SHARE
TWEET

Untitled

a guest Nov 4th, 2013 149 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. /************************************************************************/
  4. /* PHP-NUKE: Web Portal System                                          */
  5. /* ===========================                                          */
  6. /*                                                                      */
  7. /* Copyright (c) 2002 by Francisco Burzi                                */
  8. /* http://phpnuke.org                                                   */
  9. /*                                                                      */
  10. /* This program is free software. You can redistribute it and/or modify */
  11. /* it under the terms of the GNU General Public License as published by */
  12. /* the Free Software Foundation; either version 2 of the License.       */
  13. /************************************************************************/
  14.  
  15. if (!defined('CPG_NUKE')) {
  16.     die ("You can't access this file directly...");
  17. }
  18.  
  19. require_once("mainfile.php");
  20. $module_name = basename(dirname(__FILE__));
  21. get_lang($module_name);
  22. require_once("includes/nbbcode.php");
  23.  
  24. if (!$rid && !$cid && !$scid) $pagetitle = "- Reviews";
  25. elseif ($cid) {
  26.     $cid = intval($cid);
  27.     $sql = "SELECT title FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  28.     $result = $db->sql_query($sql);
  29.     $row = $db->sql_fetchrow($result);
  30.     $pagetitle = "- Reviews | " . $row['title'] . "";
  31. } elseif ($rid) {
  32.     $rid = intval($rid);
  33.     $sql = "SELECT cid, pagename FROM " . $prefix . "_MReviews WHERE rid='$rid'";
  34.     $result = $db->sql_query($sql);
  35.     $row = $db->sql_fetchrow($result);
  36.  
  37.     $sql = "SELECT title FROM " . $prefix . "_MReviews_cats WHERE cid='" . $row[cid] ."'";
  38.     $result2 = $db->sql_query($sql);
  39.     $row2 = $db->sql_fetchrow($result2);
  40.     $pagetitle = "- Reviews | " . $row2['title'] . " | " . $row['pagename'] . "";
  41. } elseif ($scid) {
  42.     $scid = intval($scid);
  43.     $sql = "SELECT cid, sub_title FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  44.     $result = $db->sql_query($sql);
  45.     $row = $db->sql_fetchrow($result);
  46.  
  47.     $sql = "SELECT title FROM " . $prefix . "_MReviews_cats WHERE cid='".$row[cid]."'";
  48.     $result2 = $db->sql_query($sql);
  49.     $row2 = $db->sql_fetchrow($result2);
  50.     $pagetitle = "- Reviews | " . $row2['title'] ." | " .$row['sub_title'] . "";
  51. }
  52. include("header.php");
  53. // Customization Area Starts
  54. $sql = "SELECT review_image_url, guests_to_post, email_notify, max_results FROM " . $prefix . "_MReviews_conf";
  55. $result3 = $db->sql_query($sql);
  56. $row3 = $db->sql_fetchrow($result3);
  57. $review_image_url = $row3['review_image_url'];
  58. $guests_to_post = $row3['guests_to_post'];
  59. $email_notify = $row3['email_notify'];
  60. $max_results = $row3['max_results'];
  61.  
  62. function alpha($scid)
  63. {
  64.     global $module_name, $module_name, $db, $prefix;
  65.     $alphabet = array ("A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M",
  66.         "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "1", "2", "3", "4", "5", "6", "7", "8", "9", "0");
  67.     $num = count($alphabet) - 1;
  68.         $scid = intval($scid);
  69.        
  70.     echo "<center>[ ";
  71.     $counter = 0;
  72.     while (list(, $ltr) = each($alphabet)) {
  73.         $ltr_num = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_MReviews WHERE (scid='$scid' && UPPER(pagename) LIKE '$ltr%')"));
  74.         if ($ltr_num == 0) {
  75.             $altr = "$ltr";
  76.         } else {
  77.             $altr = "<a title=\"$ltr_num Reviews\" href=\"" . getlink("$module_name&amp;op=$ltr&amp;scid=$scid") . "\"><b>$ltr</b></a>";
  78.         }
  79.         echo "$altr";
  80.         if ($counter == round($num / 2)) {
  81.             echo " ]\n<br>\n[ ";
  82.         } elseif ($counter != $num) {
  83.             echo "&nbsp;|&nbsp;\n";
  84.         }
  85.         $counter++;
  86.     }
  87.     echo " ]</center><br><br>\n\n\n";
  88. }
  89.  
  90. function display_score($score)
  91. {
  92.     $image = "<img src=\"images/MReviews/blue.gif\" alt=\"\">";
  93.     $halfimage = "<img src=\"images/MReviews/bluehalf.gif\" alt=\"\">";
  94.     $full = "<img src=\"images/MReviews/star.gif\" alt=\"\">";
  95.     $notrated = "<img src=\"images/MReviews/NotRated.gif\" alt=\"\">";
  96.  
  97.     if ($score == 10) {
  98.         echo "<img src=\"images/MReviews/10stars.gif\" alt=\"Top of All\" title=\"Excellent\">";
  99.     } else if ($score == 9) {
  100.         echo "<img src=\"images/MReviews/9stars.gif\" alt=\"Excellent\" title=\"Excellent\">";
  101.     } else if ($score == 8) {
  102.         echo "<img src=\"images/MReviews/8stars.gif\" alt=\"Best\" title=\"Best\">";
  103.     } else if ($score == 7) {
  104.         echo "<img src=\"images/MReviews/7stars.gif\" alt=\"Very Good\" title=\"Very Good\">";
  105.     } else if ($score == 6) {
  106.         echo "<img src=\"images/MReviews/6stars.gif\" alt=\"Good\" title=\"Good\">";
  107.     } else if ($score == 5) {
  108.         echo "<img src=\"images/MReviews/5stars.gif\" alt=\"Fair\" title=\"Fair\">";
  109.     } else if ($score == 4) {
  110.         echo "<img src=\"images/MReviews/4stars.gif\" alt=\"Not Bad\" title=\"Not Bad\">";
  111.     } else if ($score == 3) {
  112.         echo "<img src=\"images/MReviews/3stars.gif\" alt=\"Bad\" title=\"Bad\">";
  113.     } else if ($score == 2) {
  114.         echo "<img src=\"images/MReviews/2stars.gif\" alt=\"Worst\" title=\"Worst\">";
  115.     } else if ($score == 1) {
  116.         echo "<img src=\"images/MReviews/1stars.gif\" alt=\"Worst Of All\" title=\"Worst Of All\">";
  117.     } else {
  118.         echo "<img src=\"images/MReviews/NotRated.gif\" alt=\"No Score\" title=\"No Score\">";
  119.     }
  120. }
  121.  
  122. function preview_review($date, $pagename, $MReview_content, $author, $author_email, $score, $cover, $r_link, $r_link_title, $counter, $rid, $cid, $scid)
  123. {
  124.     global $module_name, $prefix, $admin, $db, $sitename, $user, $userinfo, $user_prefix, $module_name, $review_image_url;
  125.        
  126.         if (isset($rid)) { $rid = intval($rid); }
  127.         if (isset($cid)) { $rid = intval($cid); }
  128.         if (isset($scid)) { $rid = intval($scid); }
  129.  
  130.     OpenTable();
  131.     if (eregi("<!--pagebreak-->", $MReview_content)) {
  132.         $MReview_content = ereg_replace("<!--pagebreak-->", "&lt;!--pagebreak--&gt;", $MReview_content);
  133.     }
  134.     $pagename = stripslashes(check_html($pagename, "nohtml"));
  135.     $PReview_content = decode_bbcode($MReview_content);
  136.     $MReview_content = stripslashes(check_html($MReview_content, ""));
  137.     $author = stripslashes(check_html($author, "nohtml"));
  138.     $r_link_title = stripslashes(check_html($r_link_title, "nohtml"));
  139.  
  140.     echo "<form method=\"post\" action=\"" . getlink("$module_name") . "\">";
  141.  
