I took it a step more and i added a field in the /admin/user_edit.php file so that you can input a number and change the number of listing with out have to change it man. in the database.
I have moderator turned on so that you have it so that the listing need to be approved first and you have a client that you trust you can go in and make so that their listing don't have to be moderator.
I also set it up that if you put "unlimited" into the the number of listing add_listing will let your user list as many as they want. Another thing you may want to do is go into the database that have the number of listing in it and set it default to one or how many you want the default user to have.
I might also of added some "variables/text" in the english lang. file
If you try this and it does not work right post it here and will see what else need to be add or it you figure it out post here.
Jason
The add_listing.php
<?php
global $action, $id, $lang, $conn, $config;
include("../include/common.php");
include("notifynewlisting.php");
loginCheck('registered_user');
include("$config[template_path]/admin_top.html");
//informs current total listing count
$sql = "SELECT ID FROM " . $config[table_prefix] . "listingsDB WHERE user_ID = $userID";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$ID = $recordSet->fields[ID];
$recordSet->MoveNext();
}
$num_listings = $recordSet->RecordCount();
$sql2 = "SELECT allocation FROM " . $config[table_prefix] . "UserDB WHERE ID = $userID";
$recordSet2 = $conn->Execute($sql2);
if ($recordSet2 === false)
{
log_error($sql2);
}
while (!$recordSet2->EOF)
{
$allocation = $recordSet2->fields[allocation];
$recordSet2->MoveNext();
}
//$num_listings = $recordSet->RecordCount();
//$allocation = "SELECT allocation FROM " . $config[table_prefix] . "UserDB WHERE user_ID = $userID";
echo "You have currently added a total of $num_listings listings. Your maximum allocation is $allocation.";
//this sets the maximum number of allowable properties
//message is given if user has reached limit
if ($num_listings>=$allocation and $allocation != "unlimited")
{
echo "<br>Sorry you have reached your maximum alloaction of properties.";
}
//if user has not reached their limit then the following form appears
else
{
if ($action == "create_new_listing")
{
// creates a new listing
if ($title == "")
{
echo "<p>$lang[admin_new_listing_enter_a_title]</p>";
echo "<FORM><INPUT TYPE=\"BUTTON\" VALUE=\"$lang[back_button_text]\" onClick=\"history.back()\"></FORM>";
} // end if
else
{
global $HTTP_POST_VARS, $pass_the_form, $userID;
$pass_the_form = validateForm(listingsFormElements);
if ($pass_the_form == "No")
{
// if we're not going to pass it, tell that they forgot to fill in one of the fields
echo "<p>$lang[required_fields_not_filled]</p>";
echo "<FORM><INPUT TYPE=\"BUTTON\" VALUE=\"$lang[back_button_text]\" onClick=\"history.back()\"></FORM>";
}
if ($pass_the_form == "Yes")
{
$title = make_db_safe($title);
$notes = make_db_safe($notes);
$mlsimport = make_db_safe($mlsimport);
// what the program should do if the form is valid
// generate a random number to enter in as the password (initially)
// we'll need to know the actual listing id to help with retrieving the listing.
// We'll be putting in a random number that we know the value of, we can easily
// retrieve the listing id in a few moments
$random_number = rand(1,10000);
// seeing if user can list items with out being moderated
$sql3 = "SELECT canModerate_Listings_Show FROM " . $config[table_prefix] . "UserDB WHERE ID = $userID";
$recordSet3 = $conn->Execute($sql3);
if ($recordSet3 === false)
{
log_error($sql3);
}
while (!$recordSet3->EOF)
{
$canModerate_Listings_Show = $recordSet3->fields[canModerate_Listings_Show];
$recordSet3->MoveNext();
}
// check to see if moderation is turned on...
