1 files changed, 691 insertions, 0 deletions
diff --git a/web/profile.php b/web/profile.php
new file mode 100644
index 0000000..d4c1ca4
--- /dev/null
+++ b/web/profile.php
@@ -0,0 +1,691 @@
+<?php
+include("../config/os_modules_mysql.php");
+//
+// Search DB
+//
+mysql_connect ($DB_HOST, $DB_USER, $DB_PASSWORD);
+mysql_select_db ($DB_NAME);
+#
+#  Copyright (c)Melanie Thielker (http://opensimulator.org/)
+#
+###################### No user serviceable parts below #####################
+$zeroUUID = "00000000-0000-0000-0000-000000000000";
+#
+# The XMLRPC server object
+#
+$xmlrpc_server = xmlrpc_server_create();
+#
+# Classifieds
+#
+# Avatar Classifieds Request
+xmlrpc_server_register_method($xmlrpc_server, "avatarclassifiedsrequest",
+        "avatarclassifiedsrequest");
+function avatarclassifiedsrequest($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $uuid           = $req['uuid'];
+    $result = mysql_query("SELECT * FROM classifieds WHERE ".
+            "creatoruuid = '". mysql_real_escape_string($uuid) ."'");
+    $data = array();
+    while (($row = mysql_fetch_assoc($result)))
+    {
+        $data[] = array(
+                "classifiedid" => $row["classifieduuid"],
+                "name" => $row["name"]);
+    }
+    $response_xml = xmlrpc_encode(array(
+        'success' => True,
+        'data' => $data
+    ));
+    print $response_xml;
+}
+# Classifieds Update
+xmlrpc_server_register_method($xmlrpc_server, "classified_update",
+        "classified_update");
+function classified_update($method_name, $params, $app_data)
+{
+    global $zeroUUID;
+    $req            = $params[0];
+    $classifieduuid = $req['classifiedUUID'];
+    $creator        = $req['creatorUUID'];
+    $category       = $req['category'];
+    $name           = $req['name'];
+    $description    = $req['description'];
+    $parceluuid     = $req['parcelUUID'];
+    $parentestate   = $req['parentestate'];
+    $snapshotuuid   = $req['snapshotUUID'];
+    $simname        = $req['sim_name'];
+    $parcelname     = $req['parcelname'];
+    $globalpos      = $req['globalpos'];
+    $classifiedflag = $req['classifiedFlags'];
+    $priceforlist   = $req['classifiedPrice'];
+    // Check if we already have this one in the database
+    $check = mysql_query("SELECT COUNT(*) FROM classifieds WHERE ".
+            "classifieduuid = '". mysql_real_escape_string($classifieduuid) ."'");
+    while ($row = mysql_fetch_row($check))
+    {
+        $ready = $row[0];
+    }
+    // Doing some late checking
+    // Should be done by the module but let's see what happens when
+    // I do it here
+    if ($parcelname == "")
+        $parcelname = "Unknown";
+    if ($parceluuid == "")
+        $parceluuid = $zeroUUID;
+    if ($description == "")
+        $description = "No Description";
+    //If PG, Mature, and Adult flags are all 0 assume PG and set bit 2.
+    //This works around what might be a viewer bug regarding the flags.
+    //The ossearch query.php file expects bit 2 set for any PG listing.
+    if (($classifiedflag & 76) == 0)
+        $classifiedflag |= 4;
+    if ($ready == 0)
+    {
+        //Renew Weekly flag is 32 (1 << 5)
+        if (($classifiedflag & 32) == 0)
+        {
+            $creationdate = time();
+            $expirationdate = time() + (7 * 24 * 60 * 60);
+        }
+        else
+        {
+            $creationdate = time();
+            $expirationdate = time() + (52 * 7 * 24 * 60 * 60);
+        }
+        $sql = "INSERT INTO classifieds VALUES ".
+            "('". mysql_real_escape_string($classifieduuid) ."',".
+            "'". mysql_real_escape_string($creator) ."',".
+            "". mysql_real_escape_string($creationdate) .",".
+            "". mysql_real_escape_string($expirationdate) .",".
+            "'". mysql_real_escape_string($category) ."',".
+            "'". mysql_real_escape_string($name) ."',".
+            "'". mysql_real_escape_string($description) ."',".
+            "'". mysql_real_escape_string($parceluuid) ."',".
+            "". mysql_real_escape_string($parentestate) .",".
+            "'". mysql_real_escape_string($snapshotuuid) ."',".
+            "'". mysql_real_escape_string($simname) ."',".
+            "'". mysql_real_escape_string($globalpos) ."',".
+            "'". $parcelname ."',".
+            "". mysql_real_escape_string($classifiedflag) .",".
+            "". mysql_real_escape_string($priceforlist) .")";
+    }
+    else
+    {
+        $expirationdate = $creationdate + (52 * 7 * 24 * 60 * 60);
+        $sql = "UPDATE classifieds SET ".
+            "`creatoruuid`='". mysql_real_escape_string($creator)."',".
+            "`expirationdate`=". mysql_real_escape_string($expirationdate).",".
+            "`category`='". mysql_real_escape_string($category)."',".
+            "`name`='". mysql_real_escape_string($name)."',".
+            "`description`='". mysql_real_escape_string($description)."',".
+            "`parceluuid`='". mysql_real_escape_string($parceluuid)."',".
+            "`parentestate`=". mysql_real_escape_string($parentestate).",".
+            "`snapshotuuid`='". mysql_real_escape_string($snapshotuuid)."',".
+            "`simname`='". mysql_real_escape_string($simname)."',".
+            "`posglobal`='". mysql_real_escape_string($globalpos)."',".
+            "`parcelname`='". $parcelname."',".
+            "`classifiedflags`=". mysql_real_escape_string($classifiedflag).",".
