Guest User

Untitled

a guest
Nov 4th, 2013
225
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. /************************************************************************/
  4. /* PHP-NUKE: Web Portal System */
  5. /* =========================== */
  6. /* */
  7. /* Copyright (c) 2002 by Francisco Burzi */
  8. /* http://phpnuke.org */
  9. /* */
  10. /* This program is free software. You can redistribute it and/or modify */
  11. /* it under the terms of the GNU General Public License as published by */
  12. /* the Free Software Foundation; either version 2 of the License. */
  13. /************************************************************************/
  14.  
  15. if (!defined('CPG_NUKE')) {
  16. die ("You can't access this file directly...");
  17. }
  18.  
  19. require_once("mainfile.php");
  20. $module_name = basename(dirname(__FILE__));
  21. get_lang($module_name);
  22. require_once("includes/nbbcode.php");
  23.  
  24. if (!$rid && !$cid && !$scid) $pagetitle = "- Reviews";
  25. elseif ($cid) {
  26. $cid = intval($cid);
  27. $sql = "SELECT title FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  28. $result = $db->sql_query($sql);
  29. $row = $db->sql_fetchrow($result);
  30. $pagetitle = "- Reviews | " . $row['title'] . "";
  31. } elseif ($rid) {
  32. $rid = intval($rid);
  33. $sql = "SELECT cid, pagename FROM " . $prefix . "_MReviews WHERE rid='$rid'";
  34. $result = $db->sql_query($sql);
  35. $row = $db->sql_fetchrow($result);
  36.  
  37. $sql = "SELECT title FROM " . $prefix . "_MReviews_cats WHERE cid='" . $row[cid] ."'";
  38. $result2 = $db->sql_query($sql);
  39. $row2 = $db->sql_fetchrow($result2);
  40. $pagetitle = "- Reviews | " . $row2['title'] . " | " . $row['pagename'] . "";
  41. } elseif ($scid) {
  42. $scid = intval($scid);
  43. $sql = "SELECT cid, sub_title FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  44. $result = $db->sql_query($sql);
  45. $row = $db->sql_fetchrow($result);
  46.  
  47. $sql = "SELECT title FROM " . $prefix . "_MReviews_cats WHERE cid='".$row[cid]."'";
  48. $result2 = $db->sql_query($sql);
  49. $row2 = $db->sql_fetchrow($result2);
  50. $pagetitle = "- Reviews | " . $row2['title'] ." | " .$row['sub_title'] . "";
  51. }
  52. include("header.php");
  53. // Customization Area Starts
  54. $sql = "SELECT review_image_url, guests_to_post, email_notify, max_results FROM " . $prefix . "_MReviews_conf";
  55. $result3 = $db->sql_query($sql);
  56. $row3 = $db->sql_fetchrow($result3);
  57. $review_image_url = $row3['review_image_url'];
  58. $guests_to_post = $row3['guests_to_post'];
  59. $email_notify = $row3['email_notify'];
  60. $max_results = $row3['max_results'];
  61.  
  62. function alpha($scid)
  63. {
  64. global $module_name, $module_name, $db, $prefix;
  65. $alphabet = array ("A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M",
  66. "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "1", "2", "3", "4", "5", "6", "7", "8", "9", "0");
  67. $num = count($alphabet) - 1;
  68. $scid = intval($scid);
  69.  
  70. echo "<center>[ ";
  71. $counter = 0;
  72. while (list(, $ltr) = each($alphabet)) {
  73. $ltr_num = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_MReviews WHERE (scid='$scid' && UPPER(pagename) LIKE '$ltr%')"));
  74. if ($ltr_num == 0) {
  75. $altr = "$ltr";
  76. } else {
  77. $altr = "<a title=\"$ltr_num Reviews\" href=\"" . getlink("$module_name&amp;op=$ltr&amp;scid=$scid") . "\"><b>$ltr</b></a>";
  78. }
  79. echo "$altr";
  80. if ($counter == round($num / 2)) {
  81. echo " ]\n<br>\n[ ";
  82. } elseif ($counter != $num) {
  83. echo "&nbsp;|&nbsp;\n";
  84. }
  85. $counter++;
  86. }
  87. echo " ]</center><br><br>\n\n\n";
  88. }
  89.  
  90. function display_score($score)
  91. {
  92. $image = "<img src=\"images/MReviews/blue.gif\" alt=\"\">";
  93. $halfimage = "<img src=\"images/MReviews/bluehalf.gif\" alt=\"\">";
  94. $full = "<img src=\"images/MReviews/star.gif\" alt=\"\">";
  95. $notrated = "<img src=\"images/MReviews/NotRated.gif\" alt=\"\">";
  96.  
  97. if ($score == 10) {
  98. echo "<img src=\"images/MReviews/10stars.gif\" alt=\"Top of All\" title=\"Excellent\">";
  99. } else if ($score == 9) {
  100. echo "<img src=\"images/MReviews/9stars.gif\" alt=\"Excellent\" title=\"Excellent\">";
  101. } else if ($score == 8) {
  102. echo "<img src=\"images/MReviews/8stars.gif\" alt=\"Best\" title=\"Best\">";
  103. } else if ($score == 7) {
  104. echo "<img src=\"images/MReviews/7stars.gif\" alt=\"Very Good\" title=\"Very Good\">";
  105. } else if ($score == 6) {
  106. echo "<img src=\"images/MReviews/6stars.gif\" alt=\"Good\" title=\"Good\">";
  107. } else if ($score == 5) {
  108. echo "<img src=\"images/MReviews/5stars.gif\" alt=\"Fair\" title=\"Fair\">";
  109. } else if ($score == 4) {
  110. echo "<img src=\"images/MReviews/4stars.gif\" alt=\"Not Bad\" title=\"Not Bad\">";
  111. } else if ($score == 3) {
  112. echo "<img src=\"images/MReviews/3stars.gif\" alt=\"Bad\" title=\"Bad\">";
  113. } else if ($score == 2) {
  114. echo "<img src=\"images/MReviews/2stars.gif\" alt=\"Worst\" title=\"Worst\">";
  115. } else if ($score == 1) {
  116. echo "<img src=\"images/MReviews/1stars.gif\" alt=\"Worst Of All\" title=\"Worst Of All\">";
  117. } else {
  118. echo "<img src=\"images/MReviews/NotRated.gif\" alt=\"No Score\" title=\"No Score\">";
  119. }
  120. }
  121.  
  122. function preview_review($date, $pagename, $MReview_content, $author, $author_email, $score, $cover, $r_link, $r_link_title, $counter, $rid, $cid, $scid)
  123. {
  124. global $module_name, $prefix, $admin, $db, $sitename, $user, $userinfo, $user_prefix, $module_name, $review_image_url;
  125.  
  126. if (isset($rid)) { $rid = intval($rid); }
  127. if (isset($cid)) { $rid = intval($cid); }
  128. if (isset($scid)) { $rid = intval($scid); }
  129.  
  130. OpenTable();
  131. if (eregi("<!--pagebreak-->", $MReview_content)) {
  132. $MReview_content = ereg_replace("<!--pagebreak-->", "&lt;!--pagebreak--&gt;", $MReview_content);
  133. }
  134. $pagename = stripslashes(check_html($pagename, "nohtml"));
  135. $PReview_content = decode_bbcode($MReview_content);
  136. $MReview_content = stripslashes(check_html($MReview_content, ""));
  137. $author = stripslashes(check_html($author, "nohtml"));
  138. $r_link_title = stripslashes(check_html($r_link_title, "nohtml"));
  139.  
  140. echo "<form method=\"post\" action=\"" . getlink("$module_name") . "\">";
  141.  