if ($config[moderate_listings] == "no")
{
$set_active = "yes";
}
else
{
if ($canModerate_Listings_Show == "yes")
{
$set_active = "yes";
}
else
{
$set_active = "no";
} }
// create the account with the random number as the password
$expiration_date = mktime (0,0,0,date("m") ,date("d")+$config[days_until_listings_expire],date("Y"));
$sql = "INSERT INTO " . $config[table_prefix] . "listingsDB (title, notes, user_ID, active, mlsimport, creation_date, last_modified, expiration) VALUES ($title, '$random_number', '$userID', '$set_active', $mlsimport, ".$conn->DBDate(time()).",".$conn->DBTimeStamp(time()).",".$conn->DBDate($expiration_date).")";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
// then we need to retrieve the new listing id
$sql = "SELECT id FROM " . $config[table_prefix] . "listingsDB WHERE notes = '$random_number'";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$new_listing_id = $recordSet->fields[id]; // this is the new listing's ID number
$recordSet->MoveNext();
} // end while
// now it's time to replace the password
$sql = "UPDATE " . $config[table_prefix] . "listingsDB SET notes = $notes WHERE ID = '$new_listing_id'";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
// now that that's taken care of, it's time to insert all the rest
// of the variables into the database
$message = updateListingsData($new_listing_id, $userID);
if ($message == "success")
{
echo "<p>$lang[admin_new_listing_created], $user_name</p>";
if ($config[moderate_listings] == "yes")
{
// if moderation is turned on...
echo "<p>$lang[admin_new_listing_moderated]</p>";
}
echo "<p><a href=\"edit_my_listings.php?edit=$new_listing_id\">$lang[you_may_now_edit_your_listing]</p>";
log_action ("$lang[log_created_listing] $new_listing_id");
if ($config[email_notification_of_new_listings] == "yes")
{
// if the site admin should be notified when a new listing is added
global $config, $lang;
$message = $_SERVER[REMOTE_ADDR]. " -- ".date("F j, Y, g:i:s a")."\r\n\r\n$lang[admin_new_listing]:\r\n$config[baseu rl]/admin/listings_edit.php?edit=$new_listing_id\r\n";
$header = "From: ".$config['admin_email']." <".$config['admin_email'].">\r\n";
$header .= "X-Sender: $config[admin_email]\r\n";
$header .= "Return-Path: $config[admin_email]\r\n";
mail("$config[admin_email]", "$lang[admin_new_listing]", $message, $header);
} // end if
notifyNewListing($new_listing_id);
} // end if
else
{
echo "<p>$lang[alert_site_admin]</p>";
} // end else
} // end $pass_the_form == "Yes"
} // end else
} // end if $action == "create_new_listing"
else
{
?>
<form action="<?php echo $php_self ?>" method="post">
<input type="hidden" name="action" value="create_new_listing">
<table border="<?php echo $style[form_border] ?>" cellspacing="<?php echo $style[form_cellspacing] ?>" cellpadding="<?php echo $style[form_cellpadding] ?>" width="<?php echo $style[admin_table_width] ?>" class="form_main">
<tr><td colspan="2" class="row_main"><h3><?php echo $lang[admin_menu_add_a_listing] ?></h3></td></tr>
<tr>
<td align="right" class="row_main"><b><?php echo $lang[admin_listings_editor_title] ?> <span class="required">*</span></b></td>
<td align="left" class="row_main"> <input type="text" name="title"></td>
</tr>
<tr>
<td align="right" class="row_main"><b><?php echo $lang[admin_listings_editor_notes] ?></b><br><div class="small">(<?php echo $lang[admin_listings_editor_notes_note] ?>)</div></td>
<td align="left" class="row_main"><textarea name="notes" cols="40" rows="6"></textarea></td>
</tr>
<?php
global $conn;
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$sql = "SELECT id, field_type, field_name, field_caption, default_text, field_elements, rank, required from " . $config[table_prefix] . "listingsFormElements ORDER BY rank, field_name";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$id = $recordSet->fields[ID];
$field_type = $recordSet->fields[field_type];
$field_name = $recordSet->fields[field_name];
$field_caption = $recordSet->fields[field_caption];
$default_text = $recordSet->fields[default_text];