+            "`priceforlisting`=". mysql_real_escape_string($priceforlist).
+            " WHERE ".
+            "`classifieduuid`='". mysql_real_escape_string($classifieduuid)."'";
+    }
+    // Create a new record for this classified
+    $result = mysql_query($sql);
+    $response_xml = xmlrpc_encode(array(
+        'success' => $result,
+        'errorMessage' => mysql_error()
+    ));
+    print $response_xml;
+}
+# Classifieds Delete
+xmlrpc_server_register_method($xmlrpc_server, "classified_delete",
+        "classified_delete");
+function classified_delete($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $classifieduuid = $req['classifiedID'];
+    $result = mysql_query("DELETE FROM classifieds WHERE ".
+            "classifieduuid = '".mysql_real_escape_string($classifieduuid) ."'");
+    $response_xml = xmlrpc_encode(array(
+        'success' => True,
+        'data' => $data
+    ));
+    print $response_xml;
+}
+#
+# Picks
+#
+# Avatar Picks Request
+xmlrpc_server_register_method($xmlrpc_server, "avatarpicksrequest",
+        "avatarpicksrequest");
+function avatarpicksrequest($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $uuid           = $req['uuid'];
+    $data = array();
+    $result = mysql_query("SELECT `pickuuid`,`name` FROM userpicks WHERE ".
+            "creatoruuid = '". mysql_real_escape_string($uuid) ."'");
+    while (($row = mysql_fetch_assoc($result)))
+    {
+        $data[] = array(
+                "pickid" => $row["pickuuid"],
+                "name" => $row["name"]);
+    }
+    $response_xml = xmlrpc_encode(array(
+        'success' => True,
+        'data' => $data
+    ));
+    print $response_xml;
+}
+# Request Picks for User
+xmlrpc_server_register_method($xmlrpc_server, "pickinforequest",
+        "pickinforequest");
+function pickinforequest($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $uuid           = $req['avatar_id'];
+    $pick           = $req['pick_id'];
+    $data = array();
+    $result = mysql_query("SELECT * FROM userpicks WHERE ".
+            "creatoruuid = '". mysql_real_escape_string($uuid) ."' AND ".
+            "pickuuid = '". mysql_real_escape_string($pick) ."'");
+    $row = mysql_fetch_assoc($result);
+    if ($row != False)
+    {
+        if ($row["description"] == null || $row["description"] == "")
+            $row["description"] = "No description given";
+        $data[] = array(
+                "pickuuid" => $row["pickuuid"],
+                "creatoruuid" => $row["creatoruuid"],
+                "toppick" => $row["toppick"],
+                "parceluuid" => $row["parceluuid"],
+                "name" => $row["name"],
+                "description" => $row["description"],
+                "snapshotuuid" => $row["snapshotuuid"],
+                "user" => $row["user"],
+                "originalname" => $row["originalname"],
+                "simname" => $row["simname"],
+                "posglobal" => $row["posglobal"],
+                "sortorder"=> $row["sortorder"],
+                "enabled" => $row["enabled"]);
+    }
+    $response_xml = xmlrpc_encode(array(
+        'success' => True,
+        'data' => $data
+    ));
+    print $response_xml;
+}
+# Picks Update
+xmlrpc_server_register_method($xmlrpc_server, "picks_update",
+        "picks_update");
+function picks_update($method_name, $params, $app_data)
+{
+    global $zeroUUID;
+    $req            = $params[0];
+    $pickuuid       = $req['pick_id'];
+    $creator        = $req['creator_id'];
+    $toppick        = $req['top_pick'];
+    $name           = $req['name'];
+    $description    = $req['desc'];
+    $parceluuid     = $req['parcel_uuid'];
+    $snapshotuuid   = $req['snapshot_id'];
+    $user           = $req['user'];
+    $simname        = $req['sim_name'];
+    $posglobal      = $req['pos_global'];
+    $sortorder      = $req['sort_order'];
+    $enabled        = $req['enabled'];
+    if ($parceluuid == "")
+        $parceluuid = $zeroUUID;
+    if ($description == "")
+        $description = "No Description";
+    // Check if we already have this one in the database
+    $check = mysql_query("SELECT COUNT(*) FROM userpicks WHERE ".
+            "pickuuid = '". mysql_real_escape_string($pickuuid) ."'");
+    $row = mysql_fetch_row($check);
+    if ($row[0] == 0)
+    {
+        if ($user == null || $user == "")
+            $user = "Unknown";
+        //The original parcel name is the same as the name of the
+        //profile pick when a new profile pick is being created.
+        $original = $name;
+        $query = "INSERT INTO userpicks VALUES ".
+            "('". mysql_real_escape_string($pickuuid) ."',".
+            "'". mysql_real_escape_string($creator) ."',".
+            "'". mysql_real_escape_string($toppick) ."',".
+            "'". mysql_real_escape_string($parceluuid) ."',".
+            "'". mysql_real_escape_string($name) ."',".
+            "'". mysql_real_escape_string($description) ."',".
+            "'". mysql_real_escape_string($snapshotuuid) ."',".
+            "'". mysql_real_escape_string($user) ."',".
+            "'". mysql_real_escape_string($original) ."',".
+            "'". mysql_real_escape_string($simname) ."',".
+            "'". mysql_real_escape_string($posglobal) ."',".
+            "'". mysql_real_escape_string($sortorder) ."',".
+            "'". mysql_real_escape_string($enabled) ."')";
+    }
+    else
+    {
+        $query = "UPDATE userpicks SET " .
+            "parceluuid = '". mysql_real_escape_string($parceluuid) . "', " .
+            "name = '". mysql_real_escape_string($name) . "', " .
+            "description = '". mysql_real_escape_string($description) . "', " .
