PHP NUKE 7.9 : /modules/Reviews/index.php source

[Sommaire] [Imprimer]
   1  <?php
   2  
   3  /************************************************************************/

   4  /* PHP-NUKE: Web Portal System                                          */

   5  /* ===========================                                          */

   6  /*                                                                      */

   7  /* Copyright (c) 2005 by Francisco Burzi                                */

   8  /* http://phpnuke.org                                                   */

   9  /*                                                                      */

  10  /* Base on Reviews Addon                                                */

  11  /* Copyright (c) 2000 by Jeff Lambert (jeffx@ican.net)                  */

  12  /* http://www.qchc.com                                                  */

  13  /*                                                                      */

  14  /* This program is free software. You can redistribute it and/or modify */

  15  /* it under the terms of the GNU General Public License as published by */

  16  /* the Free Software Foundation; either version 2 of the License.       */

  17  /************************************************************************/

  18  
  19  if (!defined('MODULE_FILE')) {
  20      die ("You can't access this file directly...");
  21  }
  22  if (stristr($_SERVER['QUERY_STRING'],'%25')) header("Location: index.php");
  23  
  24  require_once ("mainfile.php");
  25  $module_name = basename(dirname(__FILE__));
  26  get_lang($module_name);
  27  
  28  function alpha() {
  29      global $module_name;
  30      $alphabet = array ("A","B","C","D","E","F","G","H","I","J","K","L","M",
  31      "N","O","P","Q","R","S","T","U","V","W","X","Y","Z","1","2","3","4","5","6","7","8","9","0");
  32      $num = count($alphabet) - 1;
  33      echo "<center>[ ";
  34      $counter = 0;
  35      while (list(, $ltr) = each($alphabet)) {
  36          echo "<a href=\"modules.php?name=$module_name&rop=$ltr\">$ltr</a>";
  37          if ( $counter == round($num/2) ) {
  38              echo " ]\n<br>\n[ ";
  39          } elseif ( $counter != $num ) {
  40              echo "&nbsp;|&nbsp;\n";
  41          }
  42          $counter++;
  43      }
  44      echo " ]</center><br><br>\n\n\n";
  45      echo "<center>[ <a href=\"modules.php?name=$module_name&rop=write_review\">"._WRITEREVIEW."</a> ]</center><br><br>\n\n";
  46  }
  47  
  48  function display_score($score) {
  49      $image = "<img src=\"images/blue.gif\" alt=\"\">";
  50      $halfimage = "<img src=\"images/bluehalf.gif\" alt=\"\">";
  51      $full = "<img src=\"images/star.gif\" alt=\"\">";
  52  
  53      if ($score == 10) {
  54          for ($i=0; $i < 5; $i++)
  55          echo "$full";
  56      } else if ($score % 2) {
  57          $score -= 1;
  58          $score /= 2;
  59          for ($i=0; $i < $score; $i++)
  60          echo "$image";
  61          echo "$halfimage";
  62      } else {
  63          $score /= 2;
  64          for ($i=0; $i < $score; $i++)
  65          echo "$image";
  66      }
  67  }
  68  
  69  function write_review() {
  70      global $admin, $sitename, $user, $cookie, $prefix, $user_prefix, $currentlang, $multilingual, $db, $module_name;
  71      include  ('header.php');
  72      OpenTable();
  73      echo "
  74      <b>"._WRITEREVIEWFOR." $sitename</b><br><br>
  75      <i>"._ENTERINFO."</i><br><br>
  76      <form method=\"post\" action=\"modules.php?name=$module_name\">
  77      <b>"._PRODUCTTITLE.":</b><br>
  78      <input type=\"text\" name=\"title\" size=\"50\" maxlength=\"150\"><br>
  79      <i>"._NAMEPRODUCT."</i><br>";
  80      if ($multilingual == 1) {
  81          echo "<br><b>"._LANGUAGE.": </b>"
  82          ."<select name=\"rlanguage\">";
  83          $handle=opendir('language');
  84          while ($file = readdir($handle)) {
  85              if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
  86                  $langFound = $matches[1];
  87                  $languageslist .= "$langFound ";
  88              }
  89          }
  90          closedir($handle);
  91          $languageslist = explode(" ", $languageslist);
  92          for ($i=0; $i < sizeof($languageslist); $i++) {
  93              if(!empty($languageslist[$i])) {
  94                  echo "<option value=\"$languageslist[$i]\" ";
  95                  if($languageslist[$i]==strtolower($currentlang)) echo "selected";
  96                  echo ">$languageslist[$i]</option>\n";
  97              }
  98          }
  99          echo "</select><br><br>";
 100      } else {
 101          echo "<input type=\"hidden\" name=\"rlanguage\" value=\"$language\"><br><br>";
 102      }
 103      echo "<b>"._REVIEW.":</b><br>