  142.     if ($pagename == "") {
  143.         $error = 1;
  144.         echo "" . _INVALIDTITLE . "<br>";
  145.     }
  146.     if ($MReview_content == "") {
  147.         $error = 1;
  148.         echo "" . _INVALIDTEXT . "<br>";
  149.     }
  150.     if (($counter < 0) && ($rid != 0)) {
  151.         $error = 1;
  152.         echo "" . _INVALIDHITS . "<br>";
  153.     }
  154.     if ($author == "" || $author_email == "") {
  155.         $error = 1;
  156.         echo "" . _CHECKNAME . "<br>";
  157.     } else if ($author != "" && $author_email != "")
  158.         if (!(eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$", $author_email))) {
  159.             $error = 1;
  160.             /* eregi checks for a valid email! works nicely for me! */
  161.             echo "" . _INVALIDEMAIL . "<br>";
  162.         }
  163.         if (($r_link_title != "" && $r_link == "") || ($r_link_title == "" && $r_link != "")) {
  164.             $error = 1;
  165.             echo "" . _INVALIDLINK . "<br>";
  166.         } else if (($r_link != "") && (!(eregi('(^http[s]*:[/]+)(.*)', $r_link))))
  167.             $r_link = "http:" . $r_link;
  168.         /* If the user ommited the http, this nifty eregi will add it */
  169.         if ($error == 1)
  170.             echo "<br>[ " . _GOBACK . " ]";
  171.         else {
  172.             if ($date == "")
  173.                 $date = date("Y-m-d", time());
  174.             $year2 = substr($date, 0, 4);
  175.             $month = substr($date, 5, 2);
  176.             $day = substr($date, 8, 2);
  177.             $fdate = date("F jS Y", mktime (0, 0, 0, $month, $day, $year2));
  178.  
  179.             $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  180.             $result = $db->sql_query($sql);
  181.             $row = $db->sql_fetchrow($result);
  182.  
  183.             $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  184.             $result2 = $db->sql_query($sql);
  185.             $row2 = $db->sql_fetchrow($result2);
  186.             echo "<table border=\"0\" width=\"100%\"><tr><td colspan=\"2\">";
  187.             echo "<p><font class=\"title\"><i><b>$pagename</b></i></font><br>";
  188.             echo "<blockquote><p>";
  189.             if ($cover != "")
  190.                 echo "<img src=\"$review_image_url/$cover\" align=\"right\" border=\"1\" vspace=\"2\" alt=\"\">";
  191.             $PReview_content = nl2br($PReview_content);
  192.             echo "$PReview_content<p>";
  193.             echo "<b>" . _ADDED . ":</b> $fdate<br>";
  194.             echo "<b>" . _AUTHOR . ":</b> <a href=\"mailto:$author_email\">$author</a><br>";
  195.             echo "<b>" . _SCORE . ":</b> ";
  196.             display_score($score);
  197.             if ($r_link != "")
  198.                 echo "<br><b>" . _RLINK . ":</b> <a href=\"$r_link\" target=\"new\">$r_link_title</a>";
  199.             if ($rid != 0) {
  200.                 echo "<br><b>" . _REVIEWID . ":</b> $rid<br>";
  201.                 echo "<b>" . _HITS . ":</b> $counter<br>";
  202.             }
  203.             echo "<br><b>" . _CATEGORY . ":</b> " . $row2['title'] ."<br>";
  204.             echo "<br><b>" . _SUBCATEGORY . ":</b> " . $row['sub_title'] . "<br>";
  205.             echo "</font></blockquote>";
  206.             echo "</td></tr></table>";
  207.             echo "<p><i>" . _LOOKSRIGHT . "</i><br>";
  208.             $PReview_content = urlencode($PReview_content);
  209.             echo "<input type=\"hidden\" name=\"rid\" value=$rid>
  210.                 <input type=\"hidden\" name=\"cid\" value=$cid>
  211.                 <input type=\"hidden\" name=\"scid\" value=$scid>
  212.                         <input type=\"hidden\" name=\"counter\" value=\"$counter\">
  213.                         <input type=\"hidden\" name=\"op\" value=\"send_MReview\">
  214.                         <input type=\"hidden\" name=\"date\" value=\"$date\">
  215.                         <input type=\"hidden\" name=\"pagename\" value=\"$pagename\">";
  216.             echo "<input type=\"hidden\" name=\"MReview_content\" value=\"$MReview_content\">
  217.                         <input type=\"hidden\" name=\"author\" value=\"$author\">
  218.                         <input type=\"hidden\" name=\"author_email\" value=\"$author_email\">
  219.                         <input type=\"hidden\" name=\"score\" value=\"$score\">
  220.                         <input type=\"hidden\" name=\"r_link\" value=\"$r_link\">
  221.                         <input type=\"hidden\" name=\"r_link_title\" value=\"$r_link_title\">";
  222.             if (is_admin($admin)) {
  223.                 echo "<input type=\"hidden\" name=\"cover\" value=\"$cover\">";
  224.             }
  225.             echo "<input type=\"submit\" value=\"" . _YES . "\"> <a href=\"#No\">[ " . _NO . " ]</a></form>";
  226.             if ($rid != 0)
  227.                 $word = "" . _RMODIFIED . "";
  228.             else
  229.                 $word = "" . _RADDED . "";
  230.             if (is_admin($admin))
  231.                 echo "<br><br><b>" . _NOTE . ":</b> " . _ADMINLOGGED . " $word.";
  232.  
  233.             CloseTable();
  234.             echo "<br><br><br><br><br>";
  235.  
  236.             OpenTable();
  237.             echo "<a name=No></a><center><h1>Modification</h1></centeR>";
  238.             echo "<form action=\"" . getlink($module_name) . "\" method=POST>";
  239.             echo "<input type=\"hidden\" name=\"op\" value=\"preview_review\">";
  240.             echo "<b>" . _REVIEWNAME . ":</b><br> <input type=\"text\" name=\"pagename\" value=\"$pagename\"><br><i>" . _NAMEPRODUCT . "</i><br><br>";
  241.             echo "<b>" . _CATEGORY . ":</b> ";
  242.  
  243.             $sql = "SELECT * FROM " . $prefix . "_MReviews_cats";
  244.             $result = $db->sql_query($sql);
  245.             $row = $db->sql_fetchrow($result);
  246.             echo "<input name=\"cid\" value=\"".$row['cid']."\" type=\"hidden\"><b>".$row['title']."</b>";
  247.             echo "<br><i>" . _PRODUCTCAT . "</i><Br><br>";
  248.  
  249.             echo "<b>" . _SUBCATEGORY . ":</b><br> <select name=\"scid\">";
  250.  
  251.             $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE cid='$cid'";
  252.             $result2 = $db->sql_query($sql);
  253.             while ($row2 = $db->sql_fetchrow($result2)) {
  254.                 if ($row2[scid] == $scid) {
  255.                     $sel = "selected";
  256.                 }
  257.                 echo "<option value=\"".$row2['scid']."\" $sel>".$row2['sub_title']."</option>";
  258.                 $sel = "";
  259.             }
  260.             echo "</select><br><i>" . _PRODUCTSUBCAT . "</i><Br><br>";
  261.             echo "    <b>" . _YOURNAME . ":</b><br>";
  262.  