  142. if ($pagename == "") {
  143. $error = 1;
  144. echo "" . _INVALIDTITLE . "<br>";
  145. }
  146. if ($MReview_content == "") {
  147. $error = 1;
  148. echo "" . _INVALIDTEXT . "<br>";
  149. }
  150. if (($counter < 0) && ($rid != 0)) {
  151. $error = 1;
  152. echo "" . _INVALIDHITS . "<br>";
  153. }
  154. if ($author == "" || $author_email == "") {
  155. $error = 1;
  156. echo "" . _CHECKNAME . "<br>";
  157. } else if ($author != "" && $author_email != "")
  158. if (!(eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$", $author_email))) {
  159. $error = 1;
  160. /* eregi checks for a valid email! works nicely for me! */
  161. echo "" . _INVALIDEMAIL . "<br>";
  162. }
  163. if (($r_link_title != "" && $r_link == "") || ($r_link_title == "" && $r_link != "")) {
  164. $error = 1;
  165. echo "" . _INVALIDLINK . "<br>";
  166. } else if (($r_link != "") && (!(eregi('(^http[s]*:[/]+)(.*)', $r_link))))
  167. $r_link = "http:" . $r_link;
  168. /* If the user ommited the http, this nifty eregi will add it */
  169. if ($error == 1)
  170. echo "<br>[ " . _GOBACK . " ]";
  171. else {
  172. if ($date == "")
  173. $date = date("Y-m-d", time());
  174. $year2 = substr($date, 0, 4);
  175. $month = substr($date, 5, 2);
  176. $day = substr($date, 8, 2);
  177. $fdate = date("F jS Y", mktime (0, 0, 0, $month, $day, $year2));
  178.  
  179. $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  180. $result = $db->sql_query($sql);
  181. $row = $db->sql_fetchrow($result);
  182.  
  183. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  184. $result2 = $db->sql_query($sql);
  185. $row2 = $db->sql_fetchrow($result2);
  186. echo "<table border=\"0\" width=\"100%\"><tr><td colspan=\"2\">";
  187. echo "<p><font class=\"title\"><i><b>$pagename</b></i></font><br>";
  188. echo "<blockquote><p>";
  189. if ($cover != "")
  190. echo "<img src=\"$review_image_url/$cover\" align=\"right\" border=\"1\" vspace=\"2\" alt=\"\">";
  191. $PReview_content = nl2br($PReview_content);
  192. echo "$PReview_content<p>";
  193. echo "<b>" . _ADDED . ":</b> $fdate<br>";
  194. echo "<b>" . _AUTHOR . ":</b> <a href=\"mailto:$author_email\">$author</a><br>";
  195. echo "<b>" . _SCORE . ":</b> ";
  196. display_score($score);
  197. if ($r_link != "")
  198. echo "<br><b>" . _RLINK . ":</b> <a href=\"$r_link\" target=\"new\">$r_link_title</a>";
  199. if ($rid != 0) {
  200. echo "<br><b>" . _REVIEWID . ":</b> $rid<br>";
  201. echo "<b>" . _HITS . ":</b> $counter<br>";
  202. }
  203. echo "<br><b>" . _CATEGORY . ":</b> " . $row2['title'] ."<br>";
  204. echo "<br><b>" . _SUBCATEGORY . ":</b> " . $row['sub_title'] . "<br>";
  205. echo "</font></blockquote>";
  206. echo "</td></tr></table>";
  207. echo "<p><i>" . _LOOKSRIGHT . "</i><br>";
  208. $PReview_content = urlencode($PReview_content);
  209. echo "<input type=\"hidden\" name=\"rid\" value=$rid>
  210. <input type=\"hidden\" name=\"cid\" value=$cid>
  211. <input type=\"hidden\" name=\"scid\" value=$scid>
  212. <input type=\"hidden\" name=\"counter\" value=\"$counter\">
  213. <input type=\"hidden\" name=\"op\" value=\"send_MReview\">
  214. <input type=\"hidden\" name=\"date\" value=\"$date\">
  215. <input type=\"hidden\" name=\"pagename\" value=\"$pagename\">";
  216. echo "<input type=\"hidden\" name=\"MReview_content\" value=\"$MReview_content\">
  217. <input type=\"hidden\" name=\"author\" value=\"$author\">
  218. <input type=\"hidden\" name=\"author_email\" value=\"$author_email\">
  219. <input type=\"hidden\" name=\"score\" value=\"$score\">
  220. <input type=\"hidden\" name=\"r_link\" value=\"$r_link\">
  221. <input type=\"hidden\" name=\"r_link_title\" value=\"$r_link_title\">";
  222. if (is_admin($admin)) {
  223. echo "<input type=\"hidden\" name=\"cover\" value=\"$cover\">";
  224. }
  225. echo "<input type=\"submit\" value=\"" . _YES . "\"> <a href=\"#No\">[ " . _NO . " ]</a></form>";
  226. if ($rid != 0)
  227. $word = "" . _RMODIFIED . "";
  228. else
  229. $word = "" . _RADDED . "";
  230. if (is_admin($admin))
  231. echo "<br><br><b>" . _NOTE . ":</b> " . _ADMINLOGGED . " $word.";
  232.  
  233. CloseTable();
  234. echo "<br><br><br><br><br>";
  235.  
  236. OpenTable();
  237. echo "<a name=No></a><center><h1>Modification</h1></centeR>";
  238. echo "<form action=\"" . getlink($module_name) . "\" method=POST>";
  239. echo "<input type=\"hidden\" name=\"op\" value=\"preview_review\">";
  240. echo "<b>" . _REVIEWNAME . ":</b><br> <input type=\"text\" name=\"pagename\" value=\"$pagename\"><br><i>" . _NAMEPRODUCT . "</i><br><br>";
  241. echo "<b>" . _CATEGORY . ":</b> ";
  242.  
  243. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats";
  244. $result = $db->sql_query($sql);
  245. $row = $db->sql_fetchrow($result);
  246. echo "<input name=\"cid\" value=\"".$row['cid']."\" type=\"hidden\"><b>".$row['title']."</b>";
  247. echo "<br><i>" . _PRODUCTCAT . "</i><Br><br>";
  248.  
  249. echo "<b>" . _SUBCATEGORY . ":</b><br> <select name=\"scid\">";
  250.  
  251. $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE cid='$cid'";
  252. $result2 = $db->sql_query($sql);
  253. while ($row2 = $db->sql_fetchrow($result2)) {
  254. if ($row2[scid] == $scid) {
  255. $sel = "selected";
  256. }
  257. echo "<option value=\"".$row2['scid']."\" $sel>".$row2['sub_title']."</option>";
  258. $sel = "";
  259. }
  260. echo "</select><br><i>" . _PRODUCTSUBCAT . "</i><Br><br>";
  261. echo " <b>" . _YOURNAME . ":</b><br>";
  262.  
  263. if (is_user($user)) {
  264. $sql = "SELECT name, user_email FROM " . $user_prefix . "_users WHERE username='" . $userinfo['username'] . "'";
  265. $result2 = $db->sql_query($sql);
  266. $row2 = $db->sql_fetchrow($result2);
  267. }
  268. echo "<input value=\"$author\" type=\"text\" name=\"author\" size=\"41\" maxlength=\"40\" value=\"".$row2['name']."\"><br>
  269. <i>" . _FULLNAMEREQ . "</i><br><br>
  270. <b>" . _REMAIL . ":</b><br>
  271. <input type=\"text\" value=\"$author_email\" name=\"author_email\" size=\"40\" maxlength=\"80\" value=\"".$row2['user_email']."\"><br>
  272. <i>" . _REMAILREQ . "</i><br><br>";
  273. echo "<b>" . _REVIEW . ":</b><br> <textarea name=\"MReview_content\" rows=\"15\" cols=\"60\" class=\"post\">$MReview_content</textarea><br><i>" . _CHECKREVIEW . "</i><br><br>";
  274. echo"<b>" . _SCORE . ":</b>
  275. <select name=\"score\">
  276. <option name=\"score\" value=\"10\">10</option>
  277. <option name=\"score\" value=\"9\">9</option>
  278. <option name=\"score\" value=\"8\">8</option>
  279. <option name=\"score\" value=\"7\">7</option>
  280. <option name=\"score\" value=\"6\">6</option>
  281. <option name=\"score\" value=\"5\">5</option>
  282. <option name=\"score\" value=\"4\">4</option>
  283. <option name=\"score\" value=\"3\">3</option>
  284. <option name=\"score\" value=\"2\">2</option>
  285. <option name=\"score\" value=\"1\">1</option>
  286. </select><br>
  287. <i>" . _SELECTSCORE . "</i><br><br>";
  288. if (is_admin($admin)) {
  289. echo "<b>" . _COVERIMAGE . ":</b><br> <input value=\"$cover\" type=\"text\" name=\"cover\"><br>";
  290. echo "<i>" . _RIMAGEFILEREQ . "</i><br><br>";
  291. }
  292. echo "<b>" . _RLINK . ":</b><br> <input type=\"text\" value=\"$r_link\" name=\"r_link\"><br>";
  293. echo "<i>" . _PRODUCTSITE . "</i><br><br>";
  294. echo "<b>" . _RLINKTITLE . "</b>:<br> <input type=\"text\" value=\"$r_link_title\" name=\"r_link_title\"><br>";
  295. echo "<i>" . _LINKTITLEREQ . "</i><br><br>";
  296. echo "<input type=\"submit\" value=\"" . _PREMODS . "\">";
  297. echo "</form>";
  298. CloseTable();
  299. }
  300. }
  301.  
