"; print "
"; include("./templates/user_bottom.html"); exit; } elseif ($agentname != "" OR $current_user != "") { $sql = "SELECT id FROM agents WHERE agent='$agentname' and agentpass='$agentpassword'"; $result = mysql_query($sql) or die("Couldn't execute query."); $num = mysql_numrows($result); if ($num == 1) { session_register("agentname"); session_register("agentpassword"); echo "\r\n"; print "\r\n"; session_register("current_user"); session_register("agent"); session_register("agenturl"); session_register("agentemail"); //COLLECT INFORMATION ABOUT THE CURRENT USER $result = mysql_query("SELECT * FROM agents WHERE agent='$agentname';",$link); while ($a_row =mysql_fetch_array ($result) ) { $current_user = $a_row[id]; $agent = $a_row[agent]; $agenturl = $a_row[agenturl]; $agentemail = $a_row[agentemail]; } print "\r\n\r\n"; } else if ($num == 0) { include("./templates/user_top.html"); echo 'That login/password combination is incorrect.
'; print "
"; print "
";
include("./templates/user_bottom.html");
exit;
}
}
//print the header
print "\r\n";
include("./templates/agent_top.html");
//ERRORS AND STATUS DISPLAY IN THE BOX
//DELETE A RECORD
if ($delete != "")
{
$query = "DELETE FROM homes WHERE ((id = '$delete') AND (owner = $current_user))";
if (!mysql_query ($query, $link) )
{
die (mysql_error());
}
print "Listing #$delete has been removed...";
$query = "DELETE FROM tbl_Files WHERE ((prop_num = '$delete') AND (owner = '$current_user'))";
if (!mysql_query ($query, $link) )
{
die (mysql_error());
}
print "Images for property #$delete have also been removed...";
}
//DELETE AN IMAGE
if ($deleteimage != "")
{
$query = "DELETE FROM tbl_Files WHERE ((id_files = $deleteimage) AND (owner='$current_user'))";
if (!mysql_query ($query, $link) )
{
die (mysql_error());
}
print "$filename has been removed...";
}
if ($action == "upload")
{
if (isset($binFile) && $binFile != "none")
{
$data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
$strDescription = addslashes(nl2br($txtDescription));
$sql = "INSERT INTO tbl_Files ";
$sql .= "(description, bin_data, filename, filesize, filetype, owner, prop_num) ";
$sql .= "VALUES ('$strDescription', '$data', ";
$sql .= "'$binFile_name', '$binFile_size', '$binFile_type', '$current_user', '$propnum')";
if (!mysql_query ($sql, $link) )
{
die (mysql_error());
}
echo "Your image has been added ($binFile_name).";
}
}
//MODIFY A RECORD
if ($modify != "")
{
print "editing field $modify...";
//add slashes to input so things don't get fucked up in mySQL
$title = addslashes($title);
$address = addslashes($address);
$city = addslashes($city);
$previewdesc = addslashes($previewdesc);
$fulldesc = addslashes($fulldesc);
$neighborhood = addslashes($neighborhood);
$notes = addslashes($notes);
//strip extra characters out of the price
$price = ereg_replace("[^[:alnum:]]","",$price);
$sqfeet = ereg_replace("[^[:alnum:]]","",$sqfeet);
$proptax = ereg_replace("[^[:alnum:]]","",$proptax);
//formats the description text, if necessary
if ($linefeeds == "Y")
{
$previewdesc = ereg_replace("(\r\n|\n|\r)", "
", $previewdesc);
$fulldesc = ereg_replace("(\r\n|\n|\r)", "
", $fulldesc);
}