 104      <textarea name=\"text\" rows=\"15\" wrap=\"virtual\" cols=\"60\"></textarea><br>";
 105      if (is_admin($admin)) {
 106          echo "<font class=\"content\">"._PAGEBREAK."</font><br>";
 107      }
 108      echo "
 109      <i>"._CHECKREVIEW."</i><br><br>
 110      <b>"._YOURNAME.":</b><br>";
 111      if (is_user($user)) {
 112          $result = $db->sql_query("select username, user_email from ".$user_prefix."_users where user_id = '".intval($cookie[0])."'");
 113          list($rname, $email) = $db->sql_fetchrow($result);
 114          $rname = filter($rname, "nohtml");
 115          $email = filter($email, "nohtml");
 116      }
 117      else {
 118          $rname = "";
 119          $email = "";
 120      }
 121      echo "<input type=\"text\" name=\"reviewer\" size=\"41\" maxlength=\"40\" value=\"$rname\"><br>
 122          <i>"._FULLNAMEREQ."</i><br><br>
 123          <b>"._REMAIL.":</b><br>
 124          <input type=\"text\" name=\"email\" size=\"40\" maxlength=\"80\" value=\"$email\"><br>
 125          <i>"._REMAILREQ."</i><br><br>
 126          <b>"._SCORE."</b><br>
 127          <select name=\"score\">
 128          <option name=\"score\" value=\"10\">10</option>
 129          <option name=\"score\" value=\"9\">9</option>
 130          <option name=\"score\" value=\"8\">8</option>
 131          <option name=\"score\" value=\"7\">7</option>
 132          <option name=\"score\" value=\"6\">6</option>
 133          <option name=\"score\" value=\"5\">5</option>
 134          <option name=\"score\" value=\"4\">4</option>
 135          <option name=\"score\" value=\"3\">3</option>
 136          <option name=\"score\" value=\"2\">2</option>
 137          <option name=\"score\" value=\"1\">1</option>
 138          </select>
 139          <i>"._SELECTSCORE."</i><br><br>
 140          <b>"._RELATEDLINK.":</b><br>
 141          <input type=\"text\" name=\"url\" size=\"40\" maxlength=\"100\" value=\"http://\"><br>
 142          <i>"._PRODUCTSITE."</i><br><br>
 143          <b>"._LINKTITLE.":</b><br>
 144          <input type=\"text\" name=\"url_title\" size=\"40\" maxlength=\"50\"><br>
 145          <i>"._LINKTITLEREQ."</i><br><br>
 146      ";
 147      if(is_admin($admin)) {
 148          echo "<b>"._RIMAGEFILE.":</b><br>
 149              <input type=\"text\" name=\"cover\" size=\"40\" maxlength=\"100\"><br>
 150              <i>"._RIMAGEFILEREQ."</i><br><br>
 151          ";
 152      }
 153      echo "<i>"._CHECKINFO."</i><br><br>
 154          <input type=\"hidden\" name=\"rop\" value=\"preview_review\">
 155          <input type=\"submit\" value=\""._PREVIEW."\"> <input type=\"button\" onClick=\"history.go(-1)\" value=\""._CANCEL."\"></form>
 156      ";
 157      CloseTable();
 158      include  ("footer.php");
 159  }
 160  
 161  function preview_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage) {
 162      global $admin, $multilingual, $module_name;
 163      $title = filter($title, "nohtml", 0, preview);
 164      $text = filter($text);
 165      $reviewer = filter($reviewer, "nohtml", 0, preview);
 166      $url_title = filter($url_title, "nohtml", 0, preview);
 167      $email = filter($email, "nohtml", 0, preview);
 168      $score = intval($score);
 169      $cover = filter($cover, "nohtml", 0, preview);
 170      $url = filter($url, "nohtml", 0, preview);
 171      $url_title = filter($url_title, "nohtml", 0, preview);
 172      $hits = intval($hits);
 173      $id = intval($id);
 174      include  ('header.php');
 175      OpenTable();
 176      echo "<form method=\"post\" action=\"modules.php?name=$module_name\">";
 177  
 178      if (empty($title)) {
 179          $error = 1;
 180          echo ""._INVALIDTITLE."<br>";
 181      }
 182      if (empty($text)) {
 183          $error = 1;
 184          echo ""._INVALIDTEXT."<br>";
 185      }
 186      if (($score < 1) || ($score > 10)) {
 187          $error = 1;
 188          echo ""._INVALIDSCORE."<br>";
 189      }
 190      if (($hits < 0) && ($id != 0)) {
 191          $error = 1;
 192          echo ""._INVALIDHITS."<br>";
 193      }
 194      if (empty($reviewer) || empty($email)) {
 195          $error = 1;
 196          echo ""._CHECKNAME."<br>";
 197      } else if (!empty($reviewer) && !empty($email))
 198      if (!(eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$",$email))) {
 199          $error = 1;
 200          /* eregi checks for a valid email! works nicely for me! */

 201          echo ""._INVALIDEMAIL."<br>";
 202      }
 203      if (($url_title != "" && $url =="") || ($url_title == "" && $url != "")) {
 204          $error = 1;
 205          echo ""._INVALIDLINK."<br>";
 206      } else if (($url != "") && (!(eregi('(^http[s]*:[/]+)(.*)', $url))))
 207      $url = "http://" . $url;
 208      /* If the user ommited the http, this nifty eregi will add it */