  302. function show_cats()
  303. {
  304. global $module_name, $prefix, $db, $bgcolor3;
  305.  
  306. OpenTable();
  307. echo "<center><font class=\"title\">" . _RWELCOME . " <br></font><font class=small>" . _VCATEGORIES . "</font></center>";
  308.  
  309. echo "<br><table width=100% border=0 cellspacing=1 bgcolor=$textcolor1>";
  310. function chopSent($varb, $num)
  311. {
  312. $dNum = intval($num);
  313. if (strlen($varb) > $dNum) {
  314. $nVarb = substr($varb, 0, $dNum);
  315. $nVarb .= "...";
  316. } elseif (strlen($varb) < $dNum) {
  317. $nVarb = $varb;
  318. }
  319. return $nVarb;
  320. }
  321. // Usage of function
  322. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats";
  323. $result = $db->sql_query($sql);
  324. $count = 0;
  325.  
  326. while ($row = $db->sql_fetchrow($result)) {
  327. if ($count == 2) {
  328. echo "<tr>";
  329. $count = 0;
  330. }
  331. echo "<td width=50% align=left><a class='cattitle' href=\"" . getlink("$module_name&amp;op=list_sub_cats&amp;cid=".$row['cid']."") . "\"><b>".$row['title']."</b></a>&not;<br>";
  332. $sql2 = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE cid='".$row['cid']."' LIMIT 3";
  333. $result2 = $db->sql_query($sql2);
  334. while ($row2 = $db->sql_fetchrow($result2)) {
  335. $theSent = $row2[sub_title];
  336. $theSent = chopSent($theSent, 450);
  337. $subcats = "<a href='" . getlink("$module_name&amp;op=list_revs&amp;cid=".$row['cid']."&amp;scid=".$row2['scid']."") . "'>$theSent</a>,";
  338. echo " $subcats";
  339. }
  340. echo "...";
  341. echo "</td>";
  342. $count++;
  343. if ($count == 2) {
  344. echo "</tr>";
  345. echo "<tr><td colspan=2 height=10></td></tr>";
  346. }
  347. echo "</td>";
  348. }
  349. echo "</table>";
  350. //Added by Mike Allen on 7/14/04
  351. echo "<br>";
  352. $uid = intval($uid);
  353. $sql3 = "SELECT * FROM " . $prefix . "_MReviews_upcoming";
  354. $result3 = $db->sql_query($sql3);
  355. if ($db->sql_numrows($result3)) {
  356. echo "<center><font class=\"title\">Upcoming Reviews</font><br>";
  357. while($row3= $db->sql_fetchrow($result3)){
  358. echo "<font color=red class=medium>" . $row3['text'] . "</font><br>";
  359. }
  360. }
  361. CloseTable();
  362. //End Add
  363. }
  364.  
  365. function list_sub_cats($cid)
  366. {
  367. global $module_name, $prefix, $db, $admin, $sitename, $bgcolor4, $bgcolor2, $bgcolor3, $bgcolor1, $textcolor1, $max_results;
  368.  
  369. $cid = intval($cid);
  370. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  371. $result = $db->sql_query($sql);
  372. $row = $db->sql_fetchrow($result);
  373.  
  374. OpenTable();
  375. echo "<centeR>"
  376. . "<font class=\"title\"><i>".$row['title']."</i> " . _REVIEWS . "</font><br>"
  377. . "<font class=\"content\">".$row['description']."</font><br><hr><br>";
  378. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  379. $result = $db->sql_query($sql);
  380. $row = $db->sql_fetchrow($result);
  381. echo "<center><a name=\"#AllReviews\"></a>" . _LISTINGALLSUBCATSIN . " <i><b>".$row['title']."</b></i> " . _CATEGORY . "<br></center>";
  382.  
  383. echo "<table bgcolor=\"$textcolor1\" name=TopReviews width=\"100%\" cellpadding=2 cellspacing=1>";
  384. echo "<tr>
  385. <td bgcolor=\"$bgcolor2\" align=center valign=top width=35%><b>" . _SUBCATTITLE . "</b></td>
  386. <td bgcolor=\"$bgcolor2\" align=center valign=top width=20%><b>" . _TOTALREVIEW . "</b></td>
  387. <td bgcolor=\"$bgcolor2\" align=center valign=top width=23%><b>" . _LATESTADDED . "</b></td>
  388. <td bgcolor=\"$bgcolor2\" align=center valign=top width=8%><b>" . _HITS . "</b></td>";
  389.  
  390. if (is_admin($admin)) {
  391. echo "<td bgcolor=\"$bgcolor2\" width=10%><b>" . _ADMIN . "</b></td>\n";
  392. }
  393. echo "</tr>";
  394.  
  395. $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE cid='".$row['cid']."' ORDER BY sub_title DESC";
  396. $result2 = $db->sql_query($sql);
  397. while ($row2 = $db->sql_fetchrow($result2)) {
  398. $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='".$row2['scid']."' ORDER BY pagename DESC LIMIT 1";
  399. $result3 = $db->sql_query($sql);
  400. $row3 = $db->sql_fetchrow($result3);
  401. if ($row3[pagename] == '') {
  402. $latest = "N/A";
  403. } else {
  404. $latest = "<a href=\"" . getlink("$module_name&amp;op=show&amp;rid=".$row3['rid']."") . "\">".$row3['pagename']."</a>";
  405. }
  406. $arrow = "<img src='modules/Topics/images/arrow.gif' border='0' alt='' title=''>&nbsp;&nbsp;";
  407.  
  408. $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='".$row2['scid']."'";
  409. $result4 = $db->sql_query($sql);
  410.  
  411. $total = $db->sql_numrows($result4);
  412. echo "<tr>\n
  413. <td width=35% bgcolor=\"$bgcolor1\">$arrow<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=".$row2['scid']."") . "\">".$row2['sub_title']."</A></td>\n
  414. <td width=20% bgcolor=\"$bgcolor1\" align=center><b>$total</b> " . _REVIEWS . "</td>\n
  415. <td width=23% bgcolor=\"$bgcolor1\" align=center>$latest</td>\n
  416. <td bgcolor=\"$bgcolor1\" width=8% align=center><b>".$row2['counter']."</b></td>";
  417. if (is_admin($admin)) {
  418. echo "<td bgcolor=\"$bgcolor1\" width=10%><a href=\"admin.php?op=modMRevSubCat&scid=".$row2['scid']."\">E</a> | <a href=\"admin.php?op=delMRevSubCat&scid=".$row2[scid]."\">D</a></td>\n";
  419. }
  420.  
  421. echo "</tr>";
  422. }
  423. echo "</td></tr></table><br>";
  424. echo "</center>";
  425.  
  426. CloseTable();
  427. }
  428.  
  429. function list_revs($scid, $orderby, $page)
  430. {
  431. global $module_name, $prefix, $db, $admin, $sitename, $bgcolor4, $bgcolor2, $bgcolor3, $bgcolor1, $textcolor1, $max_results;
  432. $scid = intval($scid);
  433. $max_results = intval($max_results);
  434. $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  435. $result0 = $db->sql_query($sql);
  436. $row0 = $db->sql_fetchrow($result0);
  437.  
  438. if (!$page) {
  439. $page = "1";
  440. }
  441.  