$field_elements = $recordSet->fields[field_elements];
$rank = $recordSet->fields[rank];
$required = $recordSet->fields[required];
$field_type = make_db_unsafe($field_type);
$field_name = make_db_unsafe($field_name);
$field_caption = make_db_unsafe($field_caption);
$default_text = make_db_unsafe($default_text);
$field_elements = make_db_unsafe($field_elements);
$required = make_db_unsafe($required);
renderFormElement($field_type, $field_name, $field_caption, $default_text, $field_elements, $required);
$recordSet->MoveNext();
} // end while
renderFormElement("submit","","Submit", "", "", "");
?>
</form>
<tr><td colspan="2" align="center" class="row_main"><?php echo $lang[required_form_text] ?></td></tr>
</table>
<?php
}// end if
}
include("$config[template_path]/admin_bottom.html");
$conn->Close(); // close the db connection
?>
And i also changed User_edit.php
<?php
include("../include/common.php");
loginCheck('Admin');
global $action, $id, $cur_page, $edit, $lang, $conn, $config;
include("$config[template_path]/admin_top.html");
if ($delete != "")
{
global $conn;
$sql_delete = make_db_safe($delete);
// delete the user
$sql = "DELETE FROM " . $config[table_prefix] . "UserDB WHERE ID = $sql_delete";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// delete all the elements associated with the user
$sql = "DELETE FROM " . $config[table_prefix] . "UserDBElements WHERE user_id = $sql_delete";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// delete all the listings associated with a user
$sql = "DELETE FROM " . $config[table_prefix] . "listingsDB WHERE (user_ID = $sql_delete)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// delete all the elements associated with a user
$sql = "DELETE FROM " . $config[table_prefix] . "listingsDBElements WHERE (user_id = $sql_delete)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// delete all the favorites associated with a user
$sql = "DELETE FROM " . $config[table_prefix] . "userFavoriteListings WHERE (user_id = $sql_delete)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// delete all the saved searches associated with a user
$sql = "DELETE FROM " . $config[table_prefix] . "userSavedSearches WHERE (user_id = $sql_delete)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// now get all the images associated with a user's listings
$sql = "SELECT file_name, thumb_file_name FROM " . $config[table_prefix] . "listingsImages WHERE (user_id = $sql_delete)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// so, you've got 'em... it's time to unlink those bad boys...
while (!$recordSet->EOF)
{
$thumb_file_name = make_db_unsafe ($recordSet->fields[thumb_file_name]);
$file_name = make_db_unsafe ($recordSet->fields[file_name]);
// get rid of those darned things...
if (!unlink("$config[listings_upload_path]/$file_name")) die("$lang[alert_site_admin]");
if ($file_name != $thumb_file_name)
{
if (!unlink("$config[listings_upload_path]/$thumb_file_name")) die("$lang[alert_site_admin]");
}
$recordSet->MoveNext();
}
// it's time to do the same for all the images associated with the user himself
$sql = "SELECT file_name, thumb_file_name FROM " . $config[table_prefix] . "userImages WHERE (user_id = $sql_delete)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
while (!$recordSet->EOF)
{
$thumb_file_name = make_db_unsafe ($recordSet->fields[thumb_file_name]);
$file_name = make_db_unsafe ($recordSet->fields[file_name]);
// get rid of those darned things...
if (!unlink("$config[user_upload_path]/$file_name")) die("$lang[alert_site_admin]");
if ($file_name != $thumb_file_name)
{
if (!unlink("$config[user_upload_path]/$thumb_file_name")) die("$lang[alert_site_admin]");
}
$recordSet->MoveNext();
}
// delete all the saved images associated with a user from userImages
$sql = "DELETE FROM " . $config[table_prefix] . "userImages WHERE (user_id = $sql_delete)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
// that's it... we're done. (More complicated than one might think, eh?)
