Location: PHPKode > projects > ProNuke. Postnuke To Oracle > postnuke/html/modules/Reviews/admin/modules/reviews.php
<?php
// File: $Id: reviews.php,v 1.12 2001/12/04 13:07:51 jgm Exp $ $Name:  $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2001 by the Post-Nuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: 
// Purpose of file: 
// ----------------------------------------------------------------------


if (!eregi("admin.php", $PHP_SELF)) { die ("Access Denied"); }
$hlpfile = "manual/reviews.html";

modules_get_language();

/*********************************************************/
/* REVIEWS Block Functions                               */
/*********************************************************/

function mod_main($title, $description) {
    global $pntable, $dbconn;

    csrfcheck();

    $title = stripslashes(FixQuotes($title));
    $description = stripslashes(FixQuotes($description));
    $column = &$pntable['reviews_main_column'];
    $result = $dbconn->Execute("UPDATE $pntable[reviews_main] 
                              SET $column[title]='$title', 
                                  $column[description]='$description'");
    if($dbconn->ErrorNo()<>0) {
        error_log("ERROR: " . $dbconn->ErrorMsg());
    } 
    pnRedirect('admin.php?op=reviews');
}

function reviews() {
    global $hlpfile, $pntable, $dbconn;
    include ("header.php");
    $hlpfile = "manual/reviews.html";
    GraphicAdmin($hlpfile);
    OpenTable();
    echo "<center><font class=\"pn-title\"><b>"._REVADMIN."</b></font></center>";
    CloseTable();
    echo "<br>";
    $column = &$pntable['reviews_main_column'];
    $resultrm = $dbconn->Execute("SELECT $column[title], $column[description] 
                                FROM $pntable[reviews_main]");
    list($title, $description) = $resultrm->fields;

    // Configuration
    if (authorised(0, 'Reviews::', '::', ACCESS_ADMIN)) {
        OpenTable();
        echo "<form action=\"admin.php\" method=\"post\">"
            ."<center>"._REVTITLE."<br>"
            ."<input type=\"text\" name=\"title\" value=\"$title\" size=\"50\" maxlength=\"100\"><br><br>"
            .""._REVDESC."<br>"
            ."<textarea name=\"description\" rows=\"15\" wrap=\"virtual\" cols=\"60\">$description</textarea><br><br>"
            ."<input type=\"hidden\" name=\"op\" value=\"mod_main\">"
            ."<input type=\"submit\" value=\""._SAVECHANGES."\">"
            ."</form></center>";
        CloseTable();
        echo "<br>";
    }

    // Waiting reviews
    if (authorised(0, 'Reviews::', '::', ACCESS_ADD)) {
        OpenTable();
        echo "<center><font class=\"pn-title\"><b>"._REVWAITING."</b></font><br>";
        $column = &$pntable['reviews_add_column'];
        $result = $dbconn->Execute("SELECT $column[id], $column[date], $column[title], 
                                    $column[text], $column[reviewer], $column[email], 
                                    $column[score], $column[url], $column[url_title], 
                                    $column[rlanguage] 
                                  FROM $pntable[reviews_add] ORDER BY $column[id]");
// FTO Check EOF and databse error
        if (!$result) {
               PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
               die();
            }

        if (!$result->EOF) {

            while(!$result->EOF) {

                list($id, $date, $title, $text, $reviewer, $email, $score, $url, $url_title, $rlanguage) = $result->fields;
                $result->MoveNext();
                $title = stripslashes($title);
                $text = stripslashes($text);
                echo "<form action=\"admin.php\" method=\"post\">"
                ."<hr noshade size=\"1\"><br><table border=\"0\" cellpadding=\"1\" cellspacing=\"2\">"
                ."<tr><td><b>"._REVIEWID.":</td><td><b>$id</b></td></tr>"
                ."<input type=\"hidden\" name=\"id\" value=\"$id\">"
                ."<tr><td>"._DATE.":</td><td><input type=\"text\" name=\"date\" value=\"$date\" size=\"11\" maxlength=\"10\"></td></tr>"
                ."<tr><td>"._PRODUCTTITLE.":</td><td><input type=\"text\" name=\"title\" value=\"$title\" size=\"25\" maxlength=\"40\"></td></tr>"
                ."<tr><td>"._LANGUAGE.":</td><td>"; /* ML Dropdown with the available languages */
    
                echo "<select name=\"rlanguage\" size=\"1\">"
                    ."<option value=\"\">"._ALL."</option>";
       
                $lang = languagelist();
                $sel_lang[$rlanguage] = ' selected';
                $handle = opendir('language');
                while ($f = readdir($handle))
                {
                    if (is_dir("language/$f") && $lang[$f])
                    {
                        $langlist[$f] = $lang[$f];
                    }
                }
                asort($langlist);
                foreach ($langlist as $k=>$v)
                {
                    echo "<option value=\"$k\"$sel_lang[$k]>$v</option>\n";
                }
                echo "</select></td></tr>"

