Location: PHPKode > projects > Books Module for PostNuke > html/Modules/books/bk-rating.php
<?php
// File: $Id: bk-rating.php,v 1.1 2005/03/05 00:42:44 jmvedrine Exp $ $Name:  $
// ----------------------------------------------------------------------
// PostNuke Content Management System
// Copyright (C) 2001 by the PostNuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Francisco Burzi
// Purpose of file:
// ----------------------------------------------------------------------
// 11-30-2001:ahumphr - created file as part of modularistation
// 10-15-2002:skooter      - Cross Site Scripting security fixes and also using
//                           pnAPI for displaying data.

/**
 *@usedby index, navigation
 */
function addrating($ratingbkid, $ratinguser, $rating, $ratinghost_name, $ratingcomments)
{
    $dbconn =& pnDBGetConn(true);
    pnModDBInfoLoad('books');
    $pntable =& pnDBGetTables();

    $passtest = "yes";
    include("header.php");
        if (!(pnSecAuthAction(0, 'books::', '::', ACCESS_READ))) {
            echo _BOOKSNOAUTH;
            include 'footer.php';
            return;
        }
    include(WHERE_IS_PERSO."config.php");
    completevoteheader();
    if (pnUserLoggedIn()) {
        $ratinguser = pnUserGetVar('uname');
    } else {
        $ratinguser = pnConfigGetVar("anonymous");
    }
    $column = &$pntable['books_books_column'];
    $results3 =& $dbconn->Execute("SELECT $column[title]
                                FROM $pntable[books_books]
                                WHERE $column[bkid]='".(int)pnVarPrepForStore($ratingbkid)."'");
   while(list($title)=$results3->fields)   {
        $ttitle = $title;
        $results3->MoveNext();
    }
    /* Make sure only 1 anonymous from an IP in a single day. */
    $ip = pnServerGetVar("REMOTE_HOST");
    if (empty($ip)) {
        $ip = pnServerGetVar("REMOTE_ADDR");
    }
    /* Check if Rating is Null */
    if ($rating=="--") {
        $error = "nullerror";
        completevote($error);
        $passtest = "no";
    }
    /* Check if book POSTER is voting (UNLESS Anonymous users allowed to post) */
    if ($ratinguser != pnConfigGetVar("anonymous") && $ratinguser != "") {
        $column = &$pntable['books_books_column'];
        $result =& $dbconn->Execute("SELECT $column[submitter]
                                FROM $pntable[books_books]
                                WHERE $column[bkid]='".(int)pnVarPrepForStore($ratingbkid)."'");
        while(list($ratinguserDB)=$result->fields) {

            $result->MoveNext();
            if ($ratinguserDB==$ratinguser) {
                $error = "postervote";
                completevote($error);
                $passtest = "no";
            }
        }
    }
    /* Check if REG user is trying to vote twice. */
    if ($ratinguser != pnConfigGetVar("anonymous") && $ratinguser != "") {
        $column = &$pntable['books_votedata_column'];
        $result =& $dbconn->Execute("SELECT $column[ratinguser] FROM $pntable[books_votedata] WHERE $column[ratingbkid]='".(int)pnVarPrepForStore($ratingbkid)."'");
        while(list($ratinguserDB)=$result->fields) {

            $result->MoveNext();
            if ($ratinguserDB==$ratinguser) {
                $error = "regflood";
                completevote($error);
                $passtest = "no";
            }
        }
    }
    /* Check if ANONYMOUS user is trying to vote more than once per day. */
    if ($ratinguser == pnConfigGetVar("anonymous") && $ratinguser != ""){
        $yesterdaytimestamp = (time()-(86400 * $anonwaitdays));
        $ytsDB = Date("Y-m-d H:i:s", $yesterdaytimestamp);
        $column = &$pntable['books_votedata_column'];
        $result =& $dbconn->Execute("SELECT count(*)
                                FROM $pntable[books_votedata]
                                WHERE $column[ratingbkid]='".(int)pnVarPrepForStore($ratingbkid)."'
                                AND $column[ratinguser]='".pnConfigGetVar("anonymous")."'
                                AND $column[ratinghostname]='".pnVarPrepForStore($ip)."'
                                AND TO_DAYS(NOW()) - TO_DAYS($column[ratingtimestamp]) < '".pnVarPrepForStore($anonwaitdays)."'");
        list($anonvotecount) = $result->fields;
        if ($anonvotecount >= 1) {
            $error = "anonflood";
            completevote($error);
            $passtest = "no";
        }
    }