log_action ("$lang[log_deleted_user]: $delete");
echo "<p>$lang[user_editor_user_number] '$delete' $lang[has_been_deleted]</p>";
}
if ($action == "update_user")
{
if ($user_email == "")
{
echo "<p>$lang[user_editor_need_email_address]</p>";
echo "<FORM><INPUT TYPE=\"BUTTON\" VALUE=\"$lang[back_button_text]\" onClick=\"history.back()\"></FORM>";
} // end else
if ($user_allocation == "")
{
echo "<p>$lang[user_editor_need_alloction]</p>";
echo "<FORM><INPUT TYPE=\"BUTTON\" VALUE=\"$lang[back_button_text]\" onClick=\"history.back()\"></FORM>";
} // end else
else
{
global $pass_the_form;
if ($edit_isAgent == "yes")
$pass_the_form = validateForm(agentFormElements);
else
$pass_the_form = validateForm(memberFormElements);
if ($pass_the_form == "No")
{
// if we're not going to pass it, tell that they forgot to fill in one of the fields
echo "<p>$lang[required_fields_not_filled]</p>";
}
if ($pass_the_form == "Yes")
{
$sql_edit = make_db_safe($edit);
$sql_user_email = make_db_safe($user_email);
$sql_user_allocation = make_db_safe($user_allocation);
if ($edit_user_pass != "")
{
$md5_user_pass = md5($edit_user_pass);
$sql_user_pass = make_db_safe($md5_user_pass);
$sql = "UPDATE " . $config[table_prefix] . "UserDB SET emailAddress = $sql_user_email, user_password = $sql_user_pass, last_modified = ".$conn->DBTimeStamp(time())." WHERE ID = $sql_edit";
$sql2 = "UPDATE " . $config[table_prefix] . "UserDB SET allocation = $sql_user_allocation, user_password = $sql_user_pass, last_modified = ".$conn->DBTimeStamp(time())." WHERE ID = $sql_edit";
}
else
{
$sql = "UPDATE " . $config[table_prefix] . "UserDB SET emailAddress = $sql_user_email, last_modified = ".$conn->DBTimeStamp(time())." WHERE ID = $sql_edit";
$sql2 = "UPDATE " . $config[table_prefix] . "UserDB SET allocation = $sql_user_allocation, last_modified = ".$conn->DBTimeStamp(time())." WHERE ID = $sql_edit";
}
$recordSet = $conn->Execute($sql);
$recordSet = $conn->Execute($sql2);
if ($recordSet === false) log_error($sql);
if ($admin_privs == "yes")
{
$sql_edit_active = make_db_safe($edit_active);
$sql_edit_isAgent = make_db_safe($edit_isAgent);
$sql_edit_isAdmin = make_db_safe($edit_isAdmin);
$sql_edit_canEditForms = make_db_safe($edit_canEditForms);
$sql_edit_canFeatureListings = make_db_safe($edit_canFeatureListings);
$sql_edit_canViewLogs = make_db_safe($edit_canViewLogs);
$sql_edit_canModerate = make_db_safe($edit_canModerate);
$sql_edit_canModerate_Listings_Show = make_db_safe($edit_canModerate_Listings_Show);
$sql = "UPDATE " . $config[table_prefix] . "UserDB SET isAdmin = $sql_edit_isAdmin,";
$sql .= "active = $sql_edit_active,";
$sql .= "isAgent = $sql_edit_isAgent,";
$sql .= "canEditForms = $sql_edit_canEditForms,";
$sql .= "canFeatureListings = $sql_edit_canFeatureListings,";
$sql .= "canViewLogs = $sql_edit_canViewLogs,";
$sql .= "canModerate = $sql_edit_canModerate";
$sql .= "canModerate_Listings_Show = $sql_edit_canModerate_Listings_Show";
$sql .= "WHERE ID = $sql_edit";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
} // end ($admin_privs == "yes")
$message = updateUserData($userID);
if ($message == "success")
{
log_action ("$lang[log_updated_user]: $edit");
echo "<p>$lang[user_editor_user_number] $edit $lang[has_been_updated] </p>";
} // end if
else
{
echo "<p>$lang[alert_site_admin]</p>";
} // end else
} // end if $pass_the_form == "Yes"
} // end else
} // end if $action == "update_user"
if ($edit == "")
{
echo "<h3>$lang[user_editor_edit_users]</h3>";
// find the number of users
$sql="SELECT * FROM " . $config[table_prefix] . "UserDB WHERE isAgent = '$edit_isAgent' ORDER BY id";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num_rows = $recordSet->RecordCount();
next_prev($num_rows, $cur_page, "edit_isAgent=$edit_isAgent&"); // put in the next/previous stuff
// build the string to select a certain number of users per page
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$limit_str = $cur_page * $config[listings_per_page];
$recordSet = $conn->SelectLimit($sql, $config[listings_per_page], $limit_str );
if ($recordSet === false) log_error($sql);
$count = 0;
echo "<br><br>";
while (!$recordSet->EOF)
{
// alternate the colors
if ($count == 0)
{
$count = $count +1;
}
else
{
$count = 0;
}
//strip slashes so input appears correctly
$edit_ID = $recordSet->fields[ID];
$edit_user_name = make_db_unsafe ($recordSet->fields[user_name]);
$edit_emailAddress = make_db_unsafe ($recordSet->fields[emailAddress]);
$edit_Comments = make_db_unsafe ($recordSet->fields[Comments]);
$edit_active = $recordSet->fields[active];
$edit_isAgent = $recordSet->fields[isAgent];
$edit_isAdmin = $recordSet->fields[isAdmin];
$edit_canEditForms = $recordSet->fields[canEditForms];
$edit_canFeatureListings = $recordSet->fields[canFeatureListings];
$edit_canViewLogs = $recordSet->fields[canViewLogs];
$edit_canModerate = $recordSet->fields[canModerate];
$edit_canModerate_Listings_Show = $recordSet->fields[canModerate_Listings_Show];
$edit_allocation = make_db_unsafe ($recordSet->fields[allocation]);
?>
<table border="<? echo $style[admin_listing_border] ?>" cellspacing="<? echo $style[admin_listing_cellspacing] ?>" cellpadding="<? echo $style[admin_listing_cellpadding] ?>" width="<? echo $style[admin_table_width] ?>" class="form_main">
<?
