<?php
// File: $Id: reviews.php,v 1.12 2001/12/04 13:07:51 jgm Exp $ $Name: $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2001 by the Post-Nuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file:
// Purpose of file:
// ----------------------------------------------------------------------
if (!eregi("admin.php", $PHP_SELF)) { die ("Access Denied"); }
$hlpfile = "manual/reviews.html";
modules_get_language();
/*********************************************************/
/* REVIEWS Block Functions */
/*********************************************************/
function mod_main($title, $description) {
global $pntable, $dbconn;
csrfcheck();
$title = stripslashes(FixQuotes($title));
$description = stripslashes(FixQuotes($description));
$column = &$pntable['reviews_main_column'];
$result = $dbconn->Execute("UPDATE $pntable[reviews_main]
SET $column[title]='$title',
$column[description]='$description'");
if($dbconn->ErrorNo()<>0) {
error_log("ERROR: " . $dbconn->ErrorMsg());
}
pnRedirect('admin.php?op=reviews');
}
function reviews() {
global $hlpfile, $pntable, $dbconn;
include ("header.php");
$hlpfile = "manual/reviews.html";
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._REVADMIN."</b></font></center>";
CloseTable();
echo "<br>";
$column = &$pntable['reviews_main_column'];
$resultrm = $dbconn->Execute("SELECT $column[title], $column[description]
FROM $pntable[reviews_main]");
list($title, $description) = $resultrm->fields;
// Configuration
if (authorised(0, 'Reviews::', '::', ACCESS_ADMIN)) {
OpenTable();
echo "<form action=\"admin.php\" method=\"post\">"
."<center>"._REVTITLE."<br>"
."<input type=\"text\" name=\"title\" value=\"$title\" size=\"50\" maxlength=\"100\"><br><br>"
.""._REVDESC."<br>"
."<textarea name=\"description\" rows=\"15\" wrap=\"virtual\" cols=\"60\">$description</textarea><br><br>"
."<input type=\"hidden\" name=\"op\" value=\"mod_main\">"
."<input type=\"submit\" value=\""._SAVECHANGES."\">"
."</form></center>";
CloseTable();
echo "<br>";
}
// Waiting reviews
if (authorised(0, 'Reviews::', '::', ACCESS_ADD)) {
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._REVWAITING."</b></font><br>";
$column = &$pntable['reviews_add_column'];
$result = $dbconn->Execute("SELECT $column[id], $column[date], $column[title],
$column[text], $column[reviewer], $column[email],
$column[score], $column[url], $column[url_title],
$column[rlanguage]
FROM $pntable[reviews_add] ORDER BY $column[id]");
// FTO Check EOF and databse error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
if (!$result->EOF) {
while(!$result->EOF) {
list($id, $date, $title, $text, $reviewer, $email, $score, $url, $url_title, $rlanguage) = $result->fields;
$result->MoveNext();
$title = stripslashes($title);
$text = stripslashes($text);
echo "<form action=\"admin.php\" method=\"post\">"
."<hr noshade size=\"1\"><br><table border=\"0\" cellpadding=\"1\" cellspacing=\"2\">"
."<tr><td><b>"._REVIEWID.":</td><td><b>$id</b></td></tr>"
."<input type=\"hidden\" name=\"id\" value=\"$id\">"
."<tr><td>"._DATE.":</td><td><input type=\"text\" name=\"date\" value=\"$date\" size=\"11\" maxlength=\"10\"></td></tr>"
."<tr><td>"._PRODUCTTITLE.":</td><td><input type=\"text\" name=\"title\" value=\"$title\" size=\"25\" maxlength=\"40\"></td></tr>"
."<tr><td>"._LANGUAGE.":</td><td>"; /* ML Dropdown with the available languages */
echo "<select name=\"rlanguage\" size=\"1\">"
."<option value=\"\">"._ALL."</option>";
$lang = languagelist();
$sel_lang[$rlanguage] = ' selected';
$handle = opendir('language');