 209      if (isset($error) AND ($error == 1))
 210      echo "<br>"._GOBACK."";
 211      else
 212      {
 213          if (empty($date))
 214          $date = date("Y-m-d", time());
 215          $year2 = substr($date,0,4);
 216          $month = substr($date,5,2);
 217          $day = substr($date,8,2);
 218          $fdate = date("F jS Y",mktime (0,0,0,$month,$day,$year2));
 219          echo "<table border=\"0\" width=\"100%\"><tr><td colspan=\"2\">";
 220          echo "<p><font class=\"title\"><i><b>$title</b></i></font><br>";
 221          echo "<blockquote><p>";
 222          if (!empty($cover))
 223          echo "<img src=\"images/reviews/$cover\" align=\"right\" border=\"1\" vspace=\"2\" alt=\"\">";
 224          echo "$text<p>";
 225          echo "<b>"._ADDED."</b> $fdate<br>";
 226          if ($multilingual == 1) {
 227              echo "<b>"._LANGUAGE."</b> $rlanguage<br>";
 228          }
 229          echo "<b>"._REVIEWER."</b> <a href=\"mailto:$email\">$reviewer</a><br>";
 230          echo "<b>"._SCORE."</b> ";
 231          display_score($score);
 232          if (!empty($url))
 233          echo "<br><b>"._RELATEDLINK.":</b> <a href=\"$url\" target=\"new\">$url_title</a>";
 234          $id = intval($id);
 235          if ($id != 0) {
 236              echo "<br><b>"._REVIEWID.":</b> $id<br>";
 237              echo "<b>"._HITS.":</b> $hits<br>";
 238          }
 239          echo "</font></blockquote>";
 240          echo "</td></tr></table>";
 241          $text = urlencode($text);
 242          echo "<p><i>"._LOOKSRIGHT."</i> ";
 243          echo "<input type=\"hidden\" name=\"id\" value=$id>
 244            <input type=\"hidden\" name=\"hits\" value=\"$hits\">
 245            <input type=\"hidden\" name=\"rop\" value=send_review>
 246            <input type=\"hidden\" name=\"date\" value=\"$date\">
 247            <input type=\"hidden\" name=\"title\" value=\"$title\">
 248            <input type=\"hidden\" name=\"text\" value=\"$text\">
 249            <input type=\"hidden\" name=\"reviewer\" value=\"$reviewer\">
 250            <input type=\"hidden\" name=\"email\" value=\"$email\">
 251            <input type=\"hidden\" name=\"score\" value=\"$score\">
 252            <input type=\"hidden\" name=\"url\" value=\"$url\">
 253            <input type=\"hidden\" name=\"url_title\" value=\"$url_title\">
 254            <input type=\"hidden\" name=\"cover\" value=\"$cover\">";
 255          echo "<input type=\"hidden\" name=\"rlanguage\" value=\"$rlanguage\">";
 256          echo "<input type=\"submit\" name=\"rop\" value=\""._YES."\"> <input type=\"button\" onClick=\"history.go(-1)\" value=\""._NO."\">";
 257          $id = intval($id);
 258          if($id != 0)
 259          $word = ""._RMODIFIED."";
 260          else
 261          $word = ""._RADDED."";
 262          if(is_admin($admin))
 263          echo "<br><br><b>"._NOTE."</b> "._ADMINLOGGED." $word.";
 264      }
 265      CloseTable();
 266      include  ("footer.php");
 267  }
 268  
 269  function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage) {
 270      global $admin, $EditedMessage, $prefix, $db, $module_name;
 271      include  ('header.php');
 272      $id = intval($id);
 273      $title = filter($title, "nohtml", 1);
 274      $text = filter($text, "", 1);
 275      $reviewer = filter($reviewer, "nohtml", 1);
 276      $url_title = filter($url_title, "nohtml", 1);
 277      $email = filter($email, "nohtml", 1);
 278      $score = intval($score);
 279      $cover = filter($cover, "nohtml", 1);
 280      $url = filter($url, "nohtml", 1);
 281      $url_title = filter($url_title, "nohtml", 1);
 282      $hits = intval($hits);
 283      OpenTable();
 284      echo "<br><center>"._RTHANKS."";
 285      $id = intval($id);
 286      if ($id != 0)
 287      echo " "._MODIFICATION."";
 288      else
 289      echo ", $reviewer";
 290      echo "!<br>";
 291      if ($score < 0 OR $score > 10) {
 292          $score = 0;
 293      }
 294      if ((is_admin($admin)) && ($id == 0)) {
 295          $db->sql_query("INSERT INTO ".$prefix."_reviews VALUES (NULL, '$date', '$title', '$text', '$reviewer', '$email', '$score', '$cover', '$url', '$url_title', '1', '$rlanguage')");
 296          echo ""._ISAVAILABLE."";
 297      } else if ((is_admin($admin)) && ($id != 0)) {
 298          $db->sql_query("UPDATE ".$prefix."_reviews SET date='$date', title='$title', text='$text', reviewer='$reviewer', email='$email', score='$score', cover='$cover', url='$url', url_title='$url_title', hits='$hits', rlanguage='$rlanguage' where id = '$id'");
 299          echo ""._ISAVAILABLE."";
 300      } else {
 301          $db->sql_query("INSERT INTO ".$prefix."_reviews_add VALUES (NULL, '$date', '$title', '$text', '$reviewer', '$email', '$score', '$url', '$url_title', '$rlanguage')");
 302          echo ""._EDITORWILLLOOK."";
 303      }
 304      echo "<br><br>[ <a href=\"modules.php?name=$module_name\">"._RBACK."</a> ]<br></center>";
