Back\n";
else
echo "Back\n";
echo getCompireForm($compare, array('address', 'accomtype','roomtype','room_features'));
*/
}
else {
$tempname = $config['table_prefix'] . "temp" . substr(md5(time()),0,6) . rand(100,999);
$debug_GET = True;
$guidestring = "";
$guidestring_with_sort = "";
// Save GET
foreach ($_GET as $k => $v)
{
if ($v && $k != 'cur_page' && $k != 'PHPSESSID' && $k != 'sortby' && $k != 'sorttype' && $k != 'imagesOnly')
{
if (is_array($v))
{
foreach ($v as $vitem)
{
$guidestring .= '&' . urlencode("$k") . '[]=' . urlencode("$vitem");
}
}
else
{
$guidestring .= '&' . urlencode("$k") . '=' . urlencode("$v");
}
}
}
// START BY SETTING UP THE TABLE OF ALL POSSIBLE LISTINGS
// while this may seem crazy at first, it actually is reasonably efficient, especially
// considering the limitations of mysql and the lack of subqueries.
// basically, it works by the process of elimination...
$sql = "drop table IF EXISTS $tempname";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$sql = "CREATE TABLE
$tempname
SELECT
" . $config['table_prefix'] . "listingsDB.ID,
" . $config['table_prefix'] . "listingsDB.Title,
" . $config['table_prefix'] . "listingsDB.user_ID,
" . $config['table_prefix'] . "listingsDBElements.field_name,
" . $config['table_prefix'] . "listingsDBElements.field_value
FROM
" . $config['table_prefix'] . "listingsDB,
" . $config['table_prefix'] . "listingsDBElements
WHERE
(" . $config['table_prefix'] . "listingsDBElements.listing_id = " . $config['table_prefix'] . "listingsDB.ID) AND ";
if ($config['use_expiration'] == "yes")
{
$sql .= "(" . $config['table_prefix'] . "listingsDB.expiration > ".$conn->DBDate(time()).") AND ";
}
$sql .= "(" . $config['table_prefix'] . "listingsDB.active = 'yes')";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
// Create Index on temporary table to speed up searching
if ($config['manage_index_permissions'] == 'Yes')
{
//Host Supports Creating Indexes, so create some to speed up searching.
$sql = "create index idx_listingid on $tempname (ID)";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$sql = "create index idx_listingname on $tempname (field_name(10))";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
}
reset ($HTTP_GET_VARS);
foreach ($_GET as $ElementIndexValue => $ElementContents) {
if ($ElementIndexValue == "sortby")
{
$guidestring_with_sort = "$ElementIndexValue=$ElementContents";
}
elseif ($ElementIndexValue == "sorttype")
{
$guidestring_with_sort = "$ElementIndexValue=$ElementContents&";
}
elseif ($ElementIndexValue == "cur_page")
{
// do nothing
}
elseif ($ElementIndexValue == "PHPSESSID")
{
// do nothing
}
elseif ($ElementIndexValue == "user_ID")
{
$sql = "DELETE FROM $tempname WHERE User_ID <> $ElementContents";
$recordSet = $conn->Execute($sql);
}
elseif ($ElementIndexValue == "pricefrom")
{
$delete_string = "";
$sql = "SELECT
Listings_ID
FROM
" . $config['table_prefix'] . "Listing_Price
WHERE
Price < $ElementContents
GROUP BY
Listings_ID
";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$delete_string .= "DELETE FROM
$tempname
WHERE
ID = ".$recordSet->fields['Listings_ID']."; \n";
$recordSet->MoveNext();
} // end while
$recordSet = $conn->Execute($delete_string);
}
elseif ($ElementIndexValue == "imagesOnly")
{
$guidestring .= "$ElementIndexValue=$ElementContents&";
if ($ElementContents == "yes")
{
$whilecount = 0;
$delete_string = "DELETE FROM $tempname WHERE (1=1)";
// the 1=1 is a dumb sql trick to deal with the code below ... it works, but you can ignore it
$sql = "SELECT $tempname.ID, COUNT(" . $config['table_prefix'] . "listingsImages.file_name) AS imageCount FROM " . $config['table_prefix'] . "listingsImages,$tempname WHERE (" . $config['table_prefix'] . "listingsImages.listing_id = $tempname.ID) GROUP BY " . $config['table_prefix'] . "listingsImages.listing_id";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