  263.             if (is_user($user)) {
  264.                 $sql = "SELECT name, user_email FROM " . $user_prefix . "_users WHERE username='" . $userinfo['username'] . "'";
  265.                 $result2 = $db->sql_query($sql);
  266.                 $row2 = $db->sql_fetchrow($result2);
  267.             }
  268.             echo "<input value=\"$author\" type=\"text\" name=\"author\" size=\"41\" maxlength=\"40\" value=\"".$row2['name']."\"><br>
  269.     <i>" . _FULLNAMEREQ . "</i><br><br>
  270.     <b>" . _REMAIL . ":</b><br>
  271.     <input type=\"text\" value=\"$author_email\" name=\"author_email\" size=\"40\" maxlength=\"80\" value=\"".$row2['user_email']."\"><br>
  272.     <i>" . _REMAILREQ . "</i><br><br>";
  273.             echo "<b>" . _REVIEW . ":</b><br> <textarea name=\"MReview_content\" rows=\"15\" cols=\"60\" class=\"post\">$MReview_content</textarea><br><i>" . _CHECKREVIEW . "</i><br><br>";
  274.             echo"<b>" . _SCORE . ":</b>
  275.     <select name=\"score\">
  276.     <option name=\"score\" value=\"10\">10</option>
  277.     <option name=\"score\" value=\"9\">9</option>
  278.     <option name=\"score\" value=\"8\">8</option>
  279.     <option name=\"score\" value=\"7\">7</option>
  280.     <option name=\"score\" value=\"6\">6</option>
  281.     <option name=\"score\" value=\"5\">5</option>
  282.     <option name=\"score\" value=\"4\">4</option>
  283.     <option name=\"score\" value=\"3\">3</option>
  284.     <option name=\"score\" value=\"2\">2</option>
  285.     <option name=\"score\" value=\"1\">1</option>
  286.     </select><br>
  287.     <i>" . _SELECTSCORE . "</i><br><br>";
  288.             if (is_admin($admin)) {
  289.                 echo "<b>" . _COVERIMAGE . ":</b><br> <input value=\"$cover\" type=\"text\" name=\"cover\"><br>";
  290.                 echo "<i>" . _RIMAGEFILEREQ . "</i><br><br>";
  291.             }
  292.             echo "<b>" . _RLINK . ":</b><br> <input type=\"text\" value=\"$r_link\" name=\"r_link\"><br>";
  293.             echo "<i>" . _PRODUCTSITE . "</i><br><br>";
  294.             echo "<b>" . _RLINKTITLE . "</b>:<br> <input type=\"text\" value=\"$r_link_title\" name=\"r_link_title\"><br>";
  295.             echo "<i>" . _LINKTITLEREQ . "</i><br><br>";
  296.             echo "<input type=\"submit\" value=\"" . _PREMODS . "\">";
  297.             echo "</form>";
  298.             CloseTable();
  299.         }
  300.     }
  301.  
  302.     function show_cats()
  303.     {
  304.         global $module_name, $prefix, $db, $bgcolor3;
  305.  
  306.         OpenTable();
  307.         echo "<center><font class=\"title\">" . _RWELCOME . " <br></font><font class=small>" . _VCATEGORIES . "</font></center>";
  308.  
  309.         echo "<br><table width=100% border=0 cellspacing=1 bgcolor=$textcolor1>";
  310.         function chopSent($varb, $num)
  311.         {
  312.             $dNum = intval($num);
  313.             if (strlen($varb) > $dNum) {
  314.                 $nVarb = substr($varb, 0, $dNum);
  315.                 $nVarb .= "...";
  316.             } elseif (strlen($varb) < $dNum) {
  317.                 $nVarb = $varb;
  318.             }
  319.             return $nVarb;
  320.         }
  321.         // Usage of function
  322.         $sql = "SELECT * FROM " . $prefix . "_MReviews_cats";
  323.         $result = $db->sql_query($sql);
  324.         $count = 0;
  325.  
  326.         while ($row = $db->sql_fetchrow($result)) {
  327.             if ($count == 2) {
  328.                 echo "<tr>";
  329.                 $count = 0;
  330.             }
  331.             echo "<td width=50% align=left><a class='cattitle' href=\"" . getlink("$module_name&amp;op=list_sub_cats&amp;cid=".$row['cid']."") . "\"><b>".$row['title']."</b></a>&not;<br>";
  332.             $sql2 = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE cid='".$row['cid']."' LIMIT 3";
  333.             $result2 = $db->sql_query($sql2);
  334.             while ($row2 = $db->sql_fetchrow($result2)) {
  335.                 $theSent = $row2[sub_title];
  336.                 $theSent = chopSent($theSent, 450);
  337.                 $subcats = "<a href='" . getlink("$module_name&amp;op=list_revs&amp;cid=".$row['cid']."&amp;scid=".$row2['scid']."") . "'>$theSent</a>,";
  338.                 echo " $subcats";
  339.             }
  340.             echo "...";
  341.             echo "</td>";
  342.             $count++;
  343.             if ($count == 2) {
  344.                 echo "</tr>";
  345.                 echo "<tr><td colspan=2 height=10></td></tr>";
  346.             }
  347.             echo "</td>";
  348.         }
  349.         echo "</table>";
  350.                 //Added by Mike Allen on 7/14/04
  351.                 echo "<br>";
  352.                 $uid = intval($uid);
  353.                 $sql3 = "SELECT * FROM " . $prefix . "_MReviews_upcoming";
  354.                 $result3 = $db->sql_query($sql3);
  355.         if ($db->sql_numrows($result3)) {
  356.             echo "<center><font class=\"title\">Upcoming Reviews</font><br>";
  357.             while($row3= $db->sql_fetchrow($result3)){
  358.                 echo "<font color=red class=medium>" . $row3['text'] . "</font><br>";
  359.                         }
  360.                 }
  361.         CloseTable();
  362.                 //End Add
  363.     }
  364.  
  365.     function list_sub_cats($cid)
  366.     {
  367.         global $module_name, $prefix, $db, $admin, $sitename, $bgcolor4, $bgcolor2, $bgcolor3, $bgcolor1, $textcolor1, $max_results;
  368.  
  369.                 $cid = intval($cid);
  370.         $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  371.         $result = $db->sql_query($sql);
  372.         $row = $db->sql_fetchrow($result);
  373.  
  374.         OpenTable();
  375.         echo "<centeR>"
  376.          . "<font class=\"title\"><i>".$row['title']."</i> " . _REVIEWS . "</font><br>"
  377.          . "<font class=\"content\">".$row['description']."</font><br><hr><br>";
  378.         $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  379.         $result = $db->sql_query($sql);
  380.         $row = $db->sql_fetchrow($result);
  381.         echo "<center><a name=\"#AllReviews\"></a>" . _LISTINGALLSUBCATSIN . " <i><b>".$row['title']."</b></i> " . _CATEGORY . "<br></center>";
  382.  
  383.         echo "<table bgcolor=\"$textcolor1\" name=TopReviews width=\"100%\" cellpadding=2 cellspacing=1>";
  384.         echo "<tr>
  385. <td bgcolor=\"$bgcolor2\" align=center valign=top width=35%><b>" . _SUBCATTITLE . "</b></td>
  386. <td bgcolor=\"$bgcolor2\" align=center valign=top width=20%><b>" . _TOTALREVIEW . "</b></td>
  387. <td bgcolor=\"$bgcolor2\" align=center valign=top width=23%><b>" . _LATESTADDED . "</b></td>
  388. <td bgcolor=\"$bgcolor2\" align=center valign=top width=8%><b>" . _HITS . "</b></td>";
  389.  
  390.         if (is_admin($admin)) {
  391.             echo "<td bgcolor=\"$bgcolor2\" width=10%><b>" . _ADMIN . "</b></td>\n";
  392.         }
  393.         echo "</tr>";
  394.  
  395.         $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE cid='".$row['cid']."' ORDER BY sub_title DESC";
  396.         $result2 = $db->sql_query($sql);
  397.         while ($row2 = $db->sql_fetchrow($result2)) {
  398.             $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='".$row2['scid']."' ORDER BY pagename DESC LIMIT 1";
  399.             $result3 = $db->sql_query($sql);
  400.             $row3 = $db->sql_fetchrow($result3);
  401.             if ($row3[pagename] == '') {
  402.                 $latest = "N/A";
  403.             } else {
  404.                 $latest = "<a href=\"" . getlink("$module_name&amp;op=show&amp;rid=".$row3['rid']."") . "\">".$row3['pagename']."</a>";
  405.             }
  406.             $arrow = "<img src='modules/Topics/images/arrow.gif' border='0' alt='' title=''>&nbsp;&nbsp;";
  407.  
  408.             $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='".$row2['scid']."'";
  409.             $result4 = $db->sql_query($sql);
  410.  
  411.             $total = $db->sql_numrows($result4);
  412.             echo "<tr>\n
  413. <td width=35% bgcolor=\"$bgcolor1\">$arrow<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=".$row2['scid']."") . "\">".$row2['sub_title']."</A></td>\n
  414. <td width=20% bgcolor=\"$bgcolor1\" align=center><b>$total</b> " . _REVIEWS . "</td>\n
  415. <td width=23% bgcolor=\"$bgcolor1\" align=center>$latest</td>\n
  416. <td bgcolor=\"$bgcolor1\" width=8% align=center><b>".$row2['counter']."</b></td>";
  417.             if (is_admin($admin)) {
  418.                 echo "<td bgcolor=\"$bgcolor1\" width=10%><a href=\"admin.php?op=modMRevSubCat&scid=".$row2['scid']."\">E</a> | <a href=\"admin.php?op=delMRevSubCat&scid=".$row2[scid]."\">D</a></td>\n";
  419.             }
  420.  