+            "snapshotuuid = '". mysql_real_escape_string($snapshotuuid) . "' WHERE ".
+            "pickuuid = '". mysql_real_escape_string($pickuuid) ."'";
+    }
+    $result = mysql_query($query);
+    if ($result != False)
+        $result = True;
+    $response_xml = xmlrpc_encode(array(
+        'success' => $result,
+        'errorMessage' => mysql_error()
+    ));
+    print $response_xml;
+}
+# Picks Delete
+xmlrpc_server_register_method($xmlrpc_server, "picks_delete",
+        "picks_delete");
+function picks_delete($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $pickuuid       = $req['pick_id'];
+    $result = mysql_query("DELETE FROM userpicks WHERE ".
+            "pickuuid = '".mysql_real_escape_string($pickuuid) ."'");
+    if ($result != False)
+        $result = True;
+    $response_xml = xmlrpc_encode(array(
+        'success' => $result,
+        'errorMessage' => mysql_error()
+    ));
+    print $response_xml;
+}
+#
+# Notes
+#
+# Avatar Notes Request
+xmlrpc_server_register_method($xmlrpc_server, "avatarnotesrequest",
+        "avatarnotesrequest");
+function avatarnotesrequest($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $uuid           = $req['avatar_id'];
+    $targetuuid     = $req['uuid'];
+    $result = mysql_query("SELECT notes FROM usernotes WHERE ".
+            "useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
+            "targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
+    $row = mysql_fetch_row($result);
+    if ($row == False)
+        $notes = "";
+    else
+        $notes = $row[0];
+    $data[] = array(
+            "targetid" => $targetuuid,
+            "notes" => $notes);
+    $response_xml = xmlrpc_encode(array(
+        'success' => True,
+        'data' => $data
+    ));
+    print $response_xml;
+}
+# Avatar Notes Update
+xmlrpc_server_register_method($xmlrpc_server, "avatar_notes_update",
+        "avatar_notes_update");
+function avatar_notes_update($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $uuid           = $req['avatar_id'];
+    $targetuuid     = $req['target_id'];
+    $notes          = $req['notes'];
+    // Check if we already have this one in the database
+    $check = mysql_query("SELECT COUNT(*) FROM usernotes WHERE ".
+            "useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
+            "targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
+    $row = mysql_fetch_row($check);
+    if ($row[0] == 0)
+    {
+        // Create a new record for this avatar note
+        $result = mysql_query("INSERT INTO usernotes VALUES ".
+            "('". mysql_real_escape_string($uuid) ."',".
+            "'". mysql_real_escape_string($targetuuid) ."',".
+            "'". mysql_real_escape_string($notes) ."')");
+    }
+    else if ($notes == "")
+    {
+        // Delete the record for this avatar note
+        $result = mysql_query("DELETE FROM usernotes WHERE ".
+            "useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
+            "targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
+    }
+    else
+    {
+        // Update the existing record
+        $result = mysql_query("UPDATE usernotes SET ".
+            "notes = '". mysql_real_escape_string($notes) ."' WHERE ".
+            "useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
+            "targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
+    }
+    $response_xml = xmlrpc_encode(array(
+        'success' => True
+    ));
+    print $response_xml;
+}
+# Profile bits
+xmlrpc_server_register_method($xmlrpc_server, "avatar_properties_request",
+        "avatar_properties_request");
+function avatar_properties_request($method_name, $params, $app_data)
+{
+    global $zeroUUID;
+    $req            = $params[0];
+    $uuid           = $req['avatar_id'];
+    $result = mysql_query("SELECT * FROM userprofile WHERE ".
+            "useruuid = '". mysql_real_escape_string($uuid) ."'");
+    $row = mysql_fetch_assoc($result);
+    if ($row != False)
+    {
+        $data[] = array(
+                "ProfileUrl" => $row["profileURL"],
+                "Image" => $row["profileImage"],
+                "AboutText" => $row["profileAboutText"],
+                "FirstLifeImage" => $row["profileFirstImage"],
+                "FirstLifeAboutText" => $row["profileFirstText"],
+                "Partner" => $row["profilePartner"],
+                //Return interest data along with avatar properties
+                "wantmask"   => $row["profileWantToMask"],
+                "wanttext"   => $row["profileWantToText"],
+                "skillsmask" => $row["profileSkillsMask"],
+                "skillstext" => $row["profileSkillsText"],
+                "languages"  => $row["profileLanguages"]);
+    }
+    else
+    {
+        //Insert empty record for avatar.
+        //FIXME: Should this only be done when asking for ones own profile?
+        $sql = "INSERT INTO userprofile VALUES ( ".
+                "'". mysql_real_escape_string($uuid) ."', ".
+                "'$zeroUUID', 0, 0, '', 0, '', 0, '', '', ".
+                "'$zeroUUID', '', '$zeroUUID', '')";
+        $result = mysql_query($sql);
+        $data[] = array(
+                "ProfileUrl" => "",
+                "Image" => $zeroUUID,
+                "AboutText" => "",
+                "FirstLifeImage" => $zeroUUID,
+                "FirstLifeAboutText" => "",
+                "Partner" => $zeroUUID,
+                "wantmask"   => 0,
+                "wanttext"   => "",
+                "skillsmask" => 0,
+                "skillstext" => "",
+                "languages"  => "");
+    }
+    $response_xml = xmlrpc_encode(array(
+        'success' => True,
+        'data' => $data
+    ));
+    print $response_xml;
+}
+xmlrpc_server_register_method($xmlrpc_server, "avatar_properties_update",
+        "avatar_properties_update");
+function avatar_properties_update($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $uuid           = $req['avatar_id'];
+    $profileURL     = $req['ProfileUrl'];
+    $image          = $req['Image'];
+    $abouttext      = $req['AboutText'];
+    $firstlifeimage = $req['FirstLifeImage'];
+    $firstlifetext  = $req['FirstLifeAboutText'];
+    $result=mysql_query("UPDATE userprofile SET ".