  442. OpenTable();
  443. echo "<centeR>"
  444. . "<font class=\"title\">" . _WELCOMETO . " $sitename <i><b>".$row0['sub_title']."</b></i> " . _REVIEWS . "</font><br>"
  445. . "<font class=\"content\">".$row0['sub_description']."</font><br><br>";
  446.  
  447. alpha($scid);
  448.  
  449. echo "[ <a href=\"" . getlink("$module_name&amp;op=write_MReview&amp;cid=".$row0['cid']."") . "\">" . _WRITEREVIEW . "</a> ] "
  450. . "[ <a href=\"" . getlink("$module_name#AllReviews") . "\">" . _ALLREVIEWS . "</a> ] "
  451. . "</center>";
  452.  
  453. echo "<br><br>";
  454. echo "<table name=Table1 width=\"100%\" name=MainTable cellspacing=1 cellpadding=2>\n";
  455. echo "<tr><td width=50% name=TopReviewsColoumn>";
  456.  
  457. echo "<table bgcolor=\"$textcolor1\" name=TopReviews width=\"100%\" cellpadding=2 cellspacing=1>";
  458. echo "<tr><td bgcolor=\"$bgcolor2\" valign=top width=100%><b>" . _10MOSTPOP . "</b></td></tr>";
  459. $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='$scid' ORDER BY counter DESC LIMIT 10";
  460. $result = $db->sql_query($sql);
  461. while ($row = $db->sql_fetchrow($result)) {
  462. echo "<tr>\n<td width=100% bgcolor=\"$bgcolor1\"><a href=\"" . getlink("$module_name&amp;op=show&amp;rid=".$row['rid']."") . "\">".$row['pagename']."</A></td></tr>";
  463. }
  464. echo "</table name=TopReviews>\n\n";
  465.  
  466. echo "</td><td width=50% name=LatestReviewsColoumn>\n";
  467.  
  468. echo "<table bgcolor=\"$textcolor1\" name=LatestReviews width=\"100%\" cellpadding=2 cellspacing=1>\n";
  469. echo "<tr><td bgcolor=\"$bgcolor2\" valign=top width=100%><b>" . _10MOSTREC . "</b></td></tr>\n";
  470. $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='$scid' ORDER BY date DESC LIMIT 10";
  471. $result2 = $db->sql_query($sql);
  472. while ($row2 = $db->sql_fetchrow($result2)) {
  473. echo "<tr>\n<td width=100% bgcolor=\"$bgcolor1\"><a href=\"" . getlink("$module_name&amp;op=show&amp;rid=".$row2['rid']."") . "\">".$row2['pagename']."</A></td></tr>";
  474. }
  475. echo "</table name=LatestReviews>\n";
  476. echo "</td></tr>";
  477. $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='$scid'";
  478. $result3 = $db->sql_query($sql);
  479. $numresults = $db->sql_numrows($result3);
  480. echo "<tr><td colspan=\"2\"><center>" . _THEREARE . " $numresults " . _REVIEWSINDB . "</center><br></td></tr>";
  481. echo "<form action=\"" . getlink("Search") . "\" method=\"post\"><input type=\"hidden\" name=\"type\" value=\"reviews\">";
  482. echo "<tr><td colspan=\"2\"><center>Query: <input type=\"text\" name=\"query\" size=\"15\"> <input type=\"submit\" value=\"Search\"></form></center></td></tr>";
  483.  
  484. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='".$row0['cid']."'";
  485. $result4 = $db->sql_query($sql);
  486. $row4 = $db->sql_fetchrow($result4);
  487.  
  488. echo "<tr><td colspan=\"2\"><center><a href=\"" . getlink("$module_name") . "\">" . _RBACK . "</a> | " . _BACKTO . " <a href=\"" . getlink("$module_name&amp;op=list_sub_cats&amp;cid=".$row0['cid']."") . "\">".$row4['title']."</a> Index</center></td></tr>";
  489. echo "</table name=MainTable>\n";
  490. CloseTable();
  491. echo "<br>";
  492. echo "<br>";
  493. OpenTable();
  494. $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  495. $result = $db->sql_query($sql);
  496. $row = $db->sql_fetchrow($result);
  497. echo "<center><font class=\"title\"><a name=\"#AllReviews\"></a>" . _LISTINGALLREVIEWSIN . " <i>".$row['sub_title']."</i> " . _CATEGORY . "</font><br>";
  498.  
  499. $orderbyText = "";
  500. if ($orderby == "titleA") $orderbyText = "" . _TITLEA2Z . "";
  501. if ($orderby == "titleD") $orderbyText = "" . _TITLEZ2A . "";
  502. if ($orderby == "HitsA") $orderbyText = "" . _POPULARITY1 . "";
  503. if ($orderby == "HitsD") $orderbyText = "" . _POPULARITY2 . "";
  504. if ($orderby == "DateA") $orderbyText = "" . _DATE1 . "";
  505. if ($orderby == "DateD") $orderbyText = "" . _DATE2 . "";
  506. if ($orderby == "ScoreA") $orderbyText = "" . _RATING1 . "";
  507. if ($orderby == "ScoreD") $orderbyText = "" . _RATING2 . "";
  508.  
  509. echo "<font class=gensmall>
  510. " . _SORTREVIEWSBY . "
  511. Title (<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=titleA#AllReviews") . "\">A</a>
  512. <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=titleD#AllReviews") . "\">D</a>)
  513.  
  514. Date (<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=DateA#AllReviews") . "\">A</a>
  515. <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=DateD#AllReviews") . "\">D</a>)
  516.  
  517. Rating (<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=ScoreA#AllReviews") . "\">A</a>
  518. <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=ScoreD#AllReviews") . "\">D</a>)
  519.  
  520. Popularity (<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=HitsA#AllReviews") . "\">A</a>
  521. <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=HitsD#AllReviews") . "\">D</a>)
  522. <br>";
  523.  
  524. if ($orderby != "")
  525. echo "" . _REVIEWSCURSORTEDBY . "$orderbyText";
  526.  
  527. echo "</font></center><br><br>";
  528.  
  529. echo "<table bgcolor=\"$textcolor1\" name=TopReviews width=\"100%\" cellpadding=2 cellspacing=1>";
  530. echo "<tr>
  531. <td bgcolor=\"$bgcolor2\" align=center valign=top width=35%><b>" . _REVIEWSNAME . "</b></td>
  532. <td bgcolor=\"$bgcolor2\" align=center valign=top width=20%><b>" . _AUTHOR . "</b></td>
  533. <td bgcolor=\"$bgcolor2\" align=center valign=top width=23%><b>" . _DATE . "</b></td>
  534. <td bgcolor=\"$bgcolor2\" align=center valign=top width=8%><b>" . _SCORE . "</b></td>
  535. <td bgcolor=\"$bgcolor2\" align=center valign=top width=5%><b>" . _HITS . "</b></td>";
  536.  
  537. if (is_admin($admin)) {
  538. echo "<td bgcolor=\"$bgcolor2\" width=10%><b>" . _ADMIN . "</b></td>\n";
  539. }
  540. echo "</tr>";
  541.  
  542. $orderbySQL = "";
  543. if ($orderby == "titleA") $orderbySQL = "pagename ASC";
  544. if ($orderby == "titleD") $orderbySQL = "pagename DESC";
  545. if ($orderby == "HitsA") $orderbySQL = "counter ASC";
  546. if ($orderby == "HitsD") $orderbySQL = "counter DESC";
  547. if ($orderby == "DateA") $orderbySQL = "date ASC";
  548. if ($orderby == "DateD") $orderbySQL = "date DESC";
  549. if ($orderby == "ScoreA") $orderbySQL = "score ASC";
  550. if ($orderby == "ScoreD") $orderbySQL = "score DESC";
  551. if ($orderby == "") $orderbySQL = "pagename";
  552.  
  553. $from = (($page * $max_results) - $max_results);
  554. $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='".$row[scid]."' ORDER BY $orderbySQL LIMIT $from, $max_results";
  555. $result2 = $db->sql_query($sql);
  556. while ($row2 = $db->sql_fetchrow($result2)) {
  557. $date = $row2["date"];
  558. $year = substr($date, 0, 4);
  559. $month = substr($date, 5, 2);
  560. $day = substr($date, 8, 2);
  561. $fdate = date("F jS Y", mktime (0, 0, 0, $month, $day, $year));
  562.  