echo "<tr><td align=\"right\" width=\"200\" class=\"row1_$count\"><span class=\"adminListingLeft_$count\"><B>$lang[user_editor_user_number]: $edit_ID</b></span></td><td align=\"center\" class=\"row2_$count\" width=\"310\"> <B> <a href=\"$PHP_SELF?edit=$edit_ID&edit_isAgent=$edit_isAgent \">$lang[user_editor_modify_user] </a></b></td><td width=\"120\" align=\"middle\" class=\"row2_$count\"><a href=\"$PHP_SELF?delete=$edit_ID&edit_isAgent=$edit_isAge nt\" onClick=\"return confirmDelete()\">$lang[user_editor_delete_user]</a></td></tr>";
echo "<tr><td align=\"center\" valign=\"middle\" class=\"row3_$count\">$edit_user_name";
echo "</td><td class=\"row3_$count\">$edit_Comments</td>";
echo "<td class=\"row3_$count\" width=\"200\">$lang[user_editor_active]: $edit_active<br>$lang[user_editor_isAgent]: $edit_isAgent<br>$lang[user_editor_isAdmin]: $edit_isAdmin";
echo "<br>$lang[user_editor_form_edit]: $edit_canEditForms";
echo "<br>$lang[user_editor_feature_listings]: $edit_canFeatureListings";
echo "<br>$lang[user_editor_view_logs]: $edit_canViewLogs";
echo "</td></tr></table><br><br>\r\n\r\n";
$recordSet->MoveNext();
} // end while
} // end if edit == ""
else
{
// first, grab the user's main info
global $conn;
?>
<table border="<? echo $style[form_border] ?>" cellspacing="<? echo $style[form_cellspacing] ?>" cellpadding="<? echo $style[form_cellpadding] ?>" width="<? echo $style[admin_table_width] ?>" class="form_main">
<?
echo "<td colspan=\"2\" class=\"row_main\"><h3>$lang[user_editor_modify_user]</h3></td></tr>";
?>
<tr>
<td width="<? echo $style[image_column_width] ?>" valign="top" align="center" class="row_main">
<b><? echo $lang[images] ?></b>
<br>
<hr width="75%">
<a href="edit_user_images.php?edit=<? echo $edit ?>"><? echo $lang[edit_images] ?></a><br><br>
<?
$sql = "SELECT caption, file_name, thumb_file_name FROM " . $config[table_prefix] . "userImages WHERE user_id = '$edit'";
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
$num_images = $recordSet->RecordCount();
while (!$recordSet->EOF)
{
$caption = make_db_unsafe ($recordSet->fields[caption]);
$thumb_file_name = make_db_unsafe ($recordSet->fields[thumb_file_name]);
$file_name = make_db_unsafe ($recordSet->fields[file_name]);
// gotta grab the image size
$imagedata = GetImageSize("$config[user_upload_path]/$thumb_file_name");
$imagewidth = $imagedata[0];
$imageheight = $imagedata[1];
$shrinkage = $config[thumbnail_width]/$imagewidth;
$displaywidth = $imagewidth * $shrinkage;
$displayheight = $imageheight * $shrinkage;
echo "<a href=\"$config[user_view_images_path]/$file_name\" target=\"_thumb\"> ";
echo "<img src=\"$config[user_view_images_path]/$thumb_file_name\" height=\"$displayheight\" width=\"$displaywidth\"></a><br> ";
echo "<b>$caption</b><br><br>";
$recordSet->MoveNext();
} // end while
?>
</td>
<td valign="top" class="row_main">
<?