  421.             echo "</tr>";
  422.         }
  423.         echo "</td></tr></table><br>";
  424.         echo "</center>";
  425.  
  426.         CloseTable();
  427.     }
  428.  
  429.     function list_revs($scid, $orderby, $page)
  430.     {
  431.         global $module_name, $prefix, $db, $admin, $sitename, $bgcolor4, $bgcolor2, $bgcolor3, $bgcolor1, $textcolor1, $max_results;
  432.                 $scid = intval($scid);
  433.                 $max_results = intval($max_results);
  434.         $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  435.         $result0 = $db->sql_query($sql);
  436.         $row0 = $db->sql_fetchrow($result0);
  437.  
  438.         if (!$page) {
  439.             $page = "1";
  440.         }
  441.  
  442.         OpenTable();
  443.         echo "<centeR>"
  444.          . "<font class=\"title\">" . _WELCOMETO . " $sitename <i><b>".$row0['sub_title']."</b></i> " . _REVIEWS . "</font><br>"
  445.          . "<font class=\"content\">".$row0['sub_description']."</font><br><br>";
  446.  
  447.         alpha($scid);
  448.  
  449.         echo "[ <a href=\"" . getlink("$module_name&amp;op=write_MReview&amp;cid=".$row0['cid']."") . "\">" . _WRITEREVIEW . "</a> ] "
  450.          . "[ <a href=\"" . getlink("$module_name#AllReviews") . "\">" . _ALLREVIEWS . "</a> ] "
  451.          . "</center>";
  452.  
  453.         echo "<br><br>";
  454.         echo "<table name=Table1 width=\"100%\" name=MainTable cellspacing=1 cellpadding=2>\n";
  455.         echo "<tr><td width=50% name=TopReviewsColoumn>";
  456.  
  457.         echo "<table bgcolor=\"$textcolor1\" name=TopReviews width=\"100%\" cellpadding=2 cellspacing=1>";
  458.         echo "<tr><td bgcolor=\"$bgcolor2\" valign=top width=100%><b>" . _10MOSTPOP . "</b></td></tr>";
  459.         $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='$scid' ORDER BY counter DESC LIMIT 10";
  460.         $result = $db->sql_query($sql);
  461.         while ($row = $db->sql_fetchrow($result)) {
  462.             echo "<tr>\n<td width=100% bgcolor=\"$bgcolor1\"><a href=\"" . getlink("$module_name&amp;op=show&amp;rid=".$row['rid']."") . "\">".$row['pagename']."</A></td></tr>";
  463.         }
  464.         echo "</table name=TopReviews>\n\n";
  465.  
  466.         echo "</td><td width=50% name=LatestReviewsColoumn>\n";
  467.  
  468.         echo "<table bgcolor=\"$textcolor1\" name=LatestReviews width=\"100%\" cellpadding=2 cellspacing=1>\n";
  469.         echo "<tr><td bgcolor=\"$bgcolor2\" valign=top width=100%><b>" . _10MOSTREC . "</b></td></tr>\n";
  470.         $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='$scid' ORDER BY date DESC LIMIT 10";
  471.         $result2 = $db->sql_query($sql);
  472.         while ($row2 = $db->sql_fetchrow($result2)) {
  473.             echo "<tr>\n<td width=100% bgcolor=\"$bgcolor1\"><a href=\"" . getlink("$module_name&amp;op=show&amp;rid=".$row2['rid']."") . "\">".$row2['pagename']."</A></td></tr>";
  474.         }
  475.         echo "</table name=LatestReviews>\n";
  476.         echo "</td></tr>";
  477.         $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='$scid'";
  478.         $result3 = $db->sql_query($sql);
  479.         $numresults = $db->sql_numrows($result3);
  480.         echo "<tr><td colspan=\"2\"><center>" . _THEREARE . " $numresults " . _REVIEWSINDB . "</center><br></td></tr>";
  481.         echo "<form action=\"" . getlink("Search") . "\" method=\"post\"><input type=\"hidden\" name=\"type\" value=\"reviews\">";
  482.         echo "<tr><td colspan=\"2\"><center>Query: <input type=\"text\" name=\"query\" size=\"15\"> <input type=\"submit\" value=\"Search\"></form></center></td></tr>";
  483.  
  484.         $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='".$row0['cid']."'";
  485.         $result4 = $db->sql_query($sql);
  486.         $row4 = $db->sql_fetchrow($result4);
  487.  
  488.         echo "<tr><td colspan=\"2\"><center><a href=\"" . getlink("$module_name") . "\">" . _RBACK . "</a> | " . _BACKTO . " <a href=\"" . getlink("$module_name&amp;op=list_sub_cats&amp;cid=".$row0['cid']."") . "\">".$row4['title']."</a> Index</center></td></tr>";
  489.         echo "</table name=MainTable>\n";
  490.         CloseTable();
  491.         echo "<br>";
  492.         echo "<br>";
  493.         OpenTable();
  494.         $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  495.         $result = $db->sql_query($sql);
  496.         $row = $db->sql_fetchrow($result);
  497.         echo "<center><font class=\"title\"><a name=\"#AllReviews\"></a>" . _LISTINGALLREVIEWSIN . " <i>".$row['sub_title']."</i> " . _CATEGORY . "</font><br>";
  498.  
  499.         $orderbyText = "";
  500.         if ($orderby == "titleA") $orderbyText = "" . _TITLEA2Z . "";
  501.         if ($orderby == "titleD") $orderbyText = "" . _TITLEZ2A . "";
  502.         if ($orderby == "HitsA") $orderbyText = "" . _POPULARITY1 . "";
  503.         if ($orderby == "HitsD") $orderbyText = "" . _POPULARITY2 . "";
  504.         if ($orderby == "DateA") $orderbyText = "" . _DATE1 . "";
  505.         if ($orderby == "DateD") $orderbyText = "" . _DATE2 . "";
  506.         if ($orderby == "ScoreA") $orderbyText = "" . _RATING1 . "";
  507.         if ($orderby == "ScoreD") $orderbyText = "" . _RATING2 . "";
  508.  
  509.         echo "<font class=gensmall>
  510. " . _SORTREVIEWSBY . "
  511. Title (<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=titleA#AllReviews") . "\">A</a>
  512.            <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=titleD#AllReviews") . "\">D</a>)
  513.  
  514. Date (<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=DateA#AllReviews") . "\">A</a>
  515.           <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=DateD#AllReviews") . "\">D</a>)
  516.  
  517. Rating (<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=ScoreA#AllReviews") . "\">A</a>
  518.                 <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=ScoreD#AllReviews") . "\">D</a>)
  519.  
  520. Popularity (<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=HitsA#AllReviews") . "\">A</a>
  521.                     <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=HitsD#AllReviews") . "\">D</a>)
  522. <br>";
  523.  
  524.         if ($orderby != "")
  525.             echo "" . _REVIEWSCURSORTEDBY . "$orderbyText";
  526.  
  527.         echo "</font></center><br><br>";
  528.  
  529.         echo "<table bgcolor=\"$textcolor1\" name=TopReviews width=\"100%\" cellpadding=2 cellspacing=1>";
  530.         echo "<tr>
  531. <td bgcolor=\"$bgcolor2\" align=center valign=top width=35%><b>" . _REVIEWSNAME . "</b></td>
  532. <td bgcolor=\"$bgcolor2\" align=center valign=top width=20%><b>" . _AUTHOR . "</b></td>
  533. <td bgcolor=\"$bgcolor2\" align=center valign=top width=23%><b>" . _DATE . "</b></td>
  534. <td bgcolor=\"$bgcolor2\" align=center valign=top width=8%><b>" . _SCORE . "</b></td>
  535. <td bgcolor=\"$bgcolor2\" align=center valign=top width=5%><b>" . _HITS . "</b></td>";
  536.  
  537.         if (is_admin($admin)) {
  538.             echo "<td bgcolor=\"$bgcolor2\" width=10%><b>" . _ADMIN . "</b></td>\n";
  539.         }
  540.         echo "</tr>";
  541.  