+            "profileURL='". mysql_real_escape_string($profileURL) ."', ".
+            "profileImage='". mysql_real_escape_string($image) ."', ".
+            "profileAboutText='". mysql_real_escape_string($abouttext) ."', ".
+            "profileFirstImage='". mysql_real_escape_string($firstlifeimage) ."', ".
+            "profileFirstText='". mysql_real_escape_string($firstlifetext) ."' ".
+            "WHERE useruuid='". mysql_real_escape_string($uuid) ."'"
+        );
+    $response_xml = xmlrpc_encode(array(
+        'success' => $result,
+        'errorMessage' => mysql_error()
+    ));
+    print $response_xml;
+}
+// Profile Interests
+xmlrpc_server_register_method($xmlrpc_server, "avatar_interests_update",
+        "avatar_interests_update");
+function avatar_interests_update($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $uuid           = $req['avatar_id'];
+    $wanttext       = $req['wanttext'];
+    $wantmask       = $req['wantmask'];
+    $skillstext     = $req['skillstext'];
+    $skillsmask     = $req['skillsmask'];
+    $languages      = $req['languages'];
+    $result = mysql_query("UPDATE userprofile SET ".
+            "profileWantToMask = ". mysql_real_escape_string($wantmask) .",".
+            "profileWantToText = '". mysql_real_escape_string($wanttext) ."',".
+            "profileSkillsMask = ". mysql_real_escape_string($skillsmask) .",".
+            "profileSkillsText = '". mysql_real_escape_string($skillstext) ."',".
+            "profileLanguages = '". mysql_real_escape_string($languages) ."' ".
+            "WHERE useruuid = '". mysql_real_escape_string($uuid) ."'"
+        );
+    $response_xml = xmlrpc_encode(array(
+        'success' => True
+    ));
+    print $response_xml;
+}
+// User Preferences
+xmlrpc_server_register_method($xmlrpc_server, "user_preferences_request",
+        "user_preferences_request");
+function user_preferences_request($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $uuid           = $req['avatar_id'];
+    $result = mysql_query("SELECT imviaemail,visible,email FROM usersettings WHERE ".
+            "useruuid = '". mysql_real_escape_string($uuid) ."'");
+    $row = mysql_fetch_assoc($result);
+    if ($row != False)
+    {
+        $data[] = array(
+                "imviaemail" => $row["imviaemail"],
+                "visible" => $row["visible"],
+                "email" => $row["email"]);
+    }
+    else
+    {
+        //Insert empty record for avatar.
+        //NOTE: The 'false' values here are enums defined in database
+        $sql = "INSERT INTO usersettings VALUES ".
+                "('". mysql_real_escape_string($uuid) ."', ".
+                "'false', 'false', '')";
+        $result = mysql_query($sql);
+        $data[] = array(
+                "imviaemail" => False,
+                "visible" => False,
+                "email" => "");
+    }
+    $response_xml = xmlrpc_encode(array(
+        'success' => True,
+        'data' => $data
+    ));
+    print $response_xml;
+}
+xmlrpc_server_register_method($xmlrpc_server, "user_preferences_update",
+        "user_preferences_update");
+function user_preferences_update($method_name, $params, $app_data)
+{
+    $req            = $params[0];
+    $uuid           = $req['avatar_id'];
+    $wantim         = $req['imViaEmail'];
+    $directory      = $req['visible'];
+    $result = mysql_query("UPDATE usersettings SET ".
+            "imviaemail = '".mysql_real_escape_string($wantim) ."', ".
+            "visible = '".mysql_real_escape_string($directory) ."' WHERE ".
+            "useruuid = '". mysql_real_escape_string($uuid) ."'");
+    $response_xml = xmlrpc_encode(array(
+        'success' => True,
+        'data' => $data
+    ));
+    print $response_xml;
+}
+#
+# Process the request
+#
+$request_xml = file_get_contents("php://input");
+xmlrpc_server_call_method($xmlrpc_server, $request_xml, '');
+xmlrpc_server_destroy($xmlrpc_server);
+?>

diff --git a/web/profile.php b/web/profile.php new file mode 100644 index 0000000..d4c1ca4 --- /dev/null +++ b/web/profile.php
@@ -0,0 +1,691 @@
	1	<?php
	2
	3	include("../config/os_modules_mysql.php");
	4
	5	//
	6	// Search DB
	7	//
	8	mysql_connect ($DB_HOST, $DB_USER, $DB_PASSWORD);
	9	mysql_select_db ($DB_NAME);
	10
	11	#
	12	# Copyright (c)Melanie Thielker (http://opensimulator.org/)
	13	#
	14
	15	###################### No user serviceable parts below #####################
	16
	17	$zeroUUID = "00000000-0000-0000-0000-000000000000";
	18
	19	#
	20	# The XMLRPC server object
	21	#
	22
	23	$xmlrpc_server = xmlrpc_server_create();
	24
	25	#
	26	# Classifieds
	27	#
	28
	29	# Avatar Classifieds Request
	30
	31	xmlrpc_server_register_method($xmlrpc_server, "avatarclassifiedsrequest",
	32	"avatarclassifiedsrequest");
	33
	34	function avatarclassifiedsrequest($method_name, $params, $app_data)
	35	{
	36	$req = $params[0];
	37
	38	$uuid = $req['uuid'];
	39
	40
	41	$result = mysql_query("SELECT * FROM classifieds WHERE ".