while (!$recordSet->EOF)
{
$whilecount = $whilecount + 1;
$listingID = $recordSet->fields['ID'];
$imageCount = $recordSet->fields['imageCount'];
$delete_string .= " AND ";
$delete_string .= "(ID <> $listingID)";
$recordSet->MoveNext();
} // end while
$recordSet = $conn->Execute($delete_string);
if ($recordSet === false)
{
log_error($delete_string);
}
}
} // end elseif ($ElementIndexValue == "imagesOnly")
elseif (is_array($ElementContents))
{
//echo $ElementIndexValue.': array found
';
//echo count($ElementContents).'Elements found in array
';
$skip = False;
foreach($ElementContents as $a)
{
if (!$a)
{
$skip = True;
}
//echo '|'.$a.'|';
}
if ($skip == True)
{
continue;
}
reset($ElementContents);
//echo '
';
$sql_ElementIndexValue = make_db_safe($ElementIndexValue);
// Arrays can happen for two reasons: 1. multi options like zip code
// 2. multi options like home features. Check the db to see which
// type of field this is and process accordingly
$r = $conn->getOne("select search_type from " . $config['table_prefix'] . "listingsFormElements where field_name = ".$sql_ElementIndexValue);
if (($r == 'optionlist') || ($r == 'fcheckbox'))
{
$recordSet = $conn->Execute($sql);
// Delete all records that don't have any field name by this name
$sql = "select count(t2.field_name) as cnt, t1.id as id from $tempname t1 left join " . $config['table_prefix'] . "listingsDBElements t2 on t1.id = t2.listing_id and t1.field_name = $sql_ElementIndexValue group by t1.id";
//$sql = " select count(t2.field_name) as cnt, t1.id as id from $tempname2 t1 left join " . $config['table_prefix'] . "listingsDBElements t2 on t1.id = t2.listing_id group by t1.id";
$res = $conn->Execute($sql);
while (!$res->EOF)
{
// Check for no field
if ($res->fields['cnt'] == 0)
{
$conn->execute("delete from $tempname where id = " . $res->fields['id']);
}
else
{
// for each value, delete those records that don't match it
$value = $conn->getOne("select field_value from $tempname where id = " . $res->fields['id'] . " and field_name = $sql_ElementIndexValue");
$delete = 1;
foreach ($ElementContents as $e)
{
if (!strstr($value, $e))
{
$conn->execute("delete from $tempname where id = " . $res->fields['id']);
}
}
}
$res->moveNext();
}
}
else
{
// first, we need to see if there's anything that'll meet the criteria
$whilecountTwo = 0;
$select_statement = "SELECT ID FROM $tempname WHERE ( (field_name=$sql_ElementIndexValue) AND ";
while (list($featureValue, $feature_item) = each ($ElementContents))
{
//$guidestring .= "&".($ElementIndexValue)."%5B%5D=".urlencode($feature_item)."&";
//$guidestring .= urlencode($featureValue)."%5B%5D=".urlencode($feature_item)."&";
$whilecountTwo = $whilecountTwo + 1;
if ($whilecountTwo > 1)
{
$select_statement .= " OR ";
}
$sql_feature_item = make_db_safe($feature_item);
$select_statement .= "(field_value LIKE '%".$feature_item."%')";
}
$select_statement .= ")";
//echo $select_statement;
$recordSet = $conn->Execute($select_statement);
if ($recordSet === false)
{
log_error($select_statement);
}
$save_array = array();
while (!$recordSet->EOF)
{
$save_ID = $recordSet->fields['ID'];
$save_array[] = "$save_ID";
$recordSet->MoveNext();
} // end while
$num_to_delete = $recordSet->RecordCount();
// now, delete everything that we don't want...
if ($num_to_delete > 0)
{
$delete_string = "DELETE FROM $tempname WHERE ";
while (list($IndexValue,$ElementContents) = each($save_array))
{
if ($IndexValue > 0)
{
$delete_string .= " AND ";
}
$sql_ElementContents = make_db_safe($ElementContents);
$delete_string .= "(ID <> $sql_ElementContents)";
} // end while
$recordSet = $conn->Execute($delete_string);
if ($recordSet === false)
{
log_error($delete_string);
}
} // ($num_to_delete > 0)
// if there's nothing that matches, delete all the other possibilities...