  563. $arrow = "<img src='modules/Topics/images/arrow.gif' border='0' alt='' title=''>&nbsp;&nbsp;";
  564. $score = "$row2[score]";
  565. echo "<tr>\n
  566. <td width=35% bgcolor=\"$bgcolor1\">$arrow<a href=\"" . getlink("$module_name&amp;op=show&rid=".$row2['rid']."") . "\">".$row2['pagename']."</A></td>\n
  567. <td width=20% align=center bgcolor=\"$bgcolor1\"><a href=\"mailto:".$row2['author_email']."\">".$row2['author']."</A></td>\n
  568. <td width=17% align=center bgcolor=\"$bgcolor1\">$fdate</td>\n
  569. <td width=8% align=center bgcolor=\"$bgcolor1\">";
  570. display_score($score);
  571. echo "</td>\n
  572. <td align=center bgcolor=\"$bgcolor1\" width=5%>".$row2['counter']."</td>";
  573. if (is_admin($admin)) {
  574. echo "<td bgcolor=\"$bgcolor1\" width=10%><a href=\"admin.php?op=modMRevpage&rid=".$row2['rid']."\">E</a> | <a href=\"admin.php?op=delMRevconfirm&rid=".$row2['rid']."\">D</a></td>\n";
  575. }
  576.  
  577. echo "</tr>";
  578. }
  579. echo "</td></tr></table><br>";
  580. // Figure out the total number of results in DB:
  581. $sql = "SELECT COUNT(*) AS Num FROM " . $prefix . "_MReviews WHERE scid='$scid'";
  582. $result = $db->sql_query($sql);
  583. $row = $db->sql_fetchrow($result);
  584. $total_results = $row['Num'];
  585. // Figure out the total number of pages. Always round up using ceil()
  586. $total_pages = ceil($total_results / $max_results);
  587. // Build Page Number Hyperlinks
  588. echo "<center>Select a Page<br />";
  589. // Build Previous Link
  590. if ($page > 1) {
  591. $prev = ($page - 1);
  592. echo "« <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;page=$prev") . "\">Previous</a>&nbsp;|&nbsp;";
  593. }
  594.  
  595. for($i = 1; $i <= $total_pages; $i++) {
  596. if (($page) == $i) {
  597. echo "$i&nbsp;|&nbsp;";
  598. } else {
  599. echo "<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=$orderby&amp;page=$i") . "\">$i</a>&nbsp;|&nbsp;";
  600. }
  601. }
  602. // Build Next Link
  603. if ($page < $total_pages) {
  604. $next = ($page + 1);
  605. echo "<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=$orderby&amp;page=$next") . "\">Next</a> »";
  606. }
  607. echo "</center>";
  608.  
  609. $updatecounter = "UPDATE " . $prefix . "_MReviews_sub_cats SET counter=counter+1 WHERE scid='$scid'";
  610. $db->sql_query($updatecounter);
  611.  
  612. CloseTable();
  613. }
  614.  
  615. function show($rid, $cid, $page)
  616. {
  617. global $module_name, $prefix, $db, $admin, $prefix, $review_image_url;
  618. OpenTable();
  619.  
  620. $rid = intval($rid);
  621. $cid = intval($cid);
  622. $page = intval($page);
  623.  
  624.  
  625. $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE rid='$rid'";
  626. $result = $db->sql_query($sql);
  627. $row = $db->sql_fetchrow($result);
  628. $row['content'] = decode_bbcode($row['content']);
  629.  
  630. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='".$row['cid']."'";
  631. $result2 = $db->sql_query($sql);
  632. $row2 = $db->sql_fetchrow($result2);
  633.  
  634. $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='".$row['scid']."'";
  635. $result3 = $db->sql_query($sql);
  636. $row3 = $db->sql_fetchrow($result3);
  637.  
  638. $date = $row["date"];
  639. $year = substr($date, 0, 4);
  640. $month = substr($date, 5, 2);
  641. $day = substr($date, 8, 2);
  642. $fdate = date("F jS Y", mktime (0, 0, 0, $month, $day, $year));
  643. $score = $row["score"];
  644. $content = $row["content"];
  645. $content = decode_bbcode(nl2br($content));
  646. $contentpages = explode("&lt;!--pagebreak--&gt;", $content);
  647. $pageno = count($contentpages);
  648. if ($page == "" || $page < 1)
  649. $page = 1;
  650. if ($page > $pageno)
  651. $page = $pageno;
  652. $arrayelement = (int)$page;
  653. $arrayelement --;
  654. echo "<font class=title>
  655. <i>".$row['pagename']."</i><br>\n</font>";
  656.  
  657. echo "<Br>";
  658. echo "<blockquote><p align=justify>";
  659. if ($row[cover] != "")
  660. echo "<img src=\"$review_image_url/".$row['cover']."\" align=\"right\" border=1 vspace=\"2\" alt=\"\">";
  661. echo $contentpages[$arrayelement];
  662. echo "</blockquote></p>";
  663. echo "<br><Br>";
  664. echo "<hr>";
  665. echo "<font class=gensmall>";
  666. if (is_admin($admin))
  667. echo "<b>Admin:</b> <a href=\"admin.php?op=modMRevpage&rid=$rid\">Edit</a> | <a href=\"admin.php?op=delMRevconfirm&rid=$rid\">Delete</a><br>";
  668. echo "<b>" . _SORTTITLE . ":</b> $row[pagename]<br>\n
  669. <b>" . _CATEGORY . ":</b> <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;cid=".$row2['cid']."") . "\">".$row2['title']."</a></b><br>\n
  670. <b>" . _SUBCATEGORY . ":</b> <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;cid=".$row2['cid']."&amp;orderby=sub_catA") . "\">".$row3['sub_title']."</a></b><br>\n
  671. <b>" . _AUTHOR . ":</b> <a href=\"mailto:".$row['author_email']."\">".$row['author']."</a><br>\n";
  672. if ($row['r_link'] != "")
  673. echo "<b>" . _RELATEDLINK . ":</b> <a href=\"".$row['r_link']."\">".$row['r_link_title']."</a><br>\n";
  674. echo "<b>" . _ADDED . ":</b> $fdate<br>\n
  675. <b>" . _HITS . ":</b> ".$row['counter']." Times<br>\n
  676. <b>" . _SCORE . ":</b>";
  677. display_score($score);
  678. if ($pageno > 1) {
  679. echo "<br><b>" . _PAGE . ":</b> $page/$pageno<br>";
  680. }
  681. echo "<br><b>" . _OPTIONS . ":</b> <a href=\"" . getlink("$module_name&amp;file=friend&amp;op=FriendSend&amp;rid=$rid") . "\"><img src=\"images/friend.gif\" border=\"0\" alt=\"" . _SENDTOFRIEND . "\" title=\"" . _SENDTOFRIEND . "\" width=\"16\" height=\"11\"></a>\n&nbsp;<a href=\"" . getlink("$module_name&amp;file=print&amp;op=PrintPage&amp;rid=$rid") . "\"><img src=\"images/print.gif\" border=\"0\" alt=\"" . _PRINTREVIEW . "\" title=\"" . _PRINTREVIEW . "\" width=\"16\" height=\"11\"></a>";
  682. echo "<Br>";
  683. echo "<center>";
  684. if ($page >= $pageno) {
  685. $next_page = "";
  686. } else {
  687. $next_pagenumber = $page + 1;
  688. if ($page != 1) {
  689. $next_page .= "<img src=\"images/blackpixel.gif\" width=\"10\" height=\"2\" border=\"0\" alt=\"\"> &nbsp;&nbsp; ";
  690. }
  691. $next_page .= "<a href=\"" . getlink("$module_name&amp;op=show&amp;rid=$rid&amp;page=$next_pagenumber") . "\">" . _NEXT . " ($next_pagenumber/$pageno)</a> <a href=\"" . getlink("$module_name&amp;op=show&amp;rid=$rid&amp;page=$next_pagenumber") . "\"><img src=\"images/download/right.gif\" border=\"0\" alt=\"" . _NEXT . "\"></a>";
  692. }
  693. if ($page <= 1) {
  694. $previous_page = "";
  695. } else {
  696. $previous_pagenumber = $page - 1;
  697. $previous_page = "<a href=\"" . getlink("$module_name&amp;op=show&amp;rid=$rid&amp;page=$previous_pagenumber") . "\"><img src=\"images/download/left.gif\" border=\"0\" alt=\"" . _PREVIOUS . "\"></a> <a href=\"" . getlink("$module_nameamp;op=show&amp;rid=$rid&amp;page=$previous_pagenumber") . "\">" . _PREVIOUS . " ($previous_pagenumber/$pageno)</a>";
  698. }
  699. echo "<center>"
  700. . "$previous_page &nbsp;&nbsp; $next_page<br><br>";
  701.  