  542.                 $orderbySQL = "";
  543.         if ($orderby == "titleA") $orderbySQL = "pagename ASC";
  544.         if ($orderby == "titleD") $orderbySQL = "pagename DESC";
  545.         if ($orderby == "HitsA") $orderbySQL = "counter ASC";
  546.         if ($orderby == "HitsD") $orderbySQL = "counter DESC";
  547.         if ($orderby == "DateA") $orderbySQL = "date ASC";
  548.         if ($orderby == "DateD") $orderbySQL = "date DESC";
  549.         if ($orderby == "ScoreA") $orderbySQL = "score ASC";
  550.         if ($orderby == "ScoreD") $orderbySQL = "score DESC";
  551.         if ($orderby == "") $orderbySQL = "pagename";
  552.  
  553.         $from = (($page * $max_results) - $max_results);
  554.         $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE scid='".$row[scid]."' ORDER BY $orderbySQL LIMIT $from, $max_results";
  555.         $result2 = $db->sql_query($sql);
  556.         while ($row2 = $db->sql_fetchrow($result2)) {
  557.             $date = $row2["date"];
  558.             $year = substr($date, 0, 4);
  559.             $month = substr($date, 5, 2);
  560.             $day = substr($date, 8, 2);
  561.             $fdate = date("F jS Y", mktime (0, 0, 0, $month, $day, $year));
  562.  
  563.             $arrow = "<img src='modules/Topics/images/arrow.gif' border='0' alt='' title=''>&nbsp;&nbsp;";
  564.             $score = "$row2[score]";
  565.             echo "<tr>\n
  566. <td width=35% bgcolor=\"$bgcolor1\">$arrow<a href=\"" . getlink("$module_name&amp;op=show&rid=".$row2['rid']."") . "\">".$row2['pagename']."</A></td>\n
  567. <td width=20% align=center bgcolor=\"$bgcolor1\"><a href=\"mailto:".$row2['author_email']."\">".$row2['author']."</A></td>\n
  568. <td width=17% align=center bgcolor=\"$bgcolor1\">$fdate</td>\n
  569. <td width=8% align=center bgcolor=\"$bgcolor1\">";
  570.             display_score($score);
  571.             echo "</td>\n
  572. <td align=center bgcolor=\"$bgcolor1\" width=5%>".$row2['counter']."</td>";
  573.             if (is_admin($admin)) {
  574.                 echo "<td bgcolor=\"$bgcolor1\" width=10%><a href=\"admin.php?op=modMRevpage&rid=".$row2['rid']."\">E</a> | <a href=\"admin.php?op=delMRevconfirm&rid=".$row2['rid']."\">D</a></td>\n";
  575.             }
  576.  
  577.             echo "</tr>";
  578.         }
  579.         echo "</td></tr></table><br>";
  580.         // Figure out the total number of results in DB:
  581.         $sql = "SELECT COUNT(*) AS Num FROM " . $prefix . "_MReviews WHERE scid='$scid'";
  582.         $result = $db->sql_query($sql);
  583.         $row = $db->sql_fetchrow($result);
  584.         $total_results = $row['Num'];
  585.         // Figure out the total number of pages. Always round up using ceil()
  586.         $total_pages = ceil($total_results / $max_results);
  587.         // Build Page Number Hyperlinks
  588.         echo "<center>Select a Page<br />";
  589.         // Build Previous Link
  590.         if ($page > 1) {
  591.             $prev = ($page - 1);
  592.             echo "« <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;page=$prev") . "\">Previous</a>&nbsp;|&nbsp;";
  593.         }
  594.  
  595.         for($i = 1; $i <= $total_pages; $i++) {
  596.             if (($page) == $i) {
  597.                 echo "$i&nbsp;|&nbsp;";
  598.             } else {
  599.                 echo "<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=$orderby&amp;page=$i") . "\">$i</a>&nbsp;|&nbsp;";
  600.             }
  601.         }
  602.         // Build Next Link
  603.         if ($page < $total_pages) {
  604.             $next = ($page + 1);
  605.             echo "<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid&amp;orderby=$orderby&amp;page=$next") . "\">Next</a> »";
  606.         }
  607.         echo "</center>";
  608.  
  609.         $updatecounter = "UPDATE " . $prefix . "_MReviews_sub_cats SET counter=counter+1 WHERE scid='$scid'";
  610.         $db->sql_query($updatecounter);
  611.  
  612.         CloseTable();
  613.     }
  614.  
  615.     function show($rid, $cid, $page)
  616.     {
  617.         global $module_name, $prefix, $db, $admin, $prefix, $review_image_url;
  618.         OpenTable();
  619.                
  620.                 $rid = intval($rid);
  621.                 $cid = intval($cid);
  622.                 $page = intval($page);
  623.                  
  624.                
  625.         $sql = "SELECT * FROM " . $prefix . "_MReviews WHERE rid='$rid'";
  626.         $result = $db->sql_query($sql);
  627.         $row = $db->sql_fetchrow($result);
  628.         $row['content'] = decode_bbcode($row['content']);
  629.  
  630.         $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='".$row['cid']."'";
  631.         $result2 = $db->sql_query($sql);
  632.         $row2 = $db->sql_fetchrow($result2);
  633.  
  634.         $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='".$row['scid']."'";
  635.         $result3 = $db->sql_query($sql);
  636.         $row3 = $db->sql_fetchrow($result3);
  637.  
  638.         $date = $row["date"];
  639.         $year = substr($date, 0, 4);
  640.         $month = substr($date, 5, 2);
  641.         $day = substr($date, 8, 2);
  642.         $fdate = date("F jS Y", mktime (0, 0, 0, $month, $day, $year));
  643.         $score = $row["score"];
  644.         $content = $row["content"];
  645.         $content = decode_bbcode(nl2br($content));
  646.         $contentpages = explode("&lt;!--pagebreak--&gt;", $content);
  647.         $pageno = count($contentpages);
  648.         if ($page == "" || $page < 1)
  649.             $page = 1;
  650.         if ($page > $pageno)
  651.             $page = $pageno;
  652.         $arrayelement = (int)$page;
  653.         $arrayelement --;
  654.         echo "<font class=title>
  655. <i>".$row['pagename']."</i><br>\n</font>";
  656.  
  657.         echo "<Br>";
  658.         echo "<blockquote><p align=justify>";
  659.         if ($row[cover] != "")
  660.             echo "<img src=\"$review_image_url/".$row['cover']."\" align=\"right\" border=1 vspace=\"2\" alt=\"\">";
  661.         echo $contentpages[$arrayelement];
  662.         echo "</blockquote></p>";
  663.         echo "<br><Br>";
  664.         echo "<hr>";
  665.         echo "<font class=gensmall>";
  666.         if (is_admin($admin))
  667.             echo "<b>Admin:</b> <a href=\"admin.php?op=modMRevpage&rid=$rid\">Edit</a> | <a href=\"admin.php?op=delMRevconfirm&rid=$rid\">Delete</a><br>";
  668.         echo "<b>" . _SORTTITLE . ":</b> $row[pagename]<br>\n
  669. <b>" . _CATEGORY . ":</b> <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;cid=".$row2['cid']."") . "\">".$row2['title']."</a></b><br>\n
  670. <b>" . _SUBCATEGORY . ":</b> <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;cid=".$row2['cid']."&amp;orderby=sub_catA") . "\">".$row3['sub_title']."</a></b><br>\n
  671. <b>" . _AUTHOR . ":</b> <a href=\"mailto:".$row['author_email']."\">".$row['author']."</a><br>\n";
  672.         if ($row['r_link'] != "")
  673.             echo "<b>" . _RELATEDLINK . ":</b> <a href=\"".$row['r_link']."\">".$row['r_link_title']."</a><br>\n";
  674.         echo "<b>" . _ADDED . ":</b> $fdate<br>\n
  675. <b>" . _HITS . ":</b> ".$row['counter']." Times<br>\n
  676. <b>" . _SCORE . ":</b>";
  677.         display_score($score);
  678.         if ($pageno > 1) {
  679.             echo "<br><b>" . _PAGE . ":</b> $page/$pageno<br>";
  680.         }
  681.         echo "<br><b>" . _OPTIONS . ":</b> <a href=\"" . getlink("$module_name&amp;file=friend&amp;op=FriendSend&amp;rid=$rid") . "\"><img src=\"images/friend.gif\" border=\"0\" alt=\"" . _SENDTOFRIEND . "\" title=\"" . _SENDTOFRIEND . "\" width=\"16\" height=\"11\"></a>\n&nbsp;<a href=\"" . getlink("$module_name&amp;file=print&amp;op=PrintPage&amp;rid=$rid") . "\"><img src=\"images/print.gif\" border=\"0\" alt=\"" . _PRINTREVIEW . "\" title=\"" . _PRINTREVIEW . "\" width=\"16\" height=\"11\"></a>";
  682.         echo "<Br>";
  683.         echo "<center>";
  684.         if ($page >= $pageno) {
  685.             $next_page = "";
  686.         } else {
  687.             $next_pagenumber = $page + 1;
  688.             if ($page != 1) {
  689.                 $next_page .= "<img src=\"images/blackpixel.gif\" width=\"10\" height=\"2\" border=\"0\" alt=\"\"> &nbsp;&nbsp; ";
  690.             }
  691.             $next_page .= "<a href=\"" . getlink("$module_name&amp;op=show&amp;rid=$rid&amp;page=$next_pagenumber") . "\">" . _NEXT . " ($next_pagenumber/$pageno)</a> <a href=\"" . getlink("$module_name&amp;op=show&amp;rid=$rid&amp;page=$next_pagenumber") . "\"><img src=\"images/download/right.gif\" border=\"0\" alt=\"" . _NEXT . "\"></a>";
  692.         }
  693.         if ($page <= 1) {
  694.             $previous_page = "";
  695.         } else {
  696.             $previous_pagenumber = $page - 1;
  697.             $previous_page = "<a href=\"" . getlink("$module_name&amp;op=show&amp;rid=$rid&amp;page=$previous_pagenumber") . "\"><img src=\"images/download/left.gif\" border=\"0\" alt=\"" . _PREVIOUS . "\"></a> <a href=\"" . getlink("$module_nameamp;op=show&amp;rid=$rid&amp;page=$previous_pagenumber") . "\">" . _PREVIOUS . " ($previous_pagenumber/$pageno)</a>";
  698.         }
  699.         echo "<center>"
  700.          . "$previous_page &nbsp;&nbsp; $next_page<br><br>";
  701.  