elseif ($num_to_delete == 0)
{
$delete_string = "DELETE FROM $tempname";
$recordSet = $conn->Execute($delete_string);
if ($recordSet === false)
{
log_error($delete_string);
}
} // end elseif ($num_to_delete = 0)
} // end optionlist check
} // end elseif (is_array($ElementContents))
else
{
// Don't process empty searches
if (!$ElementContents) continue;
$val = $ElementContents;
$ElementContents = make_db_safe($ElementContents);
// Check for min/max values
$l3 = substr($ElementIndexValue, strlen($ElementIndexValue) - 3);
if ($l3 == 'min' OR $l3 == 'max')
{
$col = strtok($ElementIndexValue, '-');
// Because mysql 3.x doesn't have cast(), we must retrieve all records then filter - yuck
$sql = "select id, field_value as v from $tempname where field_name = '$col'";
$rs = $conn->Execute($sql);
$del_id = array();
while (!$rs->EOF) {
if ($l3 == 'min' AND $val)
{
if ($rs->fields['v'] < $val)
{
$del_id[] = $rs->fields['id'];
}
}
if ($l3 == 'max' AND $val)
{
if ($rs->fields['v'] > $val)
{
$del_id[] = $rs->fields['id'];
}
}
$rs->MoveNext();
}
$sql = "delete from $tempname where id in (" . implode(',', $del_id) . ")";
if (sizeof($del_id))
{
$conn->execute($sql);
}
continue;
}
// Check for min/max dates
$l7 = substr($ElementIndexValue, strlen($ElementIndexValue) - 7);
if ($l7 == 'mindate' OR $l7 == 'maxdate')
{
if (($time = strtotime($val)) > 1)
{
$col = strtok($ElementIndexValue, '-');
// Because mysql 3.x doesn't have cast(), we must retrieve all records then filter - yuck
$sql = "select id, field_value as v from $tempname where field_name = '$col'";
$rs = $conn->Execute($sql);
$del_id = array();
while (!$rs->EOF)
{
$db_time = strtotime($rs->fields['v']);
if ($l7 == 'mindate' AND $val)
{
if ($db_time < $time)
{
$del_id[] = $rs->fields['id'];
}
}
if ($l7 == 'maxdate' AND $val)
{
if ($db_time > $time)
{
$del_id[] = $rs->fields['id'];
}
}
if ($db_time < 1 or !$val)
{
$del_id[] = $rs->fields['id'];
}
$rs->MoveNext();
}
$sql = "delete from $tempname where id in (" . implode(',', $del_id) . ")";
if (sizeof($del_id))
{
$conn->execute($sql);
}
continue;
}
}
if (!$ElementContents) continue;
$ElementIndexValue = make_db_safe($ElementIndexValue);
$select_statement = "SELECT ID FROM $tempname WHERE ( (field_name = $ElementIndexValue) AND (field_value = $ElementContents) )";
$recordSet = $conn->Execute($select_statement);
if ($recordSet === false)
{
log_error($select_statement);
}
$save_array = array();
while (!$recordSet->EOF)
{
$save_ID = $recordSet->fields['ID'];
$save_array[] = "$save_ID";
$recordSet->MoveNext();
} // end while
$num_to_delete = $recordSet->RecordCount();
if ($num_to_delete > 0)
{
$delete_string = "DELETE FROM $tempname WHERE ";
while (list($IndexValue,$ElementContents) = each($save_array))
{
if ($IndexValue > 0)
{
$delete_string .= " AND ";
}
$delete_string .= "(ID <> $ElementContents)";
}
$recordSet = $conn->Execute($delete_string);
if ($recordSet === false)
{
log_error($delete_string);
}
} // end ($num_to_delete > 0)
elseif ($num_to_delete == 0)
{
$delete_string = "DELETE FROM $tempname";
$recordSet = $conn->Execute($delete_string);
if ($recordSet === false)
{
log_error($delete_string);
}
} // end elseif ($num_to_delete = 0)
} // end else
} // end while
// this is the main SQL that grabs the listings
// basic sort by title..
$sortby=isset($sortby)?$sortby:'';
$sorttype=isset($sorttype)?$sorttype:'';
if ($sortby == "")
{
$sort_text = "";
$order_text = "ORDER BY ID DESC";
}
elseif ($sortby == "listingname")
{
$sort_text = "";
$order_text = "ORDER BY Title $sorttype";
}
// BEGIN NEW CODE
elseif ($sortby == "price")
{
$sortby = make_db_extra_safe($sortby);
$sort_text = "WHERE (field_name = $sortby)";
$order_text = "ORDER BY field_value +0 $sorttype";
}
// END NEW CODE
else
{
$sortby = make_db_extra_safe($sortby);
$sort_text = "WHERE (field_name = $sortby)";
$order_text = "ORDER BY field_value $sorttype";
}
if (($sorttype == "") || ($sorttype == "ASC"))
{
$sorttype = "DESC";
}
else
{
$sorttype = "ASC";
}
$guidestring_with_sort = $guidestring_with_sort.$guidestring;
$sql = "SELECT * from $tempname $sort_text GROUP BY ID $order_text";
$recordSet = $conn->Execute($sql);
if ($recordSet === false)
{
log_error($sql);
}
$num_rows = $recordSet->RecordCount();
if ($num_rows > 0)
{
// echo "$lang[save_this_search]
";
$cur_page=isset($cur_page)?$cur_page:0;
echo next_prev3($num_rows, $cur_page, $guidestring_with_sort); // put in the next/previous stuff
// build the string to select a certain number of listings per page
$limit_str = $cur_page * $config['listings_per_page'];
$resultRecordSet = $conn->SelectLimit($sql, $config['listings_per_page'], $limit_str );
if ($resultRecordSet === false) {
log_error($sql);
}
echo "