 305      CloseTable();
 306      include  ("footer.php");
 307  }
 308  
 309  function reviews_index() {
 310      global $bgcolor3, $bgcolor2, $prefix, $multilingual, $currentlang, $db, $module_name;
 311      include  ('header.php');
 312      if ($multilingual == 1) {
 313          $querylang = "WHERE rlanguage='$currentlang'";
 314      } else {
 315          $querylang = "";
 316      }
 317      OpenTable();
 318      echo "<table border=\"0\" width=\"95%\" CELLPADDING=\"2\" CELLSPACING=\"4\" align=\"center\">
 319      <tr><td colspan=\"2\"><center><font class=\"title\">"._RWELCOME."</font></center><br><br><br>";
 320      $result = $db->sql_query("select title, description from ".$prefix."_reviews_main");
 321      list($title, $description) = $db->sql_fetchrow($result);
 322      $title = filter($title, "nohtml");
 323      $description = filter($description);
 324      echo "<center><b>$title</b><br><br>$description</center>";
 325      echo "<br><br><br>";
 326      alpha();
 327      echo "</td></tr>";
 328      echo "<tr><td width=\"50%\" bgcolor=\"$bgcolor2\"><b>"._10MOSTPOP."</b></td>";
 329      echo "<td width=\"50%\" bgcolor=\"$bgcolor2\"><b>"._10MOSTREC."</b></td></tr>";
 330      $result_pop = $db->sql_query("SELECT id, title, hits from ".$prefix."_reviews $querylang order by hits DESC limit 10");
 331      $result_rec = $db->sql_query("SELECT id, title, date, hits from ".$prefix."_reviews $querylang order by date DESC limit 10");
 332      $y = 1;
 333      for ($x = 0; $x < 10; $x++)    {
 334          $myrow = $db->sql_fetchrow($result_pop);
 335          $id = intval($myrow['id']);
 336          $title = filter($myrow['title'], "nohtml");
 337          $hits = intval($myrow['hits']);
 338          echo "<tr><td width=\"50%\" bgcolor=\"$bgcolor3\">$y) <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id\">$title</a></td>";
 339          $myrow2 = $db->sql_fetchrow($result_rec);
 340          $id = intval($myrow2['id']);
 341          $title = filter($myrow2['title'], "nohtml");
 342          $hits = intval($myrow2['hits']);
 343          echo "<td width=\"50%\" bgcolor=\"$bgcolor3\">$y) <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id\">$title</a></td></tr>";
 344          $y++;
 345      }
 346      echo "<tr><td colspan=\"2\"><br></td></tr>";
 347      $result2 = $db->sql_query("SELECT * FROM ".$prefix."_reviews $querylang");
 348      $numresults = $db->sql_numrows($result2);
 349      echo "<tr><td colspan=\"2\"><br><center>"._THEREARE." $numresults "._REVIEWSINDB."</center></td></tr></table>";
 350      CloseTable();
 351      include  ("footer.php");
 352  }
 353  
 354  function reviews($letter, $field, $order) {
 355      global $bgcolor4, $sitename, $prefix, $multilingual, $currentlang, $db, $module_name;
 356      include  ('header.php');
 357      $letter = substr("$letter", 0,1);
 358      if ($multilingual == 1) {
 359          $querylang = "AND rlanguage='$currentlang'";
 360      } else {
 361          $querylang = "";
 362      }
 363      OpenTable();
 364      echo "<center><b>$sitename "._REVIEWS."</b><br>";
 365      echo "<i>"._REVIEWSLETTER." \"$letter\"</i><br><br>";
 366      switch ($field) {
 367  
 368          case "reviewer":
 369          $result = $db->sql_query("SELECT id, title, hits, reviewer, score FROM ".$prefix."_reviews WHERE UPPER(title) LIKE '$letter%' $querylang ORDER by reviewer $order");
 370          break;
 371  
 372          case "score":
 373          $result = $db->sql_query("SELECT id, title, hits, reviewer, score FROM ".$prefix."_reviews WHERE UPPER(title) LIKE '$letter%' $querylang ORDER by score $order");
 374          break;
 375  
 376          case "hits":
 377          $result = $db->sql_query("SELECT id, title, hits, reviewer, score FROM ".$prefix."_reviews WHERE UPPER(title) LIKE '$letter%' $querylang ORDER by hits $order");
 378          break;
 379  
 380          default:
 381          $result = $db->sql_query("SELECT id, title, hits, reviewer, score FROM ".$prefix."_reviews WHERE UPPER(title) LIKE '$letter%' $querylang ORDER by title $order");
 382          break;
 383  
 384      }
 385      $numresults = $db->sql_numrows($result);
 386      if ($numresults == 0) {
 387          echo "<i><b>"._NOREVIEWS." \"$letter\"</b></i><br><br>";
 388      } elseif ($numresults > 0) {
 389          echo "<TABLE BORDER=\"0\" width=\"100%\" CELLPADDING=\"2\" CELLSPACING=\"4\">
 390          <tr>
 391          <td width=\"50%\" bgcolor=\"$bgcolor4\">
 392          <P ALIGN=\"LEFT\"><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=title&amp;order=ASC\"><img src=\"images/up.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTASC."\"></a><B> "._PRODUCTTITLE." </B><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=title&amp;order=DESC\"><img src=\"images/down.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTDESC."\"></a>
 393          </td>
 394          <td width=\"18%\" bgcolor=\"$bgcolor4\">