  702.         echo "[ <a href=\"" . getlink("$module_name") . "\">" . _RBACK . "</a> | "
  703.          . "<a href=\"" . getlink("$module_name&amp;op=list_revs&amp;cid=$row[cid]") . "\">" . _BACKTO . " $row2[title] " . _INDEX . "</a> | "
  704.          . "<a href=\"" . getlink("$module_name&amp;op=postcomment&amp;rid=$rid") . "\">" . _REPLYMAIN . "</a> ]";
  705.         echo "<br>";
  706.         CloseTable();
  707.         echo "<Br>";
  708.         mr_comments($rid, $pagename);
  709.  
  710.         $updatecounter = "UPDATE " . $prefix . "_MReviews SET counter=counter+1 WHERE rid='$rid'";
  711.         $db->sql_query($updatecounter);
  712.     }
  713.  
  714.     function write_MReview($cid)
  715.     {
  716.         global $module_name, $prefix, $guests_to_post, $admin, $db, $sitename, $user, $userinfo, $user_prefix, $module_name;
  717.                 $cid = intval($cid);
  718.  
  719.         $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  720.         $guests_result = $db->sql_query($sql);
  721.         $guest_row = $db->sql_fetchrow($guests_result);
  722.         $guests = $guest_row['guests'];
  723.         if ($guests_to_post == 'yes') {
  724.             write_MReview_guests($cid);
  725.         } elseif (($guests == "no") && (!is_user($user))) {
  726.             OpenTable();
  727.             echo "" . _GUESTCANTPOST . "<br><br>" . _GOBACK . "";
  728.             CloseTable();
  729.         } else {
  730.             write_MReview_guests($cid);
  731.         }
  732.     }
  733.     function write_MReview_guests($cid)
  734.     {
  735.         global $module_name, $prefix, $guests_to_post, $admin, $db, $sitename, $user, $userinfo, $user_prefix, $module_name;
  736.                 $cid = intval($cid);
  737.         OpenTable();
  738.  
  739.         $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  740.         $result = $db->sql_query($sql);
  741.         $row = $db->sql_fetchrow($result);
  742.  
  743.         echo "<form action=\"" . getlink("$module_name") . "\" method=POST>";
  744.         echo "<input type=\"hidden\" name=\"op\" value=\"preview_review\">";
  745.         echo "<font class=\"title\">" . _WRITEREVIEWFOR . " $sitename in ";
  746.         echo "<input type=\"hidden\" name=\"cid\" value=\"$cid\"><i>".$row['title']."</i></b> " . _CATEGORY . "</font>";
  747.         echo "<br><i>" . _ENTERINFO . "</i><br><br>";
  748.         echo "<b>" . _REVIEWNAME . ":</b><br> <input type=\"text\" name=\"pagename\"><br><i>" . _NAMEPRODUCT . "</i><br><br>";
  749.  
  750.         echo "<b>" . _SUBCATEGORY . ":</b><br> <select name=\"scid\">";
  751.  
  752.         $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE cid='$cid'";
  753.         $result2 = $db->sql_query($sql);
  754.         while ($row2 = $db->sql_fetchrow($result2)) {
  755.             echo "<option value=\"".$row2['scid']."\">".$row2['sub_title']."</option>";
  756.         }
  757.         echo "</select><br><i>" . _PRODUCTSUBCAT . "<Br><br>";
  758.  
  759.         echo "    <b>" . _YOURNAME . ":</b><br>";
  760.  
  761.         if (is_user($user)) {
  762.             $sql = "SELECT name, user_email FROM " . $user_prefix . "_users WHERE username='".$userinfo['username']."'";
  763.             $result2 = $db->sql_query($sql);
  764.             $row2 = $db->sql_fetchrow($result2);
  765.         }
  766.         echo "<input type=\"text\" name=\"author\" size=\"41\" maxlength=\"40\" value=\"".$row2['name']."\"><br>
  767.     <i>" . _FULLNAMEREQ . "</i><br><br>
  768.     <b>" . _REMAIL . ":</b><br>
  769.     <input type=\"text\" name=\"author_email\" size=\"40\" maxlength=\"80\" value=\"".$row2['user_email']."\"><br>
  770.     <i>" . _REMAILREQ . "</i><br><br>";
  771.  
  772.         echo "<b>" . _REVIEW . ":</b><br> <textarea name=\"MReview_content\" rows=\"15\" cols=\"60\" class=\"post\"></textarea><br><i>" . _CHECKREVIEW . "</i><br><br>";
  773.         echo"<b>" . _SCORE . ":</b>
  774.     <select name=\"score\">
  775.     <option name=\"score\" value=\"10\">10</option>
  776.     <option name=\"score\" value=\"9\">9</option>
  777.     <option name=\"score\" value=\"8\">8</option>
  778.     <option name=\"score\" value=\"7\">7</option>
  779.     <option name=\"score\" value=\"6\">6</option>
  780.     <option name=\"score\" value=\"5\">5</option>
  781.     <option name=\"score\" value=\"4\">4</option>
  782.     <option name=\"score\" value=\"3\">3</option>
  783.     <option name=\"score\" value=\"2\">2</option>
  784.     <option name=\"score\" value=\"1\">1</option>
  785.     </select><br>
  786.     <i>" . _SELECTSCORE . "</i><br><br>";
  787.         if (is_admin($admin)) {
  788.             echo "<b>" . _COVERIMAGE . ":</b><br> <input type=\"text\" name=\"cover\"><br>";
  789.             echo "<i>" . _RIMAGEFILEREQ . "</i><br><br>";
  790.         }
  791.         echo "<b>" . _RLINK . ":</b><br> <input type=\"text\" name=\"r_link\"><br>";
  792.         echo "<i>" . _PRODUCTSITE . "</i><br><br>";
  793.         echo "<b>" . _RLINKTITLE . "</b>:<br> <input type=\"text\" name=\"r_link_title\"><br>";
  794.         echo "<i>" . _LINKTITLEREQ . "</i><br><br>";
  795.         echo "<input type=\"submit\" value=\"" . _PREVIEW . "\">";
  796.         echo "</form>";
  797.         CloseTable();
  798.     }
  799.  
