<?php /* This program is free software; you can redistribute it and/or modif

1. <?php
2.     /*
3.     This program is free software; you can redistribute it and/or modify
4.     it under the terms of the GNU General Public License as published by
5.     the Free Software Foundation; either version 2 of the License, or
6.     (at your option) any later version.
7.  
8.     This program is distributed in the hope that it will be useful,
9.     but WITHOUT ANY WARRANTY; without even the implied warranty of
10.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11.     GNU General Public License for more details.
12.    
13.     You should have received a copy of the GNU General Public License
14.     along with this program; if not, write to the Free Software
15.     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
16.     */
17.  
18. require_once('../../../wp-config.php');
19. require_once('../../../wp-includes/functions.php');
20.  
21. // CSRF attack protection. Check the Referal field to be the same
22. // domain of the script
23.  
24. $k_id = strip_tags($wpdb->escape($_GET['id']));
25. $k_action = strip_tags($wpdb->escape($_GET['action']));
26. $k_path = strip_tags($wpdb->escape($_GET['path']));
27. $k_imgIndex = strip_tags($wpdb->escape($_GET['imgIndex']));
28.  
29. // prevent SQL injection
30. if (!is_numeric($k_id)) die('error|Query error');
31.  
32. $table_name = $wpdb->prefix . 'comment_rating';
33. $comment_table_name = $wpdb->prefix . 'comments';
34.  
35. if($k_id && $k_action && $k_path) {
36.     //Check to see if the comment id exists and grab the rating
37.     $query = "SELECT * FROM `$table_name` WHERE ck_comment_id = $k_id";
38.     $result = mysql_query($query);
39.  
40.     if(!$result) { die('error|mysql: '.mysql_error()); }
41.    
42.    if(mysql_num_rows($result))
43.     {
44.       $duplicated = 0;  // used as a counter to off set duplicated votes
45.       if($row = @mysql_fetch_assoc($result))
46.       {
47.          // Handle proxy with original IP address
48.          $ip = getenv("HTTP_X_FORWARDED_FOR") ? getenv("HTTP_X_FORWARDED_FOR") : getenv("REMOTE_ADDR");
49.          if(strstr($row['ck_ips'], $ip)) {
50.             // die('error|You have already voted on this item!');
51.             // Just don't count duplicated votes
52.             $duplicated = 1;
53.             $ck_ips = $row['ck_ips'];
54.          }
55.          else {
56.             $ck_ips = $row['ck_ips'] . ',' . $ip; // IPs are separated by ','
57.          }
58.       }
59.        
60.       $total = $row['ck_rating_up'] - $row['ck_rating_down'];
61.       if($k_action == 'add') {
62.          $rating = $row['ck_rating_up'] + 1 - $duplicated;
63.          $direction = 'up';
64.          $total = $total + 1 - $duplicated;
65.       }
66.       elseif($k_action == 'subtract')
67.       {
68.          $rating = $row['ck_rating_down'] + 1 - $duplicated;
69.          $direction = 'down';
70.          $total = $total - 1 + $duplicated;
71.       } else {
72.             die('error|Try again later'); //No action given.
73.       }
74.        
75.       if (!$duplicated)
76.       {
77.          $query = "UPDATE `$table_name` SET ck_rating_$direction = '$rating', ck_ips = '" . $ck_ips  . "' WHERE ck_comment_id = $k_id";
78.          $result = mysql_query($query);
79.          if(!$result)
80.          {
81.             // die('error|query '.$query);
82.             die('error|Query error');
83.          }
84.          
85.          // Now duplicated votes will not
86.          if(!mysql_affected_rows())
87.          {
88.             die('error|affected '. $rating);
89.          }
90.          
91.          $karma_modified = 0;
92.          if (get_option('ckrating_karma_type') == 'likes' && $k_action == 'add') {
93.             $karma_modified = 1; $karma = $rating;
94.          }
95.          if (get_option('ckrating_karma_type') == 'dislikes' && $k_action == 'subtract') {
96.             $karma_modified = 1; $karma = $rating;
97.          }
98.          if (get_option('ckrating_karma_type') == 'both') {
99.             $karma_modified = 1; $karma = $total;
100.          }
101.  
102.          if ($karma_modified) {
103.             $query = "UPDATE `$comment_table_name` SET comment_karma = '$karma' WHERE comment_ID = $k_id";
104.             $result = mysql_query($query);
105.             if(!$result) die('error|Comment Query error');
106.          }
107.  
108.          // Invalidate the W3 cache by triggering the global wordpress action hook for an edited comment
109.          do_action("edit_comment", $k_id);
110.       }
111.    } else {
112.         die('error|Comment doesnt exist'); //Comment id not found in db, something wrong ?
113.    }
114. } else {
115.     die('error|Fatal: html format error');
116. }
117.  
118. // Add the + sign,
119. if ($total > 0) { $total = "+$total"; }
120.  
121. //This sends the data back to the js to process and show on the page
122. // The dummy field will separate out any potential garbage that
123. // WP-superCache may attached to the end of the return.
124. echo("done|$k_id|$rating|$k_path|$direction|$total|$k_imgIndex|dummy");
125. ?>