<?php
// File: $Id: bk-rating.php,v 1.1 2005/03/05 00:42:44 jmvedrine Exp $ $Name: $
// ----------------------------------------------------------------------
// PostNuke Content Management System
// Copyright (C) 2001 by the PostNuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Francisco Burzi
// Purpose of file:
// ----------------------------------------------------------------------
// 11-30-2001:ahumphr - created file as part of modularistation
// 10-15-2002:skooter - Cross Site Scripting security fixes and also using
// pnAPI for displaying data.
/**
*@usedby index, navigation
*/
function addrating($ratingbkid, $ratinguser, $rating, $ratinghost_name, $ratingcomments)
{
$dbconn =& pnDBGetConn(true);
pnModDBInfoLoad('books');
$pntable =& pnDBGetTables();
$passtest = "yes";
include("header.php");
if (!(pnSecAuthAction(0, 'books::', '::', ACCESS_READ))) {
echo _BOOKSNOAUTH;
include 'footer.php';
return;
}
include(WHERE_IS_PERSO."config.php");
completevoteheader();
if (pnUserLoggedIn()) {
$ratinguser = pnUserGetVar('uname');
} else {
$ratinguser = pnConfigGetVar("anonymous");
}
$column = &$pntable['books_books_column'];
$results3 =& $dbconn->Execute("SELECT $column[title]
FROM $pntable[books_books]
WHERE $column[bkid]='".(int)pnVarPrepForStore($ratingbkid)."'");
while(list($title)=$results3->fields) {
$ttitle = $title;
$results3->MoveNext();
}
/* Make sure only 1 anonymous from an IP in a single day. */
$ip = pnServerGetVar("REMOTE_HOST");
if (empty($ip)) {
$ip = pnServerGetVar("REMOTE_ADDR");
}
/* Check if Rating is Null */
if ($rating=="--") {
$error = "nullerror";
completevote($error);
$passtest = "no";
}
/* Check if book POSTER is voting (UNLESS Anonymous users allowed to post) */
if ($ratinguser != pnConfigGetVar("anonymous") && $ratinguser != "") {
$column = &$pntable['books_books_column'];
$result =& $dbconn->Execute("SELECT $column[submitter]
FROM $pntable[books_books]
WHERE $column[bkid]='".(int)pnVarPrepForStore($ratingbkid)."'");
while(list($ratinguserDB)=$result->fields) {
$result->MoveNext();
if ($ratinguserDB==$ratinguser) {
$error = "postervote";
completevote($error);
$passtest = "no";
}
}
}
/* Check if REG user is trying to vote twice. */
if ($ratinguser != pnConfigGetVar("anonymous") && $ratinguser != "") {
$column = &$pntable['books_votedata_column'];
$result =& $dbconn->Execute("SELECT $column[ratinguser] FROM $pntable[books_votedata] WHERE $column[ratingbkid]='".(int)pnVarPrepForStore($ratingbkid)."'");
while(list($ratinguserDB)=$result->fields) {
$result->MoveNext();
if ($ratinguserDB==$ratinguser) {
$error = "regflood";
completevote($error);
$passtest = "no";
}
}
}
/* Check if ANONYMOUS user is trying to vote more than once per day. */
if ($ratinguser == pnConfigGetVar("anonymous") && $ratinguser != ""){
$yesterdaytimestamp = (time()-(86400 * $anonwaitdays));
$ytsDB = Date("Y-m-d H:i:s", $yesterdaytimestamp);
$column = &$pntable['books_votedata_column'];
$result =& $dbconn->Execute("SELECT count(*)
FROM $pntable[books_votedata]
WHERE $column[ratingbkid]='".(int)pnVarPrepForStore($ratingbkid)."'
AND $column[ratinguser]='".pnConfigGetVar("anonymous")."'
AND $column[ratinghostname]='".pnVarPrepForStore($ip)."'
AND TO_DAYS(NOW()) - TO_DAYS($column[ratingtimestamp]) < '".pnVarPrepForStore($anonwaitdays)."'");
list($anonvotecount) = $result->fields;
if ($anonvotecount >= 1) {
$error = "anonflood";
completevote($error);
$passtest = "no";
}
}
/* Passed Tests */
if ($passtest == "yes") {
/* All is well. Add to Line Item Rate to DB. */
$nextid = $dbconn->GenId($pntable['books_votedata']);
$column = &$pntable['books_votedata_column'];
$dbconn->Execute("INSERT INTO $pntable[books_votedata]
($column[ratingdbid], $column[ratingbkid],
$column[ratinguser], $column[rating],
$column[ratinghostname], $column[ratingcomments],
$column[ratingtimestamp])
VALUES ($nextid,".(int)pnVarPrepForStore($ratingbkid).", '".pnVarPrepForStore($ratinguser)."', '".pnVarPrepForStore($rating)."',
'".pnVarPrepForStore($ip)."', '".pnVarPrepForStore($ratingcomments)."', now())");
/* All is well. Calculate Score & Add to Summary (for quick retrieval & sorting) to DB. */
/* NOTE: If weight is modified, ALL books need to be refreshed with new weight. */
/* Running a SQL statement with your modded calc for ALL books will accomplish this. */
$voteresult =& $dbconn->Execute("SELECT $column[rating], $column[ratinguser],
$column[ratingcomments]
FROM $pntable[books_votedata]
WHERE $column[ratingbkid] = '".(int)pnVarPrepForStore($ratingbkid)."'");
$totalvotesDB = $voteresult->PO_RecordCount();
$retv=calculatevote($voteresult,$totalvotesDB);
$finalrating = $retv[0];
$commresult =& $dbconn->Execute("SELECT $column[ratingcomments]
FROM $pntable[books_votedata]
WHERE $column[ratingbkid] = '".pnVarPrepForStore($ratingbkid)."'