	42	"creatoruuid = '". mysql_real_escape_string($uuid) ."'");
	43
	44	$data = array();
	45
	46	while (($row = mysql_fetch_assoc($result)))
	47	{
	48	$data[] = array(
	49	"classifiedid" => $row["classifieduuid"],
	50	"name" => $row["name"]);
	51	}
	52
	53	$response_xml = xmlrpc_encode(array(
	54	'success' => True,
	55	'data' => $data
	56	));
	57
	58	print $response_xml;
	59	}
	60
	61	# Classifieds Update
	62
	63	xmlrpc_server_register_method($xmlrpc_server, "classified_update",
	64	"classified_update");
	65
	66	function classified_update($method_name, $params, $app_data)
	67	{
	68	global $zeroUUID;
	69
	70	$req = $params[0];
	71
	72	$classifieduuid = $req['classifiedUUID'];
	73	$creator = $req['creatorUUID'];
	74	$category = $req['category'];
	75	$name = $req['name'];
	76	$description = $req['description'];
	77	$parceluuid = $req['parcelUUID'];
	78	$parentestate = $req['parentestate'];
	79	$snapshotuuid = $req['snapshotUUID'];
	80	$simname = $req['sim_name'];
	81	$parcelname = $req['parcelname'];
	82	$globalpos = $req['globalpos'];
	83	$classifiedflag = $req['classifiedFlags'];
	84	$priceforlist = $req['classifiedPrice'];
	85
	86	// Check if we already have this one in the database
	87	$check = mysql_query("SELECT COUNT(*) FROM classifieds WHERE ".
	88	"classifieduuid = '". mysql_real_escape_string($classifieduuid) ."'");
	89
	90	while ($row = mysql_fetch_row($check))
	91	{
	92	$ready = $row[0];
	93	}
	94
	95	// Doing some late checking
	96	// Should be done by the module but let's see what happens when
	97	// I do it here
	98
	99	if ($parcelname == "")
	100	$parcelname = "Unknown";
	101
	102	if ($parceluuid == "")
	103	$parceluuid = $zeroUUID;
	104
	105	if ($description == "")
	106	$description = "No Description";
	107
	108	//If PG, Mature, and Adult flags are all 0 assume PG and set bit 2.
	109	//This works around what might be a viewer bug regarding the flags.
	110	//The ossearch query.php file expects bit 2 set for any PG listing.
	111	if (($classifiedflag & 76) == 0)
	112	$classifiedflag \|= 4;
	113
	114	if ($ready == 0)
	115	{
	116	//Renew Weekly flag is 32 (1 << 5)
	117	if (($classifiedflag & 32) == 0)
	118	{
	119	$creationdate = time();
	120	$expirationdate = time() + (7 * 24 * 60 * 60);
	121	}
	122	else
	123	{
	124	$creationdate = time();
	125	$expirationdate = time() + (52 * 7 * 24 * 60 * 60);
	126	}
	127
	128	$sql = "INSERT INTO classifieds VALUES ".
	129	"('". mysql_real_escape_string($classifieduuid) ."',".
	130	"'". mysql_real_escape_string($creator) ."',".
	131	"". mysql_real_escape_string($creationdate) .",".
	132	"". mysql_real_escape_string($expirationdate) .",".
	133	"'". mysql_real_escape_string($category) ."',".
	134	"'". mysql_real_escape_string($name) ."',".
	135	"'". mysql_real_escape_string($description) ."',".
	136	"'". mysql_real_escape_string($parceluuid) ."',".
	137	"". mysql_real_escape_string($parentestate) .",".
	138	"'". mysql_real_escape_string($snapshotuuid) ."',".
	139	"'". mysql_real_escape_string($simname) ."',".
	140	"'". mysql_real_escape_string($globalpos) ."',".
	141	"'". $parcelname ."',".
	142	"". mysql_real_escape_string($classifiedflag) .",".
	143	"". mysql_real_escape_string($priceforlist) .")";
	144	}
	145	else
	146	{
	147	$expirationdate = $creationdate + (52 * 7 * 24 * 60 * 60);
	148
	149	$sql = "UPDATE classifieds SET ".
	150	"`creatoruuid`='". mysql_real_escape_string($creator)."',".
	151	"`expirationdate`=". mysql_real_escape_string($expirationdate).",".
	152	"`category`='". mysql_real_escape_string($category)."',".
	153	"`name`='". mysql_real_escape_string($name)."',".
	154	"`description`='". mysql_real_escape_string($description)."',".
	155	"`parceluuid`='". mysql_real_escape_string($parceluuid)."',".
	156	"`parentestate`=". mysql_real_escape_string($parentestate).",".
	157	"`snapshotuuid`='". mysql_real_escape_string($snapshotuuid)."',".
	158	"`simname`='". mysql_real_escape_string($simname)."',".
	159	"`posglobal`='". mysql_real_escape_string($globalpos)."',".
	160	"`parcelname`='". $parcelname."',".
	161	"`classifiedflags`=". mysql_real_escape_string($classifiedflag).",".
	162	"`priceforlisting`=". mysql_real_escape_string($priceforlist).
	163	" WHERE ".
	164	"`classifieduuid`='". mysql_real_escape_string($classifieduuid)."'";
	165	}
	166
	167	// Create a new record for this classified
	168	$result = mysql_query($sql);
	169
	170	$response_xml = xmlrpc_encode(array(
	171	'success' => $result,
	172	'errorMessage' => mysql_error()
	173	));
	174
	175	print $response_xml;
	176	}
	177
	178	# Classifieds Delete
	179
	180	xmlrpc_server_register_method($xmlrpc_server, "classified_delete",
	181	"classified_delete");
	182
	183	function classified_delete($method_name, $params, $app_data)
	184	{
	185	$req = $params[0];
	186
	187	$classifieduuid = $req['classifiedID'];
	188
	189	$result = mysql_query("DELETE FROM classifieds WHERE ".