 395          <P ALIGN=\"CENTER\"><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=reviewer&amp;order=ASC\"><img src=\"images/up.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTASC."\"></a><B> "._REVIEWER." </B><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=reviewer&amp;order=desc\"><img src=\"images/down.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTDESC."\"></a>
 396          </td>
 397          <td width=\"18%\" bgcolor=\"$bgcolor4\">
 398          <P ALIGN=\"CENTER\"><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=score&amp;order=ASC\"><img src=\"images/up.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTASC."\"></a><B> "._SCORE." </B><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=score&amp;order=DESC\"><img src=\"images/down.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTDESC."\"></a>
 399          </td>
 400          <td width=\"14%\" bgcolor=\"$bgcolor4\">
 401          <P ALIGN=\"CENTER\"><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=hits&amp;order=ASC\"><img src=\"images/up.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTASC."\"></a><B> "._HITS." </B><a href=\"modules.php?name=$module_name&amp;rop=$letter&amp;field=hits&amp;order=DESC\"><img src=\"images/down.gif\" border=\"0\" width=\"15\" height=\"9\" Alt=\""._SORTDESC."\"></a>
 402          </td>
 403          </tr>";
 404          while($myrow = $db->sql_fetchrow($result)) {
 405              $title = filter($myrow["title"], "nohtml");
 406              $id = intval($myrow['id']);
 407              $reviewer = filter($myrow['reviewer'], "nohtml");
 408              $email = filter($myrow['email'], "nohtml");
 409              $score = intval($myrow['score']);
 410              $hits = intval($myrow['hits']);
 411              echo "<tr>
 412              <td width=\"50%\" bgcolor=\"$bgcolor4\"><a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id\">$title</a></td>
 413              <td width=\"18%\" bgcolor=\"$bgcolor4\">";
 414              if (!empty($reviewer))
 415              echo "<center>$reviewer</center>";
 416              echo "</td><td width=\"18%\" bgcolor=\"$bgcolor4\"><center>";
 417              display_score($score);
 418              echo "</center></td><td width=\"14%\" bgcolor=\"$bgcolor4\"><center>$hits</center></td>
 419            </tr>";
 420          }
 421          echo "</TABLE>";
 422          echo "<br>$numresults "._TOTALREVIEWS."<br><br>";
 423      }
 424      echo "[ <a href=\"modules.php?name=$module_name\">"._RETURN2MAIN."</a> ]";
 425      CloseTable();
 426      include  ("footer.php");
 427  }
 428  
 429  function postcomment($id, $title) {
 430      global $user, $cookie, $AllowableHTML, $anonymous, $module_name, $anonpost;
 431      if (!is_user($user) && $anonpost == 0) {
 432          include ("header.php");
 433          title("$module_name");
 434          OpenTable();
 435          echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"._MODULEUSERS."";
 436          CloseTable();
 437          include ("footer.php");
 438          die();
 439      }
 440      include ("header.php");
 441      cookiedecode($user);
 442      $title = filter($title, "nohtml");
 443      OpenTable();
 444      echo "<center><font class=option><b>"._REVIEWCOMMENT." $title</b><br><br></font></center>"
 445      ."<form action=modules.php?name=$module_name method=post>";
 446      if (!is_user($user) && $anonpost != 0) {
 447          echo "<b>"._YOURNICK."</b> $anonymous [ "._RCREATEACCOUNT." ]<br><br>";
 448          $uname = $anonymous;
 449      } else {
 450          echo "<b>"._YOURNICK."</b> $cookie[1]<br><br>";
 451          if ($anonpost != 0) {
 452              echo "<input type=checkbox name=xanonpost> "._POSTANON."<br><br>";
 453          } else {
 454              echo "<input type=hidden name=xanonpost value=0>";
 455          }
 456          $uname = $cookie[1];
 457      }
 458      echo "
 459      <input type=hidden name=uname value=$uname>
 460      <input type=hidden name=id value=$id>
 461      <b>"._SELECTSCORE."</b>
 462      <select name=score>
 463      <option name=score value=10>10</option>
 464      <option name=score value=9>9</option>
 465      <option name=score value=8>8</option>
 466      <option name=score value=7>7</option>
 467      <option name=score value=6>6</option>
 468      <option name=score value=5>5</option>
 469      <option name=score value=4>4</option>
 470      <option name=score value=3>3</option>
 471      <option name=score value=2>2</option>
 472      <option name=score value=1>1</option>
 473      </select><br><br>
 474      <b>"._YOURCOMMENT."</b><br>
 475      <textarea name=comments rows=10 cols=70></textarea><br>
 476      "._HTMLNOTALLOWED."<br>";
 477      echo "<br>
 478      <input type=hidden name=rop value=savecomment>
 479      <input type=submit value=Submit>
 480      </form>
 481      ";
 482      CloseTable();
 483      include ("footer.php");