    /* Passed Tests */
    if ($passtest == "yes") {
        /* All is well.  Add to Line Item Rate to DB. */
        $nextid = $dbconn->GenId($pntable['books_votedata']);
        $column = &$pntable['books_votedata_column'];
        $dbconn->Execute("INSERT INTO $pntable[books_votedata]
                            ($column[ratingdbid], $column[ratingbkid],
                             $column[ratinguser], $column[rating],
                             $column[ratinghostname], $column[ratingcomments],
                             $column[ratingtimestamp])
                             VALUES ($nextid,".(int)pnVarPrepForStore($ratingbkid).", '".pnVarPrepForStore($ratinguser)."', '".pnVarPrepForStore($rating)."',
                             '".pnVarPrepForStore($ip)."', '".pnVarPrepForStore($ratingcomments)."', now())");
        /* All is well.  Calculate Score & Add to Summary (for quick retrieval & sorting) to DB. */
        /* NOTE: If weight is modified, ALL books need to be refreshed with new weight. */
        /*   Running a SQL statement with your modded calc for ALL books will accomplish this. */
        $voteresult =& $dbconn->Execute("SELECT $column[rating], $column[ratinguser],
                                        $column[ratingcomments]
                                        FROM $pntable[books_votedata]
                                        WHERE $column[ratingbkid] = '".(int)pnVarPrepForStore($ratingbkid)."'");
        $totalvotesDB = $voteresult->PO_RecordCount();
        $retv=calculatevote($voteresult,$totalvotesDB);
        $finalrating = $retv[0];
		$commresult =& $dbconn->Execute("SELECT $column[ratingcomments]
                                                 FROM $pntable[books_votedata]
                                                 WHERE $column[ratingbkid] = '".pnVarPrepForStore($ratingbkid)."'
                                                 AND $column[ratingcomments] != ''");
		$truecomments = $commresult->PO_RecordCount();
        $column = &$pntable['books_books_column'];
        $dbconn->Execute("UPDATE $pntable[books_books]
                        SET $column[bookratingsummary] = '".pnVarPrepForStore($finalrating)."',
							$column[totalvotes] = '".pnVarPrepForStore($totalvotesDB)."',
                            $column[totalcomments]= '".pnVarPrepForStore($truecomments)."'
                         WHERE $column[bkid] = '".(int)pnVarPrepForStore($ratingbkid)."'");
        $error = "none";
        completevote($error);
    }
        if ($error == "none")
    {
    completevotefooter($ratingbkid, $ttitle, $ratinguser);
    }
    CloseTable();
    include("footer.php");
}

/*
 * @usedby function addrating
 */
function completevoteheader(){
    menu(1);

    OpenTable();
}

function completevotefooter($bkid, $ttitle, $ratinguser)
{
    if (!isset($bkid) || !is_numeric($bkid)){
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    $dbconn =& pnDBGetConn(true);
    pnModDBInfoLoad('books');
    $pntable =& pnDBGetTables();

    $sitename = pnConfigGetVar('sitename');

    $column = &$pntable['books_books_column'];
    $result =& $dbconn->Execute("SELECT $column[url]
                    FROM $pntable[books_books]
                    WHERE $column[bkid]='".(int)pnVarPrepForStore($bkid)."'");
    list($url)=$result->fields;
    echo "<div style=\"text-align:center\"><span class=\"pn-normal\">"._BOOKTHANKSTOTAKETIME." $sitename<br />. "._BOOKLETSDECIDE."</span></div><br /><br /><br />";
    echo "<div style=\"text-align:center\"><span class=\"pn-normal\">";
    bookinfomenu($bkid,displaytitle($bkid));
    echo "</span></div>";
}