  702. echo "[ <a href=\"" . getlink("$module_name") . "\">" . _RBACK . "</a> | "
  703. . "<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;cid=$row[cid]") . "\">" . _BACKTO . " $row2[title] " . _INDEX . "</a> | "
  704. . "<a href=\"" . getlink("$module_name&amp;op=postcomment&amp;rid=$rid") . "\">" . _REPLYMAIN . "</a> ]";
  705. echo "<br>";
  706. CloseTable();
  707. echo "<Br>";
  708. mr_comments($rid, $pagename);
  709.  
  710. $updatecounter = "UPDATE " . $prefix . "_MReviews SET counter=counter+1 WHERE rid='$rid'";
  711. $db->sql_query($updatecounter);
  712. }
  713.  
  714. function write_MReview($cid)
  715. {
  716. global $module_name, $prefix, $guests_to_post, $admin, $db, $sitename, $user, $userinfo, $user_prefix, $module_name;
  717. $cid = intval($cid);
  718.  
  719. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  720. $guests_result = $db->sql_query($sql);
  721. $guest_row = $db->sql_fetchrow($guests_result);
  722. $guests = $guest_row['guests'];
  723. if ($guests_to_post == 'yes') {
  724. write_MReview_guests($cid);
  725. } elseif (($guests == "no") && (!is_user($user))) {
  726. OpenTable();
  727. echo "" . _GUESTCANTPOST . "<br><br>" . _GOBACK . "";
  728. CloseTable();
  729. } else {
  730. write_MReview_guests($cid);
  731. }
  732. }
  733. function write_MReview_guests($cid)
  734. {
  735. global $module_name, $prefix, $guests_to_post, $admin, $db, $sitename, $user, $userinfo, $user_prefix, $module_name;
  736. $cid = intval($cid);
  737. OpenTable();
  738.  
  739. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  740. $result = $db->sql_query($sql);
  741. $row = $db->sql_fetchrow($result);
  742.  
  743. echo "<form action=\"" . getlink("$module_name") . "\" method=POST>";
  744. echo "<input type=\"hidden\" name=\"op\" value=\"preview_review\">";
  745. echo "<font class=\"title\">" . _WRITEREVIEWFOR . " $sitename in ";
  746. echo "<input type=\"hidden\" name=\"cid\" value=\"$cid\"><i>".$row['title']."</i></b> " . _CATEGORY . "</font>";
  747. echo "<br><i>" . _ENTERINFO . "</i><br><br>";
  748. echo "<b>" . _REVIEWNAME . ":</b><br> <input type=\"text\" name=\"pagename\"><br><i>" . _NAMEPRODUCT . "</i><br><br>";
  749.  
  750. echo "<b>" . _SUBCATEGORY . ":</b><br> <select name=\"scid\">";
  751.  
  752. $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE cid='$cid'";
  753. $result2 = $db->sql_query($sql);
  754. while ($row2 = $db->sql_fetchrow($result2)) {
  755. echo "<option value=\"".$row2['scid']."\">".$row2['sub_title']."</option>";
  756. }
  757. echo "</select><br><i>" . _PRODUCTSUBCAT . "<Br><br>";
  758.  
  759. echo " <b>" . _YOURNAME . ":</b><br>";
  760.  
  761. if (is_user($user)) {
  762. $sql = "SELECT name, user_email FROM " . $user_prefix . "_users WHERE username='".$userinfo['username']."'";
  763. $result2 = $db->sql_query($sql);
  764. $row2 = $db->sql_fetchrow($result2);
  765. }
  766. echo "<input type=\"text\" name=\"author\" size=\"41\" maxlength=\"40\" value=\"".$row2['name']."\"><br>
  767. <i>" . _FULLNAMEREQ . "</i><br><br>
  768. <b>" . _REMAIL . ":</b><br>
  769. <input type=\"text\" name=\"author_email\" size=\"40\" maxlength=\"80\" value=\"".$row2['user_email']."\"><br>
  770. <i>" . _REMAILREQ . "</i><br><br>";
  771.  
  772. echo "<b>" . _REVIEW . ":</b><br> <textarea name=\"MReview_content\" rows=\"15\" cols=\"60\" class=\"post\"></textarea><br><i>" . _CHECKREVIEW . "</i><br><br>";
  773. echo"<b>" . _SCORE . ":</b>
  774. <select name=\"score\">
  775. <option name=\"score\" value=\"10\">10</option>
  776. <option name=\"score\" value=\"9\">9</option>
  777. <option name=\"score\" value=\"8\">8</option>
  778. <option name=\"score\" value=\"7\">7</option>
  779. <option name=\"score\" value=\"6\">6</option>
  780. <option name=\"score\" value=\"5\">5</option>
  781. <option name=\"score\" value=\"4\">4</option>
  782. <option name=\"score\" value=\"3\">3</option>
  783. <option name=\"score\" value=\"2\">2</option>
  784. <option name=\"score\" value=\"1\">1</option>
  785. </select><br>
  786. <i>" . _SELECTSCORE . "</i><br><br>";
  787. if (is_admin($admin)) {
  788. echo "<b>" . _COVERIMAGE . ":</b><br> <input type=\"text\" name=\"cover\"><br>";
  789. echo "<i>" . _RIMAGEFILEREQ . "</i><br><br>";
  790. }
  791. echo "<b>" . _RLINK . ":</b><br> <input type=\"text\" name=\"r_link\"><br>";
  792. echo "<i>" . _PRODUCTSITE . "</i><br><br>";
  793. echo "<b>" . _RLINKTITLE . "</b>:<br> <input type=\"text\" name=\"r_link_title\"><br>";
  794. echo "<i>" . _LINKTITLEREQ . "</i><br><br>";
  795. echo "<input type=\"submit\" value=\"" . _PREVIEW . "\">";
  796. echo "</form>";
  797. CloseTable();
  798. }
  799.  
  800. function send_MReview($cid, $scid, $author, $author_email, $pagename, $MReview_content, $cover, $r_link, $r_link_title, $score)
  801. {
  802. global $module_name, $prefix, $admin, $db, $sitename, $EditedMessage, $module_name, $email_notify, $adminmail;
  803. $cid = intval($cid);
  804. $scid = intval($scid);
  805.  
  806. if (eregi("<!--pagebreak-->", $MReview_content)) {
  807. $MReview_content = ereg_replace("<!--pagebreak-->", "&lt;!--pagebreak--&gt;;", $MReview_content);
  808. }
  809. $pagename = stripslashes(FixQuotes(check_html($pagename, "nohtml")));
  810. $MReview_content = stripslashes(Fixquotes(urldecode(check_html($MReview_content, ""))));
  811. if (eregi("&lt;!--pagebreak--&gt;", $MReview_content)) {
  812. $MReview_content = ereg_replace("&lt;!--pagebreak--&gt;", "<!--pagebreak-->", $MReview_content);
  813. }
  814.  