 484  }
 485  
 486  function savecomment($xanonpost, $uname, $id, $score, $comments) {
 487      global $anonymous, $user, $cookie, $prefix, $db, $module_name, $user_prefix, $anonpost;
 488      if (!is_user($user) && $anonpost == 0) {
 489          include ("header.php");
 490          title("$module_name");
 491          OpenTable();
 492          echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"._MODULEUSERS."";
 493          CloseTable();
 494          include ("footer.php");
 495          die();
 496      }
 497      if ($xanonpost) {
 498          $uname = $anonymous;
 499      }
 500      $comments = filter($comments, "", 1);
 501      $uname = filter($cookie[1], "nohtml");
 502      $id = intval($id);
 503      $score = intval($score);
 504      if (is_user($user)) {
 505          $krow = $db->sql_fetchrow($db->sql_query("SELECT karma FROM ".$user_prefix."_users WHERE username='$uname'"));
 506          if ($krow['karma'] == 2) {
 507              $db->sql_query("insert into ".$prefix."_reviews_comments_moderated values (NULL, '$id', '$uname', now(), '$comments', '$score')");
 508              include ("header.php");
 509              title(""._MODERATEDTITLE."");
 510              OpenTable();
 511              echo "<center>"._COMMENTMODERATED."";
 512              echo "<br><br><a href=\"modules.php?name=$module_name&rop=showcontent&id=$id\">"._MODERATEDTITLE."</a>";
 513              CloseTable();
 514              include ("footer.php");
 515              die();
 516          } elseif ($krow['karma'] == 3) {
 517              Header("Location: modules.php?name=$module_name&rop=showcontent&id=$id");
 518              die();
 519          }
 520      }
 521      $db->sql_query("insert into ".$prefix."_reviews_comments values (NULL, '$id', '$uname', now(), '$comments', '$score')");
 522      update_points(12);
 523      Header("Location: modules.php?name=$module_name&rop=showcontent&id=$id");
 524  }
 525  
 526  function r_comments($id, $title) {
 527      global $admin, $prefix, $db, $module_name, $anonymous;
 528      $id = intval($id);
 529      $result = $db->sql_query("SELECT cid, userid, date, comments, score from ".$prefix."_reviews_comments where rid='$id' ORDER BY date DESC");
 530      while ($row = $db->sql_fetchrow($result)) {
 531          $cid = intval($row['cid']);
 532          $uname = filter($row['userid'], "nohtml");
 533          $date = $row['date'];
 534          $comments = filter($row['comments']);
 535          $score = intval($row['score']);
 536          OpenTable();
 537          $title = filter($title, "nohtml");
 538          echo "<b>$title</b><br>";
 539          if ($uname == $anonymous) {
 540              echo ""._POSTEDBY." $uname "._ON." $date<br>";
 541          } else {
 542              echo ""._POSTEDBY." <a href=\"modules.php?name=Your_Account&amp;op=userinfo&amp;username=$uname\">$uname</a> "._ON." $date<br>";
 543          }
 544          echo ""._MYSCORE." ";
 545          display_score($score);
 546          if (is_admin($admin)) {
 547              echo "<br><b>"._ADMIN."</b> [ <a href=\"modules.php?name=$module_name&rop=del_comment&amp;cid=$cid&amp;id=$id\">"._DELETE."</a> ]</font><hr noshade size=1><br><br>";
 548          } else {
 549              echo "</font><hr noshade size=1><br><br>";
 550          }
 551          echo "$comments";
 552          CloseTable();
 553          echo "<br>";
 554      }
 555  }
 556  
 557  function showcontent($id, $page) {
 558      global $admin, $uimages, $prefix, $db, $module_name;
 559      $id = intval($id);
 560      $page = intval($page);
 561      include  ('header.php');
 562      OpenTable();
 563      if (($page == 1) OR (empty($page))) {
 564          $db->sql_query("UPDATE ".$prefix."_reviews SET hits=hits+1 WHERE id='$id'");
 565      }
 566      $result = $db->sql_query("SELECT * FROM ".$prefix."_reviews WHERE id='$id'");
 567      $myrow = $db->sql_fetchrow($result);
 568      $id = intval($myrow['id']);
 569      $date = $myrow['date'];
 570      $year = substr($date,0,4);
 571      $month = substr($date,5,2);
 572      $day = substr($date,8,2);
 573      $fdate = date("F jS Y",mktime (0,0,0,$month,$day,$year));
 574      $title = $myrow['title'];
 575      $title = filter($title, "nohtml");
 576      $text = filter($myrow['text']);
 577      $cover = filter($myrow['cover'], "nohtml");
 578      $reviewer = filter($myrow['reviewer'], "nohtml");
 579      $email = filter($myrow['email'], "nohtml");
 580      $hits = intval($myrow['hits']);
 581      $url = filter($myrow['url'], "nohtml");
 582      $url_title = filter($myrow['url_title'], "nohtml");
 583      $score = intval($myrow['score']);
 584      $rlanguage = $myrow['rlanguage'];
 585      $contentpages = explode( "[--pagebreak--]", $text );
 586      $pageno = count($contentpages);
 587      if ( $page=="" || $page < 1 )
 588      $page = 1;
 589      if ( $page > $pageno )
 590      $page = $pageno;