AND $column[ratingcomments] != ''");
$truecomments = $commresult->PO_RecordCount();
$column = &$pntable['books_books_column'];
$dbconn->Execute("UPDATE $pntable[books_books]
SET $column[bookratingsummary] = '".pnVarPrepForStore($finalrating)."',
$column[totalvotes] = '".pnVarPrepForStore($totalvotesDB)."',
$column[totalcomments]= '".pnVarPrepForStore($truecomments)."'
WHERE $column[bkid] = '".(int)pnVarPrepForStore($ratingbkid)."'");
$error = "none";
completevote($error);
}
if ($error == "none")
{
completevotefooter($ratingbkid, $ttitle, $ratinguser);
}
CloseTable();
include("footer.php");
}
/*
* @usedby function addrating
*/
function completevoteheader(){
menu(1);
OpenTable();
}
function completevotefooter($bkid, $ttitle, $ratinguser)
{
if (!isset($bkid) || !is_numeric($bkid)){
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
$dbconn =& pnDBGetConn(true);
pnModDBInfoLoad('books');
$pntable =& pnDBGetTables();
$sitename = pnConfigGetVar('sitename');
$column = &$pntable['books_books_column'];
$result =& $dbconn->Execute("SELECT $column[url]
FROM $pntable[books_books]
WHERE $column[bkid]='".(int)pnVarPrepForStore($bkid)."'");
list($url)=$result->fields;
echo "<div style=\"text-align:center\"><span class=\"pn-normal\">"._BOOKTHANKSTOTAKETIME." $sitename<br />. "._BOOKLETSDECIDE."</span></div><br /><br /><br />";
echo "<div style=\"text-align:center\"><span class=\"pn-normal\">";
bookinfomenu($bkid,displaytitle($bkid));
echo "</span></div>";
}
function completevote($error) {
if ($error == "none")
{
echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE1."</strong></span></div>";
}
elseif ($error == "anonflood")
{
$anonwaitdays = pnConfigGetVar('anonwaitdays');
echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE2." $anonwaitdays "._VOTE8."</strong></span></div><br />";
}
elseif ($error == "regflood")
{
echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE3."</strong></span></div><br />";
}
elseif ($error == "postervote")
{
echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE5."<br />"._VOTE4."</strong></span></div><br />";
}
elseif ($error == "nullerror")
{
echo "<div style=\"text-align:center\"><span class=\"pn-normal\"><strong>"._VOTE6."</strong></span></div><br />";
}
}
/**
* @usedby index
*/
function ratebook($bkid) {
include 'header.php';
if (!(pnSecAuthAction(0, 'books::', '::', ACCESS_COMMENT))) {
echo _BOOKSNOAUTH;
include 'footer.php';
return false;
}
if ((!isset($bkid) || !is_numeric($bkid))){
echo _MODARGSERROR;
include('footer.php');
return false;
}
menu(1);
OpenTable();
$displaytitle = displaytitle($bkid);
$ip = pnServerGetVar("REMOTE_HOST");
if (empty($ip)) {
$ip = pnServerGetVar("REMOTE_ADDR");
}
echo "<span class=\"pn-normal\"><strong>".pnVarPrepForDisplay($displaytitle)."</strong></span>"
."<ul>"
."<li><span class=\"pn-sub\">"._RATEBOOKNOTE1."</span></li>"
."<li><span class=\"pn-sub\">"._RATEBOOKNOTE2."</span></li>"
."<li><span class=\"pn-sub\">"._RATEBOOKNOTE3."</span></li>"
."<li><span class=\"pn-sub\">"._RATEBOOKNOTE4."</span></li>"
."<li><span class=\"pn-sub\">"._RATEBOOKNOTE5."</span></li>";
if (pnUserLoggedIn()) {
$name = pnUserGetVar('uname');
echo "<li><span class=\"pn-sub\">"._YOUAREREGGED."</span></li>"
."<li><span class=\"pn-sub\">"._FEELFREE2ADD."</span></li>";
} else {
echo "<li><span class=\"pn-sub\">"._YOUARENOTREGGED."</span></li>"
."<li><span class=\"pn-sub\">"._IFYOUWEREREG."</span></li>";
$name = pnConfigGetVar("anonymous");
}
echo "</ul>"
."<form method=\"post\" action=\"".$GLOBALS['modurl']."&req=add_rating\"><div>"
."<input type=\"hidden\" name=\"ratingbkid\" value=\"$bkid\" />"
."<input type=\"hidden\" name=\"ratinguser\" value=\"$name\" />"
."<input type=\"hidden\" name=\"ratinghost_name\" value=\"$ip\" />"
."<span class=\"pn-normal\">"._RATEBOOK." "
."<select name=\"rating\">"
."<option>--</option>"
."<option>10</option>"
."<option>9</option>"
."<option>8</option>"
."<option>7</option>"
."<option>6</option>"
."<option>5</option>"
."<option>4</option>"
."<option>3</option>"
."<option>2</option>"
."<option>1</option>"
."</select></span>"
."<span class=\"pn-sub\"><input type=\"submit\" value=\""._RATE."\" /></span>"
."<br /><br />";
if (pnUserLoggedIn()) {
echo "<span class=\"pn-normal\"><strong>"._COMMENT." :</strong><br /><textarea cols=\"80\" rows=\"10\" name=\"ratingcomments\"></textarea>"
."<br /><br /><br />"
."</span>";
} else {
echo"<input type=\"hidden\" name=\"ratingcomments\" value=\"\" />";
}
echo "</div></form>";
CloseTable();
include 'footer.php';
}
?>