  815. if (!is_admin($admin)) {
  816. $MReview_content = encode_bbcode($MReview_content, 1);
  817. $sql = "INSERT INTO " . $prefix . "_MReviews( date, pagename, content, cover, cid, scid, author, author_email, r_link, r_link_title, score)
  818. VALUES (now(), '$pagename', '$MReview_content', '$cover', '$cid', '$scid', '$author', '$author_email', '$r_link', '$r_link_title', '$score')";
  819. $result = $db->sql_query($sql);
  820. } else {
  821. $sql = "INSERT INTO " . $prefix . "_MReviews_pend( date, pagename, content, cid, scid, author, author_email, r_link, r_link_title, score)
  822. VALUES (now(), '$pagename', '$MReview_content', '$cid', '$scid', '$author', '$author_email', '$r_link', '$r_link_title', '$score')";
  823. $result = $db->sql_query($sql);
  824. }
  825. if (eregi("&lt;!--pagebreak--&gt;", $MReview_content)) {
  826. $MReview_content = ereg_replace("&lt;!--pagebreak--&gt;", "<!--pagebreak-->", $MReview_content);
  827. }
  828. OpenTable();
  829. // Code to check if statement executed properly and display message
  830. if ($result) {
  831. $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  832. $result2 = $db->sql_query($sql);
  833. $row2 = $db->sql_fetchrow($result2);
  834.  
  835. $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  836. $result3 = $db->sql_query($sql);
  837. $row3 = $db->sql_fetchrow($result3);
  838.  
  839. if (!is_admin($admin)) {
  840. echo("" . _RTHANKSADMIN . "");
  841. } else {
  842. echo("" . _RTHANKS . "");
  843. }
  844. if ($email_notify == "on") {
  845. $sitemail = "$adminmail";
  846. $Subject = "New Review Submitted";
  847. $mailheader = "From: $author <$author_email>\r\n";
  848. $mailheader .= "Reply-To: $author_email\r\n";
  849. $mailbody .= "$author has submitted a review\r\n======================================================\r\nReview Name: $pagename\r\nCategory: $row2[title]\r\nGenera: $row2[sub_title]\r\n\r\n $MReview_content";
  850. mail($sitemail, $subject, $mailbody, $mailheader);
  851. }
  852. } else {
  853. echo "An error has occured<Br>";
  854. echo mysql_error();
  855. }
  856. CloseTable();
  857. }
  858.  
  859. function mr_comments($rid, $pagename)
  860. {
  861. global $module_name, $prefix, $admin, $db, $module_name;
  862. $rid = intval($rid);
  863. $result = $db->sql_query("SELECT com_id, userid, date, comments, score FROM " . $prefix . "_MReviews_comments WHERE rid='$rid' ORDER BY date DESC");
  864. while (list($com_id, $uname, $date, $comments, $score) = $db->sql_fetchrow($result)) {
  865. OpenTable();
  866. $pagename = urldecode($pagename);
  867. echo "
  868. <b>$pagename</b><br>";
  869. if ($uname == "Anonymous" OR $uname == "Stranger") {
  870. echo "Posted by: $uname on $date<br>";
  871. } else {
  872. echo "Posted by: <a href=\"" . getlink("Your_Account&amp;op=userinfo&amp;username=$uname") . "\">$uname</a> on $date<br>";
  873. }
  874. echo "My Score: ";
  875. display_score($score);
  876. if (is_admin($admin)) {
  877. echo "<br><b>Admin:</b> [ <a href=\"" . getlink("$module_name&amp;op=del_comment&amp;com_id=$com_id&amp;rid=$rid") . "\">Delete</a> ]</font><hr noshade size=1>";
  878. } else {
  879. echo "</font><hr>";
  880. }
  881. $comments = FixQuotes(nl2br(filter_text($comments)));
  882. echo "
  883. $comments
  884. ";
  885. CloseTable();
  886. echo "<br>";
  887. }
  888. }
  889.  
  890. function reviews($letter, $field, $order, $scid)
  891. {
  892. global $module_name, $bgcolor4, $textcolor1, $bgcolor3, $bgcolor2, $bgcolor1, $sitename, $prefix, $multilingual, $currentlang, $db, $module_name;
  893. OpenTable();
  894. $scid = intval($scid);
  895. $letter = $letter[0];
  896. $order = ($order[0] == "D") ? "DESC" : "ASC";
  897.  
  898. $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  899. $result = $db->sql_query($sql);
  900. $row = $db->sql_fetchrow($result);
  901.  
  902. echo "<center><b>$sitename <i>".$row['sub_title']."</i> " . _REVIEWS . " </b><br>";
  903. echo "<i>" . _REVIEWSLETTER . " \"$letter\"</i><br><br>";
  904.  
  905. $result = $db->sql_query("SELECT scid, rid, pagename, counter, date, author, author_email, score FROM " . $prefix . "_MReviews WHERE scid='$scid' && UPPER(pagename) LIKE '$letter%' ORDER by pagename $order");
  906. $numresults = $db->sql_numrows($result);
  907. if ($numresults == 0) {
  908. echo "<i><b>" . _NOREVIEWS . " \"$letter\"</b></i><br><br>";
  909. } elseif ($numresults > 0) {
  910. echo "<table bgcolor=\"$textcolor1\" name=TopReviews width=\"100%\" cellpadding=2 cellspacing=1>";
  911. echo "<tr>
  912. <td bgcolor=\"$bgcolor2\" align=center valign=top width=35%><b>" . _REVIEWSNAME . "</b></td>
  913. <td bgcolor=\"$bgcolor2\" align=center valign=top width=20%><b>" . _AUTHOR . "</b></td>
  914. <td bgcolor=\"$bgcolor2\" align=center valign=top width=23%><b>" . _DATE . "</b></td>
  915. <td bgcolor=\"$bgcolor2\" align=center valign=top width=8%><b>" . _SCORE . "</b></td>
  916. <td bgcolor=\"$bgcolor2\" align=center valign=top width=5%><b>" . _HITS . "</b></td>";
  917. echo "</tr>";
  918. while ($myrow = $db->sql_fetchrow($result)) {
  919. $pagename = $myrow["pagename"];
  920. $rid = $myrow["rid"];
  921. $scid = $myrow["scid"];
  922. $author = $myrow["author"];
  923. $author_email = $myrow["author_email"];
  924. $score = $myrow["score"];
  925. $counter = $myrow["counter"];
  926.  
  927. $date = $myrow["date"];
  928. $year = substr($date, 0, 4);
  929. $month = substr($date, 5, 2);
  930. $day = substr($date, 8, 2);
  931. $fdate = date("F jS Y", mktime (0, 0, 0, $month, $day, $year));
  932.  
  933. echo "<tr>\n
  934. <td width=35% bgcolor=\"$bgcolor1\">$arrow<a href=\"" . getlink("$module_name&amp;op=show&amp;rid=$rid") . "\">$pagename</A></td>\n
  935. <td width=20% bgcolor=\"$bgcolor1\"><a href=\"mailto:$author_email\">$author</A></td>\n
  936. <td width=17% bgcolor=\"$bgcolor1\">$fdate</td>\n
  937. <td width=8% bgcolor=\"$bgcolor1\">";
  938. display_score($score);
  939. echo "</td>\n
  940. <td bgcolor=\"$bgcolor1\" width=5%>$counter</td>";
  941. echo "</tr>";
  942. }
  943. echo "</TABLE>";
  944. echo "<br>$numresults " . _TOTALREVIEWS . "<br><br>";
  945. }
  946. echo "[ <a href=\"" . getlink("$module_name") . "\">" . _RETURN2MAIN . "</a> | <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid") . "\">" . _BACKTO . " $row[sub_title] index</a> ]";
  947. CloseTable();
  948. }
  949.  