while ($f = readdir($handle))
{
if (is_dir("language/$f") && $lang[$f])
{
$langlist[$f] = $lang[$f];
}
}
asort($langlist);
foreach ($langlist as $k=>$v)
{
echo "<option value=\"$k\"$sel_lang[$k]>$v</option>\n";
}
echo "</select></td></tr>"
."<tr><td>"._TEXT.":</td><td><TEXTAREA name=\"text\" rows=\"6\" wrap=\"virtual\" cols=\"40\">$text</textarea></td></tr>"
."<tr><td>"._REVIEWER."</td><td><input type=\"text\" name=\"reviewer\" value=\"$reviewer\" size=\"41\" maxlength=\"40\"></td></tr>"
."<tr><td>"._EMAIL.":</td><td><input type=\"text\" name=\"email\" value=\"$email\" size=\"41\" maxlength=\"80\"></td></tr>"
."<tr><td>"._SCORE."</td><td><input type=\"text\" name=\"score\" value=\"$score\" size=\"3\" maxlength=\"2\"></td></tr><tr><td>";
if ($url != "") {
echo "<tr><td>"._RELATEDLINK.":</td><td><input type=\"text\" name=\"url\" value=\"$url\" size=\"25\" maxlength=\"100\"></td></tr>"
."<tr><td>"._LINKTITLE.":</td><td><input type=\"text\" name=\"url_title\" value=\"$url_title\" size=\"25\" maxlength=\"50\"></td></tr>";
}
echo "<tr><td>"._IMAGE.":</td><td><input type=\"text\" name=\"cover\" size=\"25\" maxlength=\"100\"><br><i>"._REVIMGINFO."</i></td></tr></table>";
echo "<input type=\"hidden\" name=\"op\" value=\"add_review\"><input type=\"submit\" value=\""._ADDREVIEW."\"> - [ <a href=\"admin.php?op=deleteNotice&id=$id&table=$pntable[reviews_add]&op_back=reviews\">"._DELETE."</a> ]</form>";
}
} else {
echo "<br><br><i>"._NOREVIEW2ADD."</i><br><br>";
}
echo "<a href=\"modules.php?op=modload&name=Reviews&file=index\">"._CLICK2ADDREVIEW."</a></center>";
CloseTable();
echo "<br>";
}
// Modify
if (authorised(0, 'Reviews::', '::', ACCESS_EDIT)) {
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._DELMODREVIEW."</b></font><br><br>"
.""._MODREVINFO."</center>";
CloseTable();
}
include ("footer.php");
}
function add_review($id, $date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $rlanguage) {
global $pntable, $dbconn;
csrfcheck();
if (!(authorised(0, 'Reviews::', '::', ACCESS_ADD))) {
include 'header.php';
echo _REVIEWSADDNOAUTH;
include 'footer.php';
return;
}
$title = stripslashes(FixQuotes($title));
$text = stripslashes(FixQuotes($text));
$reviewer = stripslashes(FixQuotes($reviewer));
$email = stripslashes(FixQuotes($email));
$column = &$pntable['reviews_column'];
// FTO : Add SEQ suffix to avoid conflict name with ORACLE
$nextid = $dbconn->GenId("{$pntable['reviews']}_SEQ");
$result = $dbconn->Execute("INSERT INTO $pntable[reviews] ($column[id],
$column[date], $column[title], $column[text],
$column[reviewer], $column[email], $column[score],
$column[cover], $column[url], $column[url_title],
$column[hits], $column[rlanguage])
VALUES ($nextid, '$date', '$title', '$text', '$reviewer',
'$email', '$score', '$cover', '$url', '$url_title',
'1', '$rlanguage')");
if($dbconn->ErrorNo()<>0) {
error_log("ERROR inserting review: " . $dbconn->ErrorMsg());
}
else {
$result = $dbconn->Execute("DELETE FROM $pntable[reviews_add]
WHERE {$pntable[reviews_add_column][id]} = $id");
if($dbconn->ErrorNo()<>0) {
error_log("ERROR deleting queued review: " . $dbconn->ErrorMsg());
}
}
pnRedirect('admin.php?op=reviews');
}
if (!(authorised(0, 'Reviews::', '::', ACCESS_EDIT))) {
include 'header.php';
echo _REVIEWSNOAUTH;
include 'footer.php';
} else {
switch ($op){
case "reviews":
reviews();
break;
case "add_review":
add_review($id, $date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $rlanguage);
break;
case "mod_main":
mod_main($title, $description);
break;
}
}
?>