                    ."<tr><td>"._TEXT.":</td><td><TEXTAREA name=\"text\" rows=\"6\" wrap=\"virtual\" cols=\"40\">$text</textarea></td></tr>"
                    ."<tr><td>"._REVIEWER."</td><td><input type=\"text\" name=\"reviewer\" value=\"$reviewer\" size=\"41\" maxlength=\"40\"></td></tr>"
                    ."<tr><td>"._EMAIL.":</td><td><input type=\"text\" name=\"email\" value=\"$email\" size=\"41\" maxlength=\"80\"></td></tr>"
                    ."<tr><td>"._SCORE."</td><td><input type=\"text\" name=\"score\" value=\"$score\" size=\"3\" maxlength=\"2\"></td></tr><tr><td>";
        
                if ($url != "") {
                    echo "<tr><td>"._RELATEDLINK.":</td><td><input type=\"text\" name=\"url\" value=\"$url\" size=\"25\" maxlength=\"100\"></td></tr>"
                        ."<tr><td>"._LINKTITLE.":</td><td><input type=\"text\" name=\"url_title\" value=\"$url_title\" size=\"25\" maxlength=\"50\"></td></tr>";
                    }

                echo "<tr><td>"._IMAGE.":</td><td><input type=\"text\" name=\"cover\" size=\"25\" maxlength=\"100\"><br><i>"._REVIMGINFO."</i></td></tr></table>";
                echo "<input type=\"hidden\" name=\"op\" value=\"add_review\"><input type=\"submit\" value=\""._ADDREVIEW."\"> - [ <a href=\"admin.php?op=deleteNotice&amp;id=$id&amp;table=$pntable[reviews_add]&amp;op_back=reviews\">"._DELETE."</a> ]</form>";
            }
        } else {
            echo "<br><br><i>"._NOREVIEW2ADD."</i><br><br>";
        }
        echo "<a href=\"modules.php?op=modload&name=Reviews&file=index\">"._CLICK2ADDREVIEW."</a></center>";
        CloseTable();
        echo "<br>";
    }

    // Modify
    if (authorised(0, 'Reviews::', '::', ACCESS_EDIT)) {
        OpenTable();
        echo "<center><font class=\"pn-title\"><b>"._DELMODREVIEW."</b></font><br><br>"
            .""._MODREVINFO."</center>";
        CloseTable();
    }
    include ("footer.php");
}

function add_review($id, $date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $rlanguage) {
    global $pntable, $dbconn;

    csrfcheck();

    if (!(authorised(0, 'Reviews::', '::', ACCESS_ADD))) {
        include 'header.php';
        echo _REVIEWSADDNOAUTH;
        include 'footer.php';
        return;
    }

    $title = stripslashes(FixQuotes($title));
    $text = stripslashes(FixQuotes($text));
    $reviewer = stripslashes(FixQuotes($reviewer));
    $email = stripslashes(FixQuotes($email));
    $column = &$pntable['reviews_column'];

// FTO : Add SEQ suffix to avoid conflict name with ORACLE
    $nextid = $dbconn->GenId("{$pntable['reviews']}_SEQ");

    $result = $dbconn->Execute("INSERT INTO $pntable[reviews] ($column[id], 
                                $column[date], $column[title], $column[text], 
                                $column[reviewer], $column[email], $column[score], 
                                $column[cover], $column[url], $column[url_title], 
                                $column[hits], $column[rlanguage]) 
                              VALUES ($nextid, '$date', '$title', '$text', '$reviewer', 
                                '$email', '$score', '$cover', '$url', '$url_title', 
                                '1', '$rlanguage')");
    if($dbconn->ErrorNo()<>0) {
        error_log("ERROR inserting review: " . $dbconn->ErrorMsg());
    }
    else {
        $result = $dbconn->Execute("DELETE FROM $pntable[reviews_add] 
                                  WHERE {$pntable[reviews_add_column][id]} = $id");
        if($dbconn->ErrorNo()<>0) {
            error_log("ERROR deleting queued review: " . $dbconn->ErrorMsg());
        } 
    }
    pnRedirect('admin.php?op=reviews');
}

if (!(authorised(0, 'Reviews::', '::', ACCESS_EDIT))) {
    include 'header.php';
    echo _REVIEWSNOAUTH;
    include 'footer.php';
} else {
    switch ($op){

        case "reviews":
            reviews();
            break;

        case "add_review":
                add_review($id, $date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $rlanguage);
            break;

        case "mod_main":
                mod_main($title, $description);
            break;
    }
}
?>
Return current item: ProNuke. Postnuke To Oracle