  800.     function send_MReview($cid, $scid, $author, $author_email, $pagename, $MReview_content, $cover, $r_link, $r_link_title, $score)
  801.     {
  802.         global $module_name, $prefix, $admin, $db, $sitename, $EditedMessage, $module_name, $email_notify, $adminmail;
  803.                 $cid = intval($cid);
  804.                 $scid = intval($scid);
  805.                
  806.         if (eregi("<!--pagebreak-->", $MReview_content)) {
  807.             $MReview_content = ereg_replace("<!--pagebreak-->", "&lt;!--pagebreak--&gt;;", $MReview_content);
  808.         }
  809.         $pagename = stripslashes(FixQuotes(check_html($pagename, "nohtml")));
  810.         $MReview_content = stripslashes(Fixquotes(urldecode(check_html($MReview_content, ""))));
  811.         if (eregi("&lt;!--pagebreak--&gt;", $MReview_content)) {
  812.             $MReview_content = ereg_replace("&lt;!--pagebreak--&gt;", "<!--pagebreak-->", $MReview_content);
  813.         }
  814.  
  815.         if (!is_admin($admin)) {
  816.             $MReview_content = encode_bbcode($MReview_content, 1);
  817.             $sql = "INSERT INTO " . $prefix . "_MReviews( date, pagename, content, cover, cid, scid, author, author_email, r_link, r_link_title, score)
  818. VALUES (now(), '$pagename', '$MReview_content', '$cover', '$cid', '$scid', '$author', '$author_email', '$r_link', '$r_link_title', '$score')";
  819.             $result = $db->sql_query($sql);
  820.         } else {
  821.             $sql = "INSERT INTO " . $prefix . "_MReviews_pend( date, pagename, content, cid, scid, author, author_email, r_link, r_link_title, score)
  822.  VALUES (now(), '$pagename', '$MReview_content', '$cid', '$scid', '$author', '$author_email', '$r_link', '$r_link_title', '$score')";
  823.             $result = $db->sql_query($sql);
  824.         }
  825.         if (eregi("&lt;!--pagebreak--&gt;", $MReview_content)) {
  826.             $MReview_content = ereg_replace("&lt;!--pagebreak--&gt;", "<!--pagebreak-->", $MReview_content);
  827.         }
  828.         OpenTable();
  829.         // Code to check if statement executed properly and display message
  830.         if ($result) {
  831.             $sql = "SELECT * FROM " . $prefix . "_MReviews_cats WHERE cid='$cid'";
  832.             $result2 = $db->sql_query($sql);
  833.             $row2 = $db->sql_fetchrow($result2);
  834.  
  835.             $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  836.             $result3 = $db->sql_query($sql);
  837.             $row3 = $db->sql_fetchrow($result3);
  838.  
  839.             if (!is_admin($admin)) {
  840.                 echo("" . _RTHANKSADMIN . "");
  841.             } else {
  842.                 echo("" . _RTHANKS . "");
  843.             }
  844.             if ($email_notify == "on") {
  845.                 $sitemail = "$adminmail";
  846.                 $Subject = "New Review Submitted";
  847.                 $mailheader = "From: $author <$author_email>\r\n";
  848.                 $mailheader .= "Reply-To: $author_email\r\n";
  849.                 $mailbody .= "$author has submitted a review\r\n======================================================\r\nReview Name: $pagename\r\nCategory: $row2[title]\r\nGenera: $row2[sub_title]\r\n\r\n $MReview_content";
  850.                 mail($sitemail, $subject, $mailbody, $mailheader);
  851.             }
  852.         } else {
  853.             echo "An error has occured<Br>";
  854.             echo mysql_error();
  855.         }
  856.         CloseTable();
  857.     }
  858.  
  859.     function mr_comments($rid, $pagename)
  860.     {
  861.         global $module_name, $prefix, $admin, $db, $module_name;
  862.                 $rid = intval($rid);
  863.         $result = $db->sql_query("SELECT com_id, userid, date, comments, score FROM " . $prefix . "_MReviews_comments WHERE rid='$rid' ORDER BY date DESC");
  864.         while (list($com_id, $uname, $date, $comments, $score) = $db->sql_fetchrow($result)) {
  865.             OpenTable();
  866.             $pagename = urldecode($pagename);
  867.             echo "
  868.         <b>$pagename</b><br>";
  869.             if ($uname == "Anonymous" OR $uname == "Stranger") {
  870.                 echo "Posted by: $uname on $date<br>";
  871.             } else {
  872.                 echo "Posted by: <a href=\"" . getlink("Your_Account&amp;op=userinfo&amp;username=$uname") . "\">$uname</a> on $date<br>";
  873.             }
  874.             echo "My Score: ";
  875.             display_score($score);
  876.             if (is_admin($admin)) {
  877.                 echo "<br><b>Admin:</b> [ <a href=\"" . getlink("$module_name&amp;op=del_comment&amp;com_id=$com_id&amp;rid=$rid") . "\">Delete</a> ]</font><hr noshade size=1>";
  878.             } else {
  879.                 echo "</font><hr>";
  880.             }
  881.             $comments = FixQuotes(nl2br(filter_text($comments)));
  882.             echo "
  883.         $comments
  884.         ";
  885.             CloseTable();
  886.             echo "<br>";
  887.         }
  888.     }
  889.  
  890.     function reviews($letter, $field, $order, $scid)
  891.     {
  892.         global $module_name, $bgcolor4, $textcolor1, $bgcolor3, $bgcolor2, $bgcolor1, $sitename, $prefix, $multilingual, $currentlang, $db, $module_name;
  893.         OpenTable();
  894.                 $scid = intval($scid);
  895.                 $letter = $letter[0];
  896.                 $order = ($order[0] == "D") ? "DESC" : "ASC";
  897.                
  898.         $sql = "SELECT * FROM " . $prefix . "_MReviews_sub_cats WHERE scid='$scid'";
  899.         $result = $db->sql_query($sql);
  900.         $row = $db->sql_fetchrow($result);
  901.  
  902.         echo "<center><b>$sitename <i>".$row['sub_title']."</i> " . _REVIEWS . " </b><br>";
  903.         echo "<i>" . _REVIEWSLETTER . " \"$letter\"</i><br><br>";
  904.  
  905.         $result = $db->sql_query("SELECT scid, rid, pagename, counter, date, author, author_email, score FROM " . $prefix . "_MReviews WHERE scid='$scid' && UPPER(pagename) LIKE '$letter%' ORDER by pagename $order");
  906.         $numresults = $db->sql_numrows($result);
  907.         if ($numresults == 0) {
  908.             echo "<i><b>" . _NOREVIEWS . " \"$letter\"</b></i><br><br>";
  909.         } elseif ($numresults > 0) {
  910.             echo "<table bgcolor=\"$textcolor1\" name=TopReviews width=\"100%\" cellpadding=2 cellspacing=1>";
  911.             echo "<tr>
  912. <td bgcolor=\"$bgcolor2\" align=center valign=top width=35%><b>" . _REVIEWSNAME . "</b></td>
  913. <td bgcolor=\"$bgcolor2\" align=center valign=top width=20%><b>" . _AUTHOR . "</b></td>
  914. <td bgcolor=\"$bgcolor2\" align=center valign=top width=23%><b>" . _DATE . "</b></td>
  915. <td bgcolor=\"$bgcolor2\" align=center valign=top width=8%><b>" . _SCORE . "</b></td>
  916. <td bgcolor=\"$bgcolor2\" align=center valign=top width=5%><b>" . _HITS . "</b></td>";
  917.             echo "</tr>";
  918.             while ($myrow = $db->sql_fetchrow($result)) {
  919.                 $pagename = $myrow["pagename"];
  920.                 $rid = $myrow["rid"];
  921.                 $scid = $myrow["scid"];
  922.                 $author = $myrow["author"];
  923.                 $author_email = $myrow["author_email"];
  924.                 $score = $myrow["score"];
  925.                 $counter = $myrow["counter"];
  926.  
  927.                 $date = $myrow["date"];
  928.                 $year = substr($date, 0, 4);
  929.                 $month = substr($date, 5, 2);
  930.                 $day = substr($date, 8, 2);
  931.                 $fdate = date("F jS Y", mktime (0, 0, 0, $month, $day, $year));
  932.  