function completevote($error) {
    if ($error == "none")
    {
        echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE1."</strong></span></div>";
    }
    elseif ($error == "anonflood")
    {
        $anonwaitdays = pnConfigGetVar('anonwaitdays');
        echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE2." $anonwaitdays "._VOTE8."</strong></span></div><br />";
    }
    elseif ($error == "regflood")
    {
        echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE3."</strong></span></div><br />";
    }
    elseif ($error == "postervote")
    {
        echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE5."<br />"._VOTE4."</strong></span></div><br />";
    }
    elseif ($error == "nullerror")
    {
        echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE6."</strong></span></div><br />";
    }
}

/**
 * @usedby index
 */
function ratebook($bkid) {
    include 'header.php';

	if (!(pnSecAuthAction(0, 'books::', '::', ACCESS_COMMENT))) {
		echo _BOOKSNOAUTH;
		include 'footer.php';
        return false;
	}

    if ((!isset($bkid) || !is_numeric($bkid))){
        echo _MODARGSERROR;
		include('footer.php');
        return false;
    }

    menu(1);

    OpenTable();
    $displaytitle = displaytitle($bkid);
    $ip = pnServerGetVar("REMOTE_HOST");
    if (empty($ip)) {
       $ip = pnServerGetVar("REMOTE_ADDR");
    }
    echo "<span class=\"pn-normal\"><strong>".pnVarPrepForDisplay($displaytitle)."</strong></span>"
    ."<ul>"
    ."<li><span class=\"pn-sub\">"._RATEBOOKNOTE1."</span></li>"
    ."<li><span class=\"pn-sub\">"._RATEBOOKNOTE2."</span></li>"
    ."<li><span class=\"pn-sub\">"._RATEBOOKNOTE3."</span></li>"
    ."<li><span class=\"pn-sub\">"._RATEBOOKNOTE4."</span></li>"
    ."<li><span class=\"pn-sub\">"._RATEBOOKNOTE5."</span></li>";
    if (pnUserLoggedIn()) {
        $name = pnUserGetVar('uname');
        echo "<li><span class=\"pn-sub\">"._YOUAREREGGED."</span></li>"
            ."<li><span class=\"pn-sub\">"._FEELFREE2ADD."</span></li>";
    } else {
        echo "<li><span class=\"pn-sub\">"._YOUARENOTREGGED."</span></li>"
            ."<li><span class=\"pn-sub\">"._IFYOUWEREREG."</span></li>";
        $name = pnConfigGetVar("anonymous");
    }
    echo "</ul>"
        ."<form method=\"post\" action=\"".$GLOBALS['modurl']."&amp;req=add_rating\"><div>"
        ."<input type=\"hidden\" name=\"ratingbkid\" value=\"$bkid\" />"
        ."<input type=\"hidden\" name=\"ratinguser\" value=\"$name\" />"
        ."<input type=\"hidden\" name=\"ratinghost_name\" value=\"$ip\" />"
        ."<span class=\"pn-normal\">"._RATEBOOK."&nbsp;&nbsp;"
        ."<select name=\"rating\">"
        ."<option>--</option>"
        ."<option>10</option>"
        ."<option>9</option>"
        ."<option>8</option>"
        ."<option>7</option>"
        ."<option>6</option>"
        ."<option>5</option>"
        ."<option>4</option>"
        ."<option>3</option>"
        ."<option>2</option>"
        ."<option>1</option>"
        ."</select></span>"
    ."<span class=\"pn-sub\"><input type=\"submit\" value=\""._RATE."\" /></span>"
        ."<br /><br />";
    if (pnUserLoggedIn()) {
        echo "<span class=\"pn-normal\"><strong>"._COMMENT." :</strong><br /><textarea cols=\"80\" rows=\"10\" name=\"ratingcomments\"></textarea>"
            ."<br /><br /><br />"
            ."</span>";
    } else {
        echo"<input type=\"hidden\" name=\"ratingcomments\" value=\"\" />";
    }
    echo "</div></form>";
    CloseTable();
    include 'footer.php';
}
?>
Return current item: Books Module for PostNuke