	190	"classifieduuid = '".mysql_real_escape_string($classifieduuid) ."'");
	191
	192	$response_xml = xmlrpc_encode(array(
	193	'success' => True,
	194	'data' => $data
	195	));
	196
	197	print $response_xml;
	198	}
	199
	200	#
	201	# Picks
	202	#
	203
	204	# Avatar Picks Request
	205
	206	xmlrpc_server_register_method($xmlrpc_server, "avatarpicksrequest",
	207	"avatarpicksrequest");
	208
	209	function avatarpicksrequest($method_name, $params, $app_data)
	210	{
	211	$req = $params[0];
	212
	213	$uuid = $req['uuid'];
	214
	215	$data = array();
	216
	217	$result = mysql_query("SELECT `pickuuid`,`name` FROM userpicks WHERE ".
	218	"creatoruuid = '". mysql_real_escape_string($uuid) ."'");
	219
	220	while (($row = mysql_fetch_assoc($result)))
	221	{
	222	$data[] = array(
	223	"pickid" => $row["pickuuid"],
	224	"name" => $row["name"]);
	225	}
	226
	227	$response_xml = xmlrpc_encode(array(
	228	'success' => True,
	229	'data' => $data
	230	));
	231
	232	print $response_xml;
	233	}
	234
	235	# Request Picks for User
	236
	237	xmlrpc_server_register_method($xmlrpc_server, "pickinforequest",
	238	"pickinforequest");
	239
	240	function pickinforequest($method_name, $params, $app_data)
	241	{
	242	$req = $params[0];
	243
	244	$uuid = $req['avatar_id'];
	245	$pick = $req['pick_id'];
	246
	247	$data = array();
	248
	249	$result = mysql_query("SELECT * FROM userpicks WHERE ".
	250	"creatoruuid = '". mysql_real_escape_string($uuid) ."' AND ".
	251	"pickuuid = '". mysql_real_escape_string($pick) ."'");
	252
	253	$row = mysql_fetch_assoc($result);
	254	if ($row != False)
	255	{
	256	if ($row["description"] == null \|\| $row["description"] == "")
	257	$row["description"] = "No description given";
	258
	259	$data[] = array(
	260	"pickuuid" => $row["pickuuid"],
	261	"creatoruuid" => $row["creatoruuid"],
	262	"toppick" => $row["toppick"],
	263	"parceluuid" => $row["parceluuid"],
	264	"name" => $row["name"],
	265	"description" => $row["description"],
	266	"snapshotuuid" => $row["snapshotuuid"],
	267	"user" => $row["user"],
	268	"originalname" => $row["originalname"],
	269	"simname" => $row["simname"],
	270	"posglobal" => $row["posglobal"],
	271	"sortorder"=> $row["sortorder"],
	272	"enabled" => $row["enabled"]);
	273	}
	274
	275	$response_xml = xmlrpc_encode(array(
	276	'success' => True,
	277	'data' => $data
	278	));
	279
	280	print $response_xml;
	281	}
	282
	283	# Picks Update
	284
	285	xmlrpc_server_register_method($xmlrpc_server, "picks_update",
	286	"picks_update");
	287
	288	function picks_update($method_name, $params, $app_data)
	289	{
	290	global $zeroUUID;
	291
	292	$req = $params[0];
	293
	294	$pickuuid = $req['pick_id'];
	295	$creator = $req['creator_id'];
	296	$toppick = $req['top_pick'];
	297	$name = $req['name'];
	298	$description = $req['desc'];
	299	$parceluuid = $req['parcel_uuid'];
	300	$snapshotuuid = $req['snapshot_id'];
	301	$user = $req['user'];
	302	$simname = $req['sim_name'];
	303	$posglobal = $req['pos_global'];
	304	$sortorder = $req['sort_order'];
	305	$enabled = $req['enabled'];
	306
	307	if ($parceluuid == "")
	308	$parceluuid = $zeroUUID;
	309
	310	if ($description == "")
	311	$description = "No Description";
	312
	313	// Check if we already have this one in the database
	314	$check = mysql_query("SELECT COUNT(*) FROM userpicks WHERE ".
	315	"pickuuid = '". mysql_real_escape_string($pickuuid) ."'");
	316
	317	$row = mysql_fetch_row($check);
	318
	319	if ($row[0] == 0)
	320	{
	321	if ($user == null \|\| $user == "")
	322	$user = "Unknown";
	323
	324	//The original parcel name is the same as the name of the
	325	//profile pick when a new profile pick is being created.
	326	$original = $name;
	327
	328	$query = "INSERT INTO userpicks VALUES ".
	329	"('". mysql_real_escape_string($pickuuid) ."',".
	330	"'". mysql_real_escape_string($creator) ."',".
	331	"'". mysql_real_escape_string($toppick) ."',".
	332	"'". mysql_real_escape_string($parceluuid) ."',".
	333	"'". mysql_real_escape_string($name) ."',".
	334	"'". mysql_real_escape_string($description) ."',".
	335	"'". mysql_real_escape_string($snapshotuuid) ."',".
	336	"'". mysql_real_escape_string($user) ."',".
	337	"'". mysql_real_escape_string($original) ."',".
	338	"'". mysql_real_escape_string($simname) ."',".
	339	"'". mysql_real_escape_string($posglobal) ."',".
	340	"'". mysql_real_escape_string($sortorder) ."',".
	341	"'". mysql_real_escape_string($enabled) ."')";
	342	}
	343	else
	344	{
	345	$query = "UPDATE userpicks SET " .
	346	"parceluuid = '". mysql_real_escape_string($parceluuid) . "', " .
	347	"name = '". mysql_real_escape_string($name) . "', " .
	348	"description = '". mysql_real_escape_string($description) . "', " .
	349	"snapshotuuid = '". mysql_real_escape_string($snapshotuuid) . "' WHERE ".