$sql = "SELECT * FROM " . $config[table_prefix] . "UserDB WHERE ID = '$edit'";
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
while (!$recordSet->EOF)
{
// collect up the main DB's various fields
$edit_user_name = make_db_unsafe ($recordSet->fields[user_name]);
$edit_emailAddress = make_db_unsafe ($recordSet->fields[emailAddress]);
$edit_comments = make_db_unsafe ($recordSet->fields[Comments]);
$edit_password = make_db_unsafe ($recordSet->fields[user_password]);
$edit_active = $recordSet->fields[active];
$edit_isAgent = $recordSet->fields[isAgent];
$edit_isAdmin = $recordSet->fields[isAdmin];
$edit_canEditForms = $recordSet->fields[canEditForms];
$edit_canViewLogs = $recordSet->fields[canViewLogs];
$edit_canModerate = $recordSet->fields[canModerate];
$edit_canModerate_Listings_Show = $recordSet->fields[canModerate_Listings_Show];
$edit_canFeatureListings = $recordSet->fields[canFeatureListings];
$last_modified = $recordSet->UserTimeStamp($recordSet->fields[last_modified],'D M j G:i:s T Y');
$edit_allocation = make_db_unsafe ($recordSet->fields[allocation]);
$recordSet->MoveNext();
} // end while
// now, display all that stuff
echo "<form name=\"updateUser\" action=\"$PHP_SELF\" method=\"post\">";
echo "<input type=\"hidden\" name=\"action\" value=\"update_user\">";
echo "<input type=\"hidden\" name=\"edit\" value=\"$edit\">";
echo "<table border=\"$style[form_border]\" cellspacing=\"$style[form_cellspacing]\" cellpadding=\"$style[form_cellpadding]\">";
echo "<tr><td align=right><b>$lang[user_name]:</b></td><td align=left>$edit_user_name</td></tr>";
echo "<tr><td align=\"right\" class=\"row_main\"><b>$lang[last_modifed]:</b></td><td align=\"left\">$last_modified</td></tr>";
echo "<tr><td align=right><b>$lang[user_password]: <font color=\"red\">*</font></b></td><td align=left> <input type=\"text\" name=\"edit_user_pass\" value=\"\"> <div class=\"small\">($lang[leave_blank_if_you_do_not_want_to_change ])</div></td></tr>";
echo "<tr><td align=right><b>$lang[user_email]: <font color=\"red\">*</font></b></td><td align=left> <input type=\"text\" name=\"user_email\" value=\"$edit_emailAddress\"> ";
echo "<tr><td align=right><b>$lang[user_allocation]: <font color=\"red\">*</font></b></td><td align=left> <input type=\"text\" name=\"user_allocation\" value=\"$edit_allocation\"> ";
if ($admin_privs == "yes")
{
// if the user is an admin, they can set additional properties about a given user
// is the user active?
echo "<tr><td align=right><b>$lang[user_editor_active]: </b></td>";
echo "<td align=left><select name=\"edit_active\" size=\"1\"><option value=\"$edit_active\">$edit_active<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select></td></tr>";
// is the user an agent?
echo "<tr><td align=right><b>$lang[user_editor_isAgent]: </b></td>";
echo "<td align=left>$edit_isAgent</td></tr>";
echo "<input type=\"hidden\" name=\"edit_isAgent\" value=\"" . $edit_isAgent . "\">";
// is the user an administrator?
echo "<tr><td align=right><b>$lang[user_editor_isAdmin]: </b></td>";
echo "<td align=left><select name=\"edit_isAdmin\" size=\"1\"><option value=\"$edit_canEditForms\">$edit_isAdmin<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select></td></tr>";
// can they edit forms?
echo "<tr><td align=right><b>$lang[user_editor_can_edit_forms]: </b></td>";
echo "<td align=left><select name=\"edit_canEditForms\" size=\"1\"><option value=\"$edit_canEditForms\">$edit_canEditForms<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select></td></tr>";
// can they view logs?
echo "<tr><td align=right><b>$lang[user_editor_view_logs]: </b></td>";
echo "<td align=left><select name=\"edit_canViewLogs\" size=\"1\"><option value=\"$edit_canViewLogs\">$edit_canViewLogs<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select></td></tr>";
// can they moderate incoming listings?