 591      $arrayelement = (int)$page;
 592      $arrayelement --;
 593      echo "<p><i><b><font class=\"title\">$title</b></i></font><br>";
 594      echo "<BLOCKQUOTE><p align=justify>";
 595      if (!empty($cover))
 596      echo "<img src=\"images/reviews/$cover\" align=right border=1 vspace=2 alt=\"\">";
 597      echo "$contentpages[$arrayelement]
 598      </BLOCKQUOTE><p>";
 599      if (is_admin($admin))
 600      echo "<b>"._ADMIN."</b> [ <a href=\"modules.php?name=$module_name&rop=mod_review&amp;id=$id\">"._EDIT."</a> | <a href=modules.php?name=$module_name&rop=del_review&amp;id_del=$id>"._DELETE."</a> ]<br>";
 601      echo "<b>"._ADDED."</b> $fdate<br>";
 602      if (!empty($reviewer))
 603      echo "<b>"._REVIEWER."</b> <a href=mailto:$email>$reviewer</a><br>";
 604      if (!empty($score))
 605      echo "<b>"._SCORE."</b> ";
 606      display_score($score);
 607      if (!empty($url))
 608      echo "<br><b>"._RELATEDLINK.":</b> <a href=\"$url\" target=new>$url_title</a>";
 609      echo "<br><b>"._HITS.":</b> $hits";
 610      echo "<br><b>"._LANGUAGE.":</b> $rlanguage";
 611      if ($pageno > 1) {
 612          echo "<br><b>"._PAGE.":</b> $page/$pageno<br>";
 613      }
 614      echo "</font>";
 615      echo "</CENTER>";
 616      if($page >= $pageno) {
 617          $next_page = "";
 618      } else {
 619          $next_pagenumber = $page + 1;
 620          if ($page != 1) {
 621              $next_page .= "<img src=\"images/blackpixel.gif\" width=\"10\" height=\"2\" border=\"0\" alt=\"\"> &nbsp;&nbsp; ";
 622          }
 623          $next_page .= "<a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$next_pagenumber\">"._NEXT." ($next_pagenumber/$pageno)</a> <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$next_pagenumber\"><img src=\"images/right.gif\" border=\"0\" alt=\""._NEXT."\"></a>";
 624      }
 625      if($page <= 1) {
 626          $previous_page = "";
 627      } else {
 628          $previous_pagenumber = $page - 1;
 629          $previous_page = "<a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$previous_pagenumber\"><img src=\"images/left.gif\" border=\"0\" alt=\""._PREVIOUS."\"></a> <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$previous_pagenumber\">"._PREVIOUS." ($previous_pagenumber/$pageno)</a>";
 630      }
 631      echo "<center>"
 632      ."$previous_page &nbsp;&nbsp; $next_page<br><br>"
 633      ."[ <a href=\"modules.php?name=$module_name\">"._RBACK."</a> | "
 634      ."<a href=\"modules.php?name=$module_name&rop=postcomment&amp;id=$id&amp;title=$title\">"._REPLYMAIN."</a> ]";
 635      CloseTable();
 636      if (($page == 1) OR (empty($page))) {
 637          echo "<br>";
 638          r_comments($id, $title);
 639      }
 640      include  ("footer.php");
 641  }
 642  
 643  function mod_review($id) {
 644      global $admin, $prefix, $db, $module_name;
 645      $id = intval($id);
 646      include  ('header.php');
 647      OpenTable();
 648      if (($id == 0) || (!is_admin($admin)))
 649      echo "This function must be passed argument id, or you are not admin.";
 650      else if (($id != 0) && (is_admin($admin)))
 651      {
 652          $result = $db->sql_query("SELECT * from ".$prefix."_reviews where id = '$id'");
 653          while ($myrow = $db->sql_fetchrow($result)) {
 654              $id = intval($myrow['id']);
 655              $date = $myrow['date'];
 656              $title = $myrow['title'];
 657              $title = filter($title, "nohtml");
 658              $text = filter($myrow['text']);
 659              $cover = filter($myrow['cover'], "nohtml");
 660              $reviewer = filter($myrow['reviewer'], "nohtml");
 661              $email = filter($myrow['email'], "nohtml");
 662              $hits = intval($myrow['hits']);
 663              $url = filter($myrow['url'], "nohtml");
 664              $url_title = filter($myrow['url_title'], "nohtml");
 665              $score = intval($myrow['score']);
 666              $rlanguage = $myrow['rlanguage'];
 667          }
 668          echo "<center><b>"._REVIEWMOD."</b></center><br><br>";
 669          echo "<form method=POST action=modules.php?name=$module_name&rop=preview_review><input type=hidden name=id value=$id>";
 670          echo "<TABLE BORDER=0 width=100%>
 671              <tr>
 672                  <td width=12%><b>"._RDATE."</b></td>
 673                  <td><INPUT TYPE=text NAME=date SIZE=15 VALUE=\"$date\" MAXLENGTH=10></td>
 674              </tr>
 675              <tr>
 676                  <td width=12%><b>"._RTITLE."</b></td>
 677                  <td><INPUT TYPE=text NAME=title SIZE=50 MAXLENGTH=150 value=\"$title\"></td>
 678              </tr>
 679              <tr>";
 680          echo "<td width=12%><b>"._LANGUAGE."</b></td>
 681                  <td><select name=\"rlanguage\">";
 682          $handle=opendir('language');
 683          while ($file = readdir($handle)) {
 684              if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