	350	"pickuuid = '". mysql_real_escape_string($pickuuid) ."'";
	351	}
	352
	353	$result = mysql_query($query);
	354	if ($result != False)
	355	$result = True;
	356
	357	$response_xml = xmlrpc_encode(array(
	358	'success' => $result,
	359	'errorMessage' => mysql_error()
	360	));
	361
	362	print $response_xml;
	363	}
	364
	365	# Picks Delete
	366
	367	xmlrpc_server_register_method($xmlrpc_server, "picks_delete",
	368	"picks_delete");
	369
	370	function picks_delete($method_name, $params, $app_data)
	371	{
	372	$req = $params[0];
	373
	374	$pickuuid = $req['pick_id'];
	375
	376	$result = mysql_query("DELETE FROM userpicks WHERE ".
	377	"pickuuid = '".mysql_real_escape_string($pickuuid) ."'");
	378
	379	if ($result != False)
	380	$result = True;
	381
	382	$response_xml = xmlrpc_encode(array(
	383	'success' => $result,
	384	'errorMessage' => mysql_error()
	385	));
	386
	387	print $response_xml;
	388	}
	389
	390	#
	391	# Notes
	392	#
	393
	394	# Avatar Notes Request
	395
	396
	397	xmlrpc_server_register_method($xmlrpc_server, "avatarnotesrequest",
	398	"avatarnotesrequest");
	399
	400	function avatarnotesrequest($method_name, $params, $app_data)
	401	{
	402	$req = $params[0];
	403
	404	$uuid = $req['avatar_id'];
	405	$targetuuid = $req['uuid'];
	406
	407	$result = mysql_query("SELECT notes FROM usernotes WHERE ".
	408	"useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
	409	"targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
	410
	411	$row = mysql_fetch_row($result);
	412	if ($row == False)
	413	$notes = "";
	414	else
	415	$notes = $row[0];
	416
	417	$data[] = array(
	418	"targetid" => $targetuuid,
	419	"notes" => $notes);
	420
	421	$response_xml = xmlrpc_encode(array(
	422	'success' => True,
	423	'data' => $data
	424	));
	425
	426	print $response_xml;
	427	}
	428
	429	# Avatar Notes Update
	430
	431	xmlrpc_server_register_method($xmlrpc_server, "avatar_notes_update",
	432	"avatar_notes_update");
	433
	434	function avatar_notes_update($method_name, $params, $app_data)
	435	{
	436	$req = $params[0];
	437
	438	$uuid = $req['avatar_id'];
	439	$targetuuid = $req['target_id'];
	440	$notes = $req['notes'];
	441
	442	// Check if we already have this one in the database
	443
	444	$check = mysql_query("SELECT COUNT(*) FROM usernotes WHERE ".
	445	"useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
	446	"targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
	447
	448	$row = mysql_fetch_row($check);
	449
	450	if ($row[0] == 0)
	451	{
	452	// Create a new record for this avatar note
	453	$result = mysql_query("INSERT INTO usernotes VALUES ".
	454	"('". mysql_real_escape_string($uuid) ."',".
	455	"'". mysql_real_escape_string($targetuuid) ."',".
	456	"'". mysql_real_escape_string($notes) ."')");
	457	}
	458	else if ($notes == "")
	459	{
	460	// Delete the record for this avatar note
	461	$result = mysql_query("DELETE FROM usernotes WHERE ".
	462	"useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
	463	"targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
	464	}
	465	else
	466	{
	467	// Update the existing record
	468	$result = mysql_query("UPDATE usernotes SET ".
	469	"notes = '". mysql_real_escape_string($notes) ."' WHERE ".
	470	"useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
	471	"targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
	472	}
	473
	474	$response_xml = xmlrpc_encode(array(
	475	'success' => True
	476	));
	477
	478	print $response_xml;
	479	}
	480
	481	# Profile bits
	482
	483	xmlrpc_server_register_method($xmlrpc_server, "avatar_properties_request",
	484	"avatar_properties_request");
	485
	486	function avatar_properties_request($method_name, $params, $app_data)
	487	{
	488	global $zeroUUID;
	489
	490	$req = $params[0];
	491
	492	$uuid = $req['avatar_id'];
	493
	494	$result = mysql_query("SELECT * FROM userprofile WHERE ".
	495	"useruuid = '". mysql_real_escape_string($uuid) ."'");
	496	$row = mysql_fetch_assoc($result);
	497
	498	if ($row != False)
	499	{
	500	$data[] = array(
	501	"ProfileUrl" => $row["profileURL"],
	502	"Image" => $row["profileImage"],
	503	"AboutText" => $row["profileAboutText"],
	504	"FirstLifeImage" => $row["profileFirstImage"],
	505	"FirstLifeAboutText" => $row["profileFirstText"],
	506	"Partner" => $row["profilePartner"],
	507
	508	//Return interest data along with avatar properties
	509	"wantmask" => $row["profileWantToMask"],
	510	"wanttext" => $row["profileWantToText"],
	511	"skillsmask" => $row["profileSkillsMask"],
	512	"skillstext" => $row["profileSkillsText"],
	513	"languages" => $row["profileLanguages"]);
	514	}
	515	else
	516	{
	517	//Insert empty record for avatar.
	518	//FIXME: Should this only be done when asking for ones own profile?
	519	$sql = "INSERT INTO userprofile VALUES ( ".
	520	"'". mysql_real_escape_string($uuid) ."', ".
	521	"'$zeroUUID', 0, 0, '', 0, '', 0, '', '', ".