echo "<tr><td align=right><b>$lang[user_editor_moderator]: </b></td>";
echo "<td align=left><select name=\"edit_canModerate\" size=\"1\"><option value=\"$edit_canModerate\">$edit_canModerate<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select></td></tr>";
// do their listing need to moderate?
echo "<tr><td align=right><b>$lang[Moderate_Listings_Show]: </b></td>";
echo "<td align=left><select name=\"edit_canModerate_Listings_Show\" size=\"1\"><option value=\"$edit_canModerate_Listings_Show\">$edit_canModerate_Listings_Show<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select></td></tr>";
// can they feature listings?
echo "<tr><td align=right><b>$lang[user_editor_feature_listings]: </b></td>";
echo "<td align=left><select name=\"edit_canFeatureListings\" size=\"1\"><option value=\"$edit_canFeatureListings\">$edit_canFeatureListings<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select></td></tr>";
}
// now grab miscellenous debris
if ($edit_isAgent == "yes")
{
$sql = "SELECT f.field_name, db.field_value, f.field_type, f.rank, f.field_caption, f.default_text, f.required, f.field_elements FROM " . $config[table_prefix] . "agentFormElements f left join " . $config[table_prefix] . "UserDBElements db on db.field_name = f.field_name and db.user_id = '$edit' ORDER BY f.rank";
//$sql = "SELECT " . $config[table_prefix] . "UserDBElements.field_name, " . $config[table_prefix] . "UserDBElements.field_value, " . $config[table_prefix] . "agentFormElements.field_type, " . $config[table_prefix] . "agentFormElements.rank, " . $config[table_prefix] . "agentFormElements.field_caption, " . $config[table_prefix] . "agentFormElements.default_text, " . $config[table_prefix] . "agentFormElements.required, " . $config[table_prefix] . "agentFormElements.field_elements FROM " . $config[table_prefix] . "UserDBElements, " . $config[table_prefix] . "agentFormElements WHERE ((" . $config[table_prefix] . "UserDBElements.user_id = '$edit') AND (" . $config[table_prefix] . "UserDBElements.field_name = " . $config[table_prefix] . "agentFormElements.field_name)) ORDER BY " . $config[table_prefix] . "agentFormElements.rank";
}
else
{
$sql = "SELECT f.field_name, db.field_value, f.field_type, f.rank, f.field_caption, f.default_text, f.required, f.field_elements FROM " . $config[table_prefix] . "memberFormElements f left join " . $config[table_prefix] . "UserDBElements db on db.field_name = f.field_name and db.user_id = '$edit' ORDER BY f.rank";
//$sql = "SELECT " . $config[table_prefix] . "UserDBElements.field_name, " . $config[table_prefix] . "UserDBElements.field_value, " . $config[table_prefix] . "memberFormElements.field_type, " . $config[table_prefix] . "memberFormElements.rank, " . $config[table_prefix] . "memberFormElements.field_caption, " . $config[table_prefix] . "memberFormElements.default_text, " . $config[table_prefix] . "memberFormElements.required, " . $config[table_prefix] . "memberFormElements.field_elements FROM " . $config[table_prefix] . "UserDBElements, " . $config[table_prefix] . "memberFormElements WHERE ((" . $config[table_prefix] . "UserDBElements.user_id = '$edit') AND (" . $config[table_prefix] . "UserDBElements.field_name = " . $config[table_prefix] . "memberFormElements.field_name)) ORDER BY " . $config[table_prefix] . "memberFormElements.rank";
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) log_error($sql);
while (!$recordSet->EOF)
{
$field_name = make_db_unsafe ($recordSet->fields[field_name]);
$field_value = make_db_unsafe ($recordSet->fields[field_value]);
$field_type = make_db_unsafe ($recordSet->fields[field_type]);
$field_caption = make_db_unsafe($recordSet->fields[field_caption]);
$default_text = make_db_unsafe($recordSet->fields[default_text]);
$field_elements = make_db_unsafe($recordSet->fields[field_elements]);
$required = make_db_unsafe($recordSet->fields[required]);
// pass the data to the function
renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements);
$recordSet->MoveNext();
} // end while
echo "<tr><td colspan=\"2\" align=\"center\">$lang[required_form_text]</td></tr>";
echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"$lang[update_button]\"></td></tr></table></form>";
} // end if
?>
</td></tr></table>
<P>
</P>
<?
include("$config[template_path]/admin_bottom.html");
$conn->Close(); // close the db connection
?>