  950. function postcomment($rid, $pagename)
  951. {
  952. global $module_name, $prefix, $user, $userinfo, $AllowableHTML, $anonymous, $module_name, $db;
  953. cookiedecode($user);
  954. $sql = "SELECT pagename FROM " . $prefix . "_MReviews WHERE rid='$rid'";
  955. $result = $db->sql_query($sql);
  956. $row = $db->sql_fetchrow($result);
  957. $row[pagename] = urldecode($row[pagename]);
  958. OpenTable();
  959. echo "<center><font class=option><b>" . _REVIEWCOMMENT . " $row[pagename]</b><br><br></font></center>"
  960. . "<form action=" . getlink("$module_name") . " method=post>";
  961. if (!is_user($user)) {
  962. echo "<b>" . _YOURNICK . ":</b> $anonymous [ " . _RCREATEACCOUNT . " ]<br><br>";
  963. $uname = $anonymous;
  964. } else {
  965. echo "<b>" . _YOURNICK . ":</b> ".$userinfo['username']."<br>
  966. <input type=checkbox name=xanonpost> " . _POSTANON . "<br><br>";
  967. $uname = $userinfo['username'];
  968. }
  969. echo "
  970. <input type=hidden name=uname value=$uname>
  971. <input type=hidden name=rid value=$rid>
  972. <b>" . _SCORE . "</b>
  973. <select name=score>
  974. <option name=score value=10>10</option>
  975. <option name=score value=9>9</option>
  976. <option name=score value=8>8</option>
  977. <option name=score value=7>7</option>
  978. <option name=score value=6>6</option>
  979. <option name=score value=5>5</option>
  980. <option name=score value=4>4</option>
  981. <option name=score value=3>3</option>
  982. <option name=score value=2>2</option>
  983. <option name=score value=1>1</option>
  984. </select><br><br>
  985. <b>" . _YOURCOMMENT . ":</b><br>
  986. <textarea name=comments rows=10 cols=70></textarea><br>
  987. " . _ALLOWEDHTML . ":<br>";
  988. while (list($key,) = each($AllowableHTML)) echo " &lt;" . $key . "&gt;";
  989. echo "<br><br>
  990. <input type=hidden name=op value=savecomment>
  991. <input type=submit value=Submit>
  992. </form>
  993. ";
  994. CloseTable();
  995. }
  996.  
  997. function savecomment($xanonpost, $uname, $rid, $score, $comments)
  998. {
  999. global $module_name, $prefix, $anonymous, $user, $userinfo, $db, $module_name;
  1000. $rid = intval($rid);
  1001. if ($xanonpost) {
  1002. $uname = $anonymous;
  1003. }
  1004. $comments = stripslashes(FixQuotes(check_html($comments)));
  1005. $db->sql_query("INSERT into " . $prefix . "_MReviews_comments values (NULL, '$rid', '$uname', now(), '$comments', '$score')");
  1006. Header("Location: " . getlink("$module_name&amp;op=show&amp;rid=$rid"));
  1007. }
  1008.  
  1009. function del_comment($com_id, $rid)
  1010. {
  1011. global $module_name, $prefix, $admin, $db, $module_name;
  1012. $com_id = intval($com_id);
  1013. if (is_admin($admin)) {
  1014. $db->sql_query("DELETE FROM " . $prefix . "_MReviews_comments WHERE com_id='$com_id'");
  1015. Header("Location: " . getlink("$module_name&amp;op=show&amp;rid=$rid"));
  1016. } else {
  1017. echo "ACCESS DENIED";
  1018. }
  1019. }
  1020.  
  1021. switch ($op) {
  1022. case "A":
  1023. reviews(A, $field, $order, $scid);
  1024. break;
  1025.  
  1026. case "B":
  1027. reviews(B, $field, $order, $scid);
  1028. break;
  1029.  
  1030. case "C":
  1031. reviews(C, $field, $order, $scid);
  1032. break;
  1033.  
  1034. case "D":
  1035. reviews(D, $field, $order, $scid);
  1036. break;
  1037.  
  1038. case "E":
  1039. reviews(E, $field, $order, $scid);
  1040. break;
  1041.  
  1042. case "F":
  1043. reviews(F, $field, $order, $scid);
  1044. break;
  1045.  
  1046. case "G":
  1047. reviews(G, $field, $order, $scid);
  1048. break;
  1049.  
  1050. case "H":
  1051. reviews(H, $field, $order, $scid);
  1052. break;
  1053.  
  1054. case "I":
  1055. reviews(I, $field, $order, $scid);
  1056. break;
  1057.  
  1058. case "J":
  1059. reviews(J, $field, $order, $scid);
  1060. break;
  1061.  
  1062. case "K":
  1063. reviews(K, $field, $order, $scid);
  1064. break;
  1065.  
  1066. case "L":
  1067. reviews(L, $field, $order, $scid);
  1068. break;
  1069.  
  1070. case "M":
  1071. reviews(M, $field, $order, $scid);
  1072. break;
  1073.  
  1074. case "N":
  1075. reviews(N, $field, $order, $scid);
  1076. break;
  1077.  
  1078. case "O":
  1079. reviews(O, $field, $order, $scid);
  1080. break;
  1081.  
  1082. case "P":
  1083. reviews(P, $field, $order, $scid);
  1084. break;
  1085.  
  1086. case "Q":
  1087. reviews(Q, $field, $order, $scid);
  1088. break;
  1089.  
  1090. case "R":
  1091. reviews(R, $field, $order, $scid);
  1092. break;
  1093.  
  1094. case "S":
  1095. reviews(S, $field, $order, $scid);
  1096. break;
  1097.  
  1098. case "T":
  1099. reviews(T, $field, $order, $scid);
  1100. break;
  1101.  
  1102. case "U":
  1103. reviews(U, $field, $order, $scid);
  1104. break;
  1105.  
  1106. case "V":
  1107. reviews(V, $field, $order, $scid);
  1108. break;
  1109.  
  1110. case "W":
  1111. reviews(W, $field, $order, $scid);
  1112. break;
  1113.  
  1114. case "X":
  1115. reviews(X, $field, $order, $scid);
  1116. break;
  1117.  
  1118. case "Y":
  1119. reviews(Y, $field, $order, $scid);
  1120. break;
  1121.  
  1122. case "Z":
  1123. reviews(Z, $field, $order, $scid);
  1124. break;
  1125.  
  1126. case "1":
  1127. reviews(1, $field, $order, $scid);
  1128. break;
  1129.  
  1130. case "2":
  1131. reviews(2, $field, $order, $scid);
  1132. break;
  1133.  
  1134. case "3":
  1135. reviews(3, $field, $order, $scid);
  1136. break;
  1137.  
  1138. case "4":
  1139. reviews(4, $field, $order, $scid);
  1140. break;
  1141.  
  1142. case "5":
  1143. reviews(5, $field, $order, $scid);
  1144. break;
  1145.  
  1146. case "6":
  1147. reviews(6, $field, $order, $scid);
  1148. break;
  1149.  
  1150. case "7":
  1151. reviews(7, $field, $order, $scid);
  1152. break;
  1153.  
  1154. case "8":
  1155. reviews(8, $field, $order, $scid);
  1156. break;
  1157.  
  1158. case "9":
  1159. reviews(9, $field, $order, $scid);
  1160. break;
  1161.  
  1162. case "show":
  1163. show($rid, $cid, $page, $scid, $author, $author_email, $cover, $pagename, $content, $counter, $r_link, $r_link_title, $score);
  1164. break;
  1165.  
  1166. case "show_cats":
  1167. show_cats();
  1168. break;
  1169.  
  1170. case "list_revs":
  1171. list_revs($scid, $orderby, $page);
  1172. break;
  1173.  
  1174. case "list_sub_cats":
  1175. list_sub_cats($cid);
  1176. break;
  1177.  
  1178. case "write_MReview":
  1179. write_MReview($cid);
  1180. break;
  1181.  
  1182. case "preview_review":
  1183. preview_review($date, $pagename, $MReview_content, $author, $author_email, $score, $cover, $r_link, $r_link_title, $counter, $rid, $cid, $scid);
  1184. break;
  1185.  
  1186. case "send_MReview":
  1187. send_MReview($cid, $scid, $author, $author_email, $pagename, $MReview_content, $cover, $r_link, $r_link_title, $score);
  1188. break;
  1189.  
  1190. case "postcomment":
  1191. postcomment($rid, $pagename);
  1192. break;
  1193.  
  1194. case "savecomment":
  1195. savecomment($xanonpost, $uname, $rid, $score, $comments);
  1196. break;
  1197.  
  1198. case "del_comment":
  1199. del_comment($com_id, $rid);
  1200. break;
  1201.  
  1202. default:
  1203. show_cats();
  1204. break;
  1205. }
  1206.  
  1207. include ("footer.php");
  1208.  
  1209. ?>
RAW Paste Data