	522	"'$zeroUUID', '', '$zeroUUID', '')";
	523	$result = mysql_query($sql);
	524
	525	$data[] = array(
	526	"ProfileUrl" => "",
	527	"Image" => $zeroUUID,
	528	"AboutText" => "",
	529	"FirstLifeImage" => $zeroUUID,
	530	"FirstLifeAboutText" => "",
	531	"Partner" => $zeroUUID,
	532
	533	"wantmask" => 0,
	534	"wanttext" => "",
	535	"skillsmask" => 0,
	536	"skillstext" => "",
	537	"languages" => "");
	538	}
	539
	540	$response_xml = xmlrpc_encode(array(
	541	'success' => True,
	542	'data' => $data
	543	));
	544
	545	print $response_xml;
	546	}
	547
	548	xmlrpc_server_register_method($xmlrpc_server, "avatar_properties_update",
	549	"avatar_properties_update");
	550
	551	function avatar_properties_update($method_name, $params, $app_data)
	552	{
	553	$req = $params[0];
	554
	555	$uuid = $req['avatar_id'];
	556	$profileURL = $req['ProfileUrl'];
	557	$image = $req['Image'];
	558	$abouttext = $req['AboutText'];
	559	$firstlifeimage = $req['FirstLifeImage'];
	560	$firstlifetext = $req['FirstLifeAboutText'];
	561
	562	$result=mysql_query("UPDATE userprofile SET ".
	563	"profileURL='". mysql_real_escape_string($profileURL) ."', ".
	564	"profileImage='". mysql_real_escape_string($image) ."', ".
	565	"profileAboutText='". mysql_real_escape_string($abouttext) ."', ".
	566	"profileFirstImage='". mysql_real_escape_string($firstlifeimage) ."', ".
	567	"profileFirstText='". mysql_real_escape_string($firstlifetext) ."' ".
	568	"WHERE useruuid='". mysql_real_escape_string($uuid) ."'"
	569	);
	570
	571	$response_xml = xmlrpc_encode(array(
	572	'success' => $result,
	573	'errorMessage' => mysql_error()
	574	));
	575
	576	print $response_xml;
	577	}
	578
	579
	580	// Profile Interests
	581
	582	xmlrpc_server_register_method($xmlrpc_server, "avatar_interests_update",
	583	"avatar_interests_update");
	584
	585	function avatar_interests_update($method_name, $params, $app_data)
	586	{
	587	$req = $params[0];
	588
	589	$uuid = $req['avatar_id'];
	590	$wanttext = $req['wanttext'];
	591	$wantmask = $req['wantmask'];
	592	$skillstext = $req['skillstext'];
	593	$skillsmask = $req['skillsmask'];
	594	$languages = $req['languages'];
	595
	596	$result = mysql_query("UPDATE userprofile SET ".
	597	"profileWantToMask = ". mysql_real_escape_string($wantmask) .",".
	598	"profileWantToText = '". mysql_real_escape_string($wanttext) ."',".
	599	"profileSkillsMask = ". mysql_real_escape_string($skillsmask) .",".
	600	"profileSkillsText = '". mysql_real_escape_string($skillstext) ."',".
	601	"profileLanguages = '". mysql_real_escape_string($languages) ."' ".
	602	"WHERE useruuid = '". mysql_real_escape_string($uuid) ."'"
	603	);
	604
	605	$response_xml = xmlrpc_encode(array(
	606	'success' => True
	607	));
	608
	609	print $response_xml;
	610	}
	611
	612	// User Preferences
	613
	614	xmlrpc_server_register_method($xmlrpc_server, "user_preferences_request",
	615	"user_preferences_request");
	616
	617	function user_preferences_request($method_name, $params, $app_data)
	618	{
	619	$req = $params[0];
	620
	621	$uuid = $req['avatar_id'];
	622
	623	$result = mysql_query("SELECT imviaemail,visible,email FROM usersettings WHERE ".
	624	"useruuid = '". mysql_real_escape_string($uuid) ."'");
	625
	626	$row = mysql_fetch_assoc($result);
	627
	628	if ($row != False)
	629	{
	630	$data[] = array(
	631	"imviaemail" => $row["imviaemail"],
	632	"visible" => $row["visible"],
	633	"email" => $row["email"]);
	634	}
	635	else
	636	{
	637	//Insert empty record for avatar.
	638	//NOTE: The 'false' values here are enums defined in database
	639	$sql = "INSERT INTO usersettings VALUES ".
	640	"('". mysql_real_escape_string($uuid) ."', ".
	641	"'false', 'false', '')";
	642	$result = mysql_query($sql);
	643
	644	$data[] = array(
	645	"imviaemail" => False,
	646	"visible" => False,
	647	"email" => "");
	648	}
	649
	650	$response_xml = xmlrpc_encode(array(
	651	'success' => True,
	652	'data' => $data
	653	));
	654
	655	print $response_xml;
	656	}
	657
	658	xmlrpc_server_register_method($xmlrpc_server, "user_preferences_update",
	659	"user_preferences_update");
	660
	661	function user_preferences_update($method_name, $params, $app_data)
	662	{
	663
	664	$req = $params[0];
	665
	666	$uuid = $req['avatar_id'];
	667	$wantim = $req['imViaEmail'];
	668	$directory = $req['visible'];
	669
	670	$result = mysql_query("UPDATE usersettings SET ".
	671	"imviaemail = '".mysql_real_escape_string($wantim) ."', ".
	672	"visible = '".mysql_real_escape_string($directory) ."' WHERE ".
	673	"useruuid = '". mysql_real_escape_string($uuid) ."'");
	674
	675	$response_xml = xmlrpc_encode(array(
	676	'success' => True,
	677	'data' => $data
	678	));
	679
	680	print $response_xml;
	681	}
	682
	683	#
	684	# Process the request
	685	#
	686
	687	$request_xml = file_get_contents("php://input");
	688
	689	xmlrpc_server_call_method($xmlrpc_server, $request_xml, '');
	690	xmlrpc_server_destroy($xmlrpc_server);
	691	?>