$query = "UPDATE homes SET title = '$title', address = '$address', city = '$city', state = '$state', zip = '$zip', price = '$price', previewdesc = '$previewdesc', fulldesc = '$fulldesc', type = '$type', imageloc = '$imageloc', beds ='$beds', baths='$baths', status='$status', featured='$featured', mls='$mls', neighborhood='$neighborhood', agent='$agent', agenturl='$agenturl', agentemail='$agentemail', air = '$air', alrm = '$alrm', bcny = '$bcny', cbl = '$cbl', crp = '$crp', dw = '$dw', dsp = '$dsp', fire = '$fire', gas = '$gas', hdwd = '$hdwd', mw = '$mw', onw = '$onw', pto = '$pto', wadr = '$wadr', wc = '$wc', fee = '$fee', bp = '$bp', boat = '$boat', clb = '$clb', gtd = '$gtd', crt = '$crt', fit = '$fit', ong = '$ong', pw = '$pw', pool = '$pool', pt = '$pt', spa = '$spa', spo = '$spo', tns = '$tns', notes = '$notes', owner = '$current_user', yearbuilt= '$yearbuilt', sqfeet = '$sqfeet', lotsize= '$lotsize', numfloors = '$numfloors', garagesize = '$garagesize', proptax = '$proptax', country = '$country', virtualtour = '$virtualtour' WHERE ((id='$modify') AND (owner = $current_user))";
if (!mysql_query ($query, $link) )
{
die (mysql_error());
}
print "Listing #$modify has been updated...";
}
//ADD A RECORD
if ($action=="add")
{
// code here
$listinfo = listinfo($agent, $link);
$listcount = listcount($current_user, $link);
if ($listinfo > $listcount) {
$dberror = "";
//add slashes to input so things don't get fucked up in mySQL
$title = addslashes($title);
$address = addslashes($address);
$city = addslashes($city);
$previewdesc = addslashes($previewdesc);
$fulldesc = addslashes($fulldesc);
$neighborhood = addslashes($neighborhood);
//strip extra characters out of the price
$price = ereg_replace("[^[:alnum:]]","",$price);
$sqfeet = ereg_replace("[^[:alnum:]]","",$sqfeet);
$proptax = ereg_replace("[^[:alnum:]]","",$proptax);
if ($linefeeds == "Y")
{
$previewdesc = ereg_replace("(\r\n|\n|\r)", "
", $previewdesc);
$fulldesc = ereg_replace("(\r\n|\n|\r)", "
", $fulldesc);
}
$query = "INSERT INTO homes (title, address, city, state, zip, price, previewdesc, fulldesc, type, imageloc, beds, baths, status, featured, mls, neighborhood, agent, agenturl, agentemail, air, alrm, bcny, cbl, crp, dw, dsp, fire, gas, hdwd, mw, onw, pto, wadr, wc, fee, bp, boat, clb, gtd, crt, fit, ong, pw, pool, pt, spa, spo, tns, notes, owner, yearbuilt, sqfeet, lotsize, numfloors, garagesize, proptax, country, virtualtour) values ('$title', '$address', '$city', '$state', '$zip', '$price', '$previewdesc', '$fulldesc', '$type', '$imageloc', '$beds', '$baths', '$status', '$featured','$mls', '$neighborhood', '$agent', '$agenturl', '$agentemail', '$air', '$alrm', '$bcny', '$cbl', '$crp', '$dw', '$dsp', '$fire', '$gas', '$hdwd', '$mw', '$onw', '$pto', '$wadr', '$wc', '$fee', '$bp', '$boat', '$clb', '$gtd', '$crt', '$fit', '$ong', '$pw', '$pool', '$pt', '$spa', '$spo', '$tns', '$notes', '$current_user', '$yearbuilt', '$sqfeet', '$lotsize', '$numfloors', '$garagesize', '$proptax', '$country', '$virtualtour')";
if (!mysql_query ($query, $link) )
{
die (mysql_error());
}
print "Your listing has been added...";
//code here
}
else echo "Your listing was not added: your outta limit...";
}
//THUS ENDS THE STATUS AREA...
?>
Preview Listing
";
$result = mysql_query("SELECT * FROM homes WHERE ((id='$edit') AND (owner = '$current_user'));",$link);
while ($a_row =mysql_fetch_array ($result) )
{
$propnum = $a_row[id];
//strip slashes so input appears correctly
$a_row[title] = stripslashes ($a_row[title]);
$a_row[address] = stripslashes($a_row[address]);
$a_row[city] = stripslashes($a_row[city]);
$a_row[previewdesc] = stripslashes($a_row[previewdesc]);
$a_row[fulldesc] = stripslashes($a_row[fulldesc]);
$a_row[neighborhood] = stripslashes($a_row[neighborhood]);
$a_row[notes] = stripslashes($a_row[notes]);
//format description fields appropriately
if ($linefeeds == "Y")
{
$a_row[previewdesc] = ereg_replace("
", "\r\n", $a_row[previewdesc]);
$a_row[fulldesc] = ereg_replace("
", "\r\n", $a_row[fulldesc]);
}
print "