 685                  $langFound = $matches[1];
 686                  $languageslist .= "$langFound ";
 687              }
 688          }
 689          closedir($handle);
 690          $languageslist = explode(" ", $languageslist);
 691          for ($i=0; $i < sizeof($languageslist); $i++) {
 692              if(!empty($languageslist[$i])) {
 693                  echo "<option value=\"$languageslist[$i]\" ";
 694                  if($languageslist[$i]==$rlanguage) echo "selected";
 695                  echo ">$languageslist[$i]</option>\n";
 696              }
 697          }
 698  
 699          echo "</select></td></tr>";
 700          echo "<tr>
 701                  <td width=12%><b>"._RTEXT."</b></td>
 702                  <td><TEXTAREA class=textbox name=text rows=20 wrap=virtual cols=60>$text</TEXTAREA></td>
 703              </tr>
 704              <tr>
 705                  <td width=12%><b>"._REVIEWER."</b></td>
 706                  <td><INPUT TYPE=text NAME=reviewer SIZE=41 MAXLENGTH=40 value=\"$reviewer\"></td>
 707              </tr>
 708              <tr>
 709                  <td width=12%><b>"._REVEMAIL."</b></td>
 710                  <td><INPUT TYPE=text NAME=email value=\"$email\" SIZE=30 MAXLENGTH=80></td>
 711              </tr>
 712              <tr>
 713                  <td width=12%><b>"._SCORE."</b></td>
 714                  <td><INPUT TYPE=text NAME=score value=\"$score\" size=3 maxlength=2></td>
 715              </tr>
 716              <tr>
 717                  <td width=12%><b>"._RLINK."</b></td>
 718                  <td><INPUT TYPE=text NAME=url value=\"$url\" size=30 maxlength=100></td>
 719              </tr>
 720              <tr>
 721                  <td width=12%><b>"._RLINKTITLE."</b></td>
 722                  <td><INPUT TYPE=text NAME=url_title value=\"$url_title\" size=30 maxlength=50></td>
 723              </tr>
 724              <tr>
 725                  <td width=12%><b>"._COVERIMAGE."</b></td>
 726                  <td><INPUT TYPE=text NAME=cover value=\"$cover\" size=30 maxlength=100></td>
 727              </tr>
 728              <tr>
 729                  <td width=12%><b>"._HITS.":</b></td>
 730                  <td><INPUT TYPE=text NAME=hits value=\"$hits\" size=5 maxlength=5></td>
 731              </tr>
 732          </TABLE>";
 733          echo "<input type=hidden name=rop value=preview_review><input type=submit value=\""._PREMODS."\">&nbsp;&nbsp;<input type=button onClick=history.go(-1) value="._CANCEL."></form>";
 734      }
 735      CloseTable();
 736      include  ("footer.php");
 737  }
 738  
 739  function del_review($id_del) {
 740      global $admin, $prefix, $db, $module_name;
 741      $id_del = intval($id_del);
 742      if (is_admin($admin)) {
 743          $db->sql_query("delete from ".$prefix."_reviews where id = '$id_del'");
 744          $db->sql_query("delete from ".$prefix."_reviews_comments where rid='$id_del'");
 745          Header("Location: modules.php?name=$module_name");
 746      } else {
 747          echo "ACCESS DENIED";
 748      }
 749  }
 750  
 751  function del_comment($cid, $id) {
 752      global $admin, $prefix, $db, $module_name;
 753      $cid = intval($cid);
 754      if (is_admin($admin)) {
 755          $db->sql_query("delete from ".$prefix."_reviews_comments where cid='$cid'");
 756          Header("Location: modules.php?name=$module_name&rop=showcontent&id=$id");
 757      } else {
 758          echo "ACCESS DENIED";
 759      }
 760  }
 761  
 762  if (!isset($rop)) { $rop = ""; }
 763  if (!isset($page)) { $page = ""; }
 764  if (!isset($field)) { $field = ""; }
 765  if (!isset($order)) { $order = ""; }
 766  if (!isset($date)) { $date = ""; }
 767  if (!isset($hits)) { $hits = ""; }
 768  if (!isset($id)) { $id = ""; }
 769  if (strlen($rop) == 1 AND ctype_alnum($rop))
 770    reviews($rop, $field, $order);
 771  else switch($rop) {
 772  
 773      case "showcontent":
 774      showcontent($id, $page);
 775      break;
 776  
 777      case "write_review":
 778      write_review();
 779      break;
 780  
 781      case "preview_review":
 782      preview_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage);
 783      break;
 784  
 785      case ""._YES."":
 786      send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage);
 787      break;
 788  
 789      case "del_review":
 790      del_review($id_del);
 791      break;
 792  
 793      case "mod_review":
 794      mod_review($id);
 795      break;
 796  
 797      case "postcomment":
 798      postcomment($id, $title);
 799      break;
 800  
 801      case "savecomment":
 802      savecomment($xanonpost, $uname, $id, $score, $comments);
 803      break;
 804  
 805      case "del_comment":
 806      del_comment($cid, $id);
 807      break;
 808  
 809      default:
 810      reviews_index();
 811      break;
 812  }
 813  
 814  ?>
Code source de PHP NUKE 7.9

/modules/Reviews/ -> index.php (source)
