// $cat_query=mysql_query("Select * from b2b_categories where sb_id in ($cid_list)"); $temp_cid_list=-1; while ($rs=mysql_fetch_array($cat_query)) { $temp_cid_list .=",".$rs["sb_id"]; $cid=$rs["sb_id"]; $cat_query1=mysql_query("Select * from b2b_categories where sb_id=" . $cid ); while ($rs1=mysql_fetch_array($cat_query1)) { $temp_cid_list.="," .$rs1["sb_id"]; $cat_query1=mysql_query("Select * from b2b_categories where sb_id=" . $rs1["sb_pid"] ); } } $cid_list=$temp_cid_list; //echo "
cats----".$temp_cid_list."----
"; //die(); //////----------------------------------------- $rs_con=mysql_fetch_array(mysql_query("select * from b2b_config where sb_id=1")); $sb_null_char=$rs_con["sb_null_char"]; $login_url=$rs_con["sb_site_root"]."/signin.php"; $sb_offer_url=$rs_con["sb_site_root"]."/view_offer?id=$sb_offer_id"; $sbuser_id_list="-1"; $sbq_fav_cat="select * from b2b_fav_cats where sb_type='sell' and cid in ($cid_list)"; // echo $sbq_fav_cat; $sbrs_fav_cat=mysql_query($sbq_fav_cat); while($sbrow_fav_cat=mysql_fetch_array($sbrs_fav_cat)) { $sbuser_id_list.=",".$sbrow_fav_cat["mid"]; } // echo "
user list".$sbuser_id_list."
"; $sbq3_mem="select * from b2b_members where sb_id in ($sbuser_id_list)"; // echo $sbq3_mem; $sbrs3_mem=mysql_query($sbq3_mem); while($sbrow3_mem=mysql_fetch_array($sbrs3_mem)) { //send mail //////---getting category name only first matching cat for a user $sbq1_fav_cat="select * from b2b_fav_cats where cid in ($cid_list) and mid=".$sbrow3_mem["sb_id"]; //echo $sbq_off_cat; $sbrs1_fav_cat=mysql_query($sbq1_fav_cat); $sbrow_fav_cat=mysql_fetch_array($sbrs1_fav_cat); $sbq4_cat="select * from b2b_categories where sb_id=".$sbrow_fav_cat["cid"]; //echo $sbq_off_cat; $sbrow4_cat=mysql_fetch_array(mysql_query($sbq4_cat)); $sb_cat_name=$sbrow4_cat["sb_cat_name"]; ///////---------------------- $from =$sbrow_mail["sb_fromid"]; $to = $sbrow3_mem["sb_email"]; $subject =$sbrow_mail["sb_subject"]; $header="From:" . $from . "\r\n" ."Reply-To:". $from ; $body=str_replace("%email%", $sb_null_char,str_replace("%password%",$sb_null_char,str_replace("%lname%", $sbrow3_mem["sb_lastname"],str_replace("%fname%",$sbrow3_mem["sb_firstname"],str_replace("%username%",$sbrow3_mem["sb_username"], $sbrow_mail["sb_mail"]) )))); $body=str_replace("%signup_url%",$sb_null_char,str_replace("%login_url%",$login_url,$body)); $body=str_replace("%message_text%",$sb_null_char,str_replace("%message_title%",$sb_null_char,str_replace("%sender_username%",$sb_null_char,str_replace("%message_date%",$sb_null_char,$body)))); $body=str_replace("%visitor_name%",$sb_null_char,$body); $body=str_replace("%offer_title%",$sb_title,str_replace("%offer_url%",$sb_offer_url,str_replace("%offer_id%",$sb_offer_id,$body))); $body=str_replace("%category%",$sb_cat_name,$body); if(isset($sbrow_mail["sb_html_format"])&&($sbrow_mail["sb_html_format"]=="yes")) { $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-type: text/html; charset=iso-8859-1\r\n"; // $body=str_replace("\n","%br>",$body); } // echo "--from:-$from----to:-$to---sub:-$subject----head:-$header----"; // echo "
$body
"; // die(); if( $sbrow_mail["sb_status"]=='yes') mail($to,$subject,$body,$header); } //end while sbrow3_mem ////////////////////////////////////////////////////////// } // end if //die();*/ } //end if approval == auto ///////////----------------- if($sb_approved=="yes") { header ("Location: gen_confirm_mem.php?sb_type=1&id=$sb_offer_id&errmsg=".urlencode($sb_msg)); } else { header ("Location: gen_confirm_mem.php?errmsg=".urlencode($sb_msg)); } die(); }// if inserted else { header("Location: gen_confirm_mem.php?err=post_offer&errmsg=".urlencode("Sorry, some error occurred and unable to post sell offer.")); die(); } }// if no errors }// if form posted else { /////////---getting config--------- $sbq_con='select * from b2b_config where sb_id=1'; $sbrow_con=mysql_fetch_array(mysql_query($sbq_con)); $sbq_gro='select * from b2b_groups where sb_memtype='.$_SESSION["b2b_memtype"]; $sbrow_gro=mysql_fetch_array(mysql_query($sbq_gro)); /////////--------------getting information bout user's privious postings $sbq_off="select * from b2b_offers where sb_uid=".$_SESSION["b2b_userid"]; $sbsell_count=mysql_num_rows(mysql_query($sbq_off)); //////////////////////////////////--------------------------- if( $sbsell_count >= $sbrow_gro["sb_sell_cnt"] ) { header("Location: gen_confirm_mem.php?errmsg=".urlencode("You have already posted maximum allowed Angebote.")); die(); } $cid_list=''; $sb_cat_list=''; $sb_title=''; $sb_description=''; $sb_quantity=''; $sb_keywords=''; $sb_location=''; $sb_min_order=''; $sb_price_cur_id=''; $sb_price=''; $sb_samples_available='no'; $sb_product_status='New'; $sb_delivery_time=''; $sb_payment_mode=''; $sb_other_mode=''; $sb_shipping_cost=''; } function main () { global $sbsell_count, $sbrow_con, $sbrow_gro, $errs, $errcnt, $cid_list, $sb_cat_list, $sb_title, $sb_description, $sb_quantity, $sb_keywords, $sb_location, $sb_min_order, $sb_price_cur_id, $sb_price, $sb_samples_available, $sb_product_status, $sb_delivery_time, $sb_payment_mode, $sb_other_mode, $sb_shipping_cost; $showform=""; if (count($_POST)>0) { $cid_list=$_POST["cid"]; $sb_cat_list=$_POST["category"]; if ( $errcnt <> 0 ) { ?>
 Your request cannot be processed due to following reasons
 
"No") { ?>
 Angebot eintragen
Aktuelle Angebote:- Maximale Angebote-
Kategorien
(Maximal 1)?' erlaubt':' category'; ?>) 		*
Überschrift *
Beschreibung *
Menge *  
Suchwörter
(Max 1)?' Wörter':' keyword'; ?>) 		*
Bitte trennen Sie mehrere Such wörter duch ein Komma.
Standort
 *
Mindest Abnahme
 *
Preis
 *   
Muster erhältlich
 *
Zustand
*
Liefer Zeit
 * Tage
Zahlungs Bedingungen
 * > Bar bei Abholung
> Scheck
> Kredit Karte
> Überweisung
> Bankbürgschaft
> Treuhand
Andere Formen:
Liefer Kosten
 *