  933.                 echo "<tr>\n
  934. <td width=35% bgcolor=\"$bgcolor1\">$arrow<a href=\"" . getlink("$module_name&amp;op=show&amp;rid=$rid") . "\">$pagename</A></td>\n
  935. <td width=20% bgcolor=\"$bgcolor1\"><a href=\"mailto:$author_email\">$author</A></td>\n
  936. <td width=17% bgcolor=\"$bgcolor1\">$fdate</td>\n
  937. <td width=8% bgcolor=\"$bgcolor1\">";
  938.                 display_score($score);
  939.                 echo "</td>\n
  940. <td bgcolor=\"$bgcolor1\" width=5%>$counter</td>";
  941.                 echo "</tr>";
  942.             }
  943.             echo "</TABLE>";
  944.             echo "<br>$numresults " . _TOTALREVIEWS . "<br><br>";
  945.         }
  946.         echo "[ <a href=\"" . getlink("$module_name") . "\">" . _RETURN2MAIN . "</a> | <a href=\"" . getlink("$module_name&amp;op=list_revs&amp;scid=$scid") . "\">" . _BACKTO . " $row[sub_title] index</a> ]";
  947.         CloseTable();
  948.     }
  949.  
  950.     function postcomment($rid, $pagename)
  951.     {
  952.         global $module_name, $prefix, $user, $userinfo, $AllowableHTML, $anonymous, $module_name, $db;
  953.         cookiedecode($user);
  954.         $sql = "SELECT pagename FROM " . $prefix . "_MReviews WHERE rid='$rid'";
  955.         $result = $db->sql_query($sql);
  956.         $row = $db->sql_fetchrow($result);
  957.         $row[pagename] = urldecode($row[pagename]);
  958.         OpenTable();
  959.         echo "<center><font class=option><b>" . _REVIEWCOMMENT . " $row[pagename]</b><br><br></font></center>"
  960.          . "<form action=" . getlink("$module_name") . " method=post>";
  961.         if (!is_user($user)) {
  962.             echo "<b>" . _YOURNICK . ":</b> $anonymous [ " . _RCREATEACCOUNT . " ]<br><br>";
  963.             $uname = $anonymous;
  964.         } else {
  965.             echo "<b>" . _YOURNICK . ":</b> ".$userinfo['username']."<br>
  966.         <input type=checkbox name=xanonpost> " . _POSTANON . "<br><br>";
  967.             $uname = $userinfo['username'];
  968.         }
  969.         echo "
  970.     <input type=hidden name=uname value=$uname>
  971.     <input type=hidden name=rid value=$rid>
  972.     <b>" . _SCORE . "</b>
  973.     <select name=score>
  974.     <option name=score value=10>10</option>
  975.     <option name=score value=9>9</option>
  976.     <option name=score value=8>8</option>
  977.     <option name=score value=7>7</option>
  978.     <option name=score value=6>6</option>
  979.     <option name=score value=5>5</option>
  980.     <option name=score value=4>4</option>
  981.     <option name=score value=3>3</option>
  982.     <option name=score value=2>2</option>
  983.     <option name=score value=1>1</option>
  984.     </select><br><br>
  985.     <b>" . _YOURCOMMENT . ":</b><br>
  986.     <textarea name=comments rows=10 cols=70></textarea><br>
  987.     " . _ALLOWEDHTML . ":<br>";
  988.         while (list($key,) = each($AllowableHTML)) echo " &lt;" . $key . "&gt;";
  989.         echo "<br><br>
  990.     <input type=hidden name=op value=savecomment>
  991.     <input type=submit value=Submit>
  992.     </form>
  993.     ";
  994.         CloseTable();
  995.     }
  996.  
  997.     function savecomment($xanonpost, $uname, $rid, $score, $comments)
  998.     {
  999.         global $module_name, $prefix, $anonymous, $user, $userinfo, $db, $module_name;
  1000.                 $rid = intval($rid);
  1001.         if ($xanonpost) {
  1002.             $uname = $anonymous;
  1003.         }
  1004.         $comments = stripslashes(FixQuotes(check_html($comments)));
  1005.         $db->sql_query("INSERT into " . $prefix . "_MReviews_comments values (NULL, '$rid', '$uname', now(), '$comments', '$score')");
  1006.         Header("Location: " . getlink("$module_name&amp;op=show&amp;rid=$rid"));
  1007.     }
  1008.  
  1009.     function del_comment($com_id, $rid)
  1010.     {
  1011.         global $module_name, $prefix, $admin, $db, $module_name;
  1012.                 $com_id = intval($com_id);
  1013.         if (is_admin($admin)) {
  1014.             $db->sql_query("DELETE FROM " . $prefix . "_MReviews_comments WHERE com_id='$com_id'");
  1015.             Header("Location: " . getlink("$module_name&amp;op=show&amp;rid=$rid"));
  1016.         } else {
  1017.             echo "ACCESS DENIED";
  1018.         }
  1019.     }
  1020.  
  1021.     switch ($op) {
  1022.         case "A":
  1023.             reviews(A, $field, $order, $scid);
  1024.             break;
  1025.  
  1026.         case "B":
  1027.             reviews(B, $field, $order, $scid);
  1028.             break;
  1029.  
  1030.         case "C":
  1031.             reviews(C, $field, $order, $scid);
  1032.             break;
  1033.  
  1034.         case "D":
  1035.             reviews(D, $field, $order, $scid);
  1036.             break;
  1037.  
  1038.         case "E":
  1039.             reviews(E, $field, $order, $scid);
  1040.             break;
  1041.  
  1042.         case "F":
  1043.             reviews(F, $field, $order, $scid);
  1044.             break;
  1045.  
  1046.         case "G":
  1047.             reviews(G, $field, $order, $scid);
  1048.             break;
  1049.  
  1050.         case "H":
  1051.             reviews(H, $field, $order, $scid);
  1052.             break;
  1053.  
  1054.         case "I":
  1055.             reviews(I, $field, $order, $scid);
  1056.             break;
  1057.  
  1058.         case "J":
  1059.             reviews(J, $field, $order, $scid);
  1060.             break;
  1061.  
  1062.         case "K":
  1063.             reviews(K, $field, $order, $scid);
  1064.             break;
  1065.  
  1066.         case "L":
  1067.             reviews(L, $field, $order, $scid);
  1068.             break;
  1069.  
  1070.         case "M":
  1071.             reviews(M, $field, $order, $scid);
  1072.             break;
  1073.  
  1074.         case "N":
  1075.             reviews(N, $field, $order, $scid);
  1076.             break;
  1077.  
  1078.         case "O":
  1079.             reviews(O, $field, $order, $scid);
  1080.             break;
  1081.  
  1082.         case "P":
  1083.             reviews(P, $field, $order, $scid);
  1084.             break;
  1085.  
  1086.         case "Q":
  1087.             reviews(Q, $field, $order, $scid);
  1088.             break;
  1089.  
  1090.         case "R":
  1091.             reviews(R, $field, $order, $scid);
  1092.             break;
  1093.  
  1094.         case "S":
  1095.             reviews(S, $field, $order, $scid);
  1096.             break;
  1097.  
  1098.         case "T":
  1099.             reviews(T, $field, $order, $scid);
  1100.             break;
  1101.  
  1102.         case "U":
  1103.             reviews(U, $field, $order, $scid);
  1104.             break;
  1105.  
  1106.         case "V":
  1107.             reviews(V, $field, $order, $scid);
  1108.             break;
  1109.  
  1110.         case "W":
  1111.             reviews(W, $field, $order, $scid);
  1112.             break;
  1113.  
  1114.         case "X":
  1115.             reviews(X, $field, $order, $scid);
  1116.             break;
  1117.  
  1118.         case "Y":
  1119.             reviews(Y, $field, $order, $scid);
  1120.             break;
  1121.  
  1122.         case "Z":
  1123.             reviews(Z, $field, $order, $scid);
  1124.             break;
  1125.  
  1126.         case "1":
  1127.             reviews(1, $field, $order, $scid);
  1128.             break;
  1129.  
  1130.         case "2":
  1131.             reviews(2, $field, $order, $scid);
  1132.             break;
  1133.  
  1134.         case "3":
  1135.             reviews(3, $field, $order, $scid);
  1136.             break;
  1137.  
  1138.         case "4":
  1139.             reviews(4, $field, $order, $scid);
  1140.             break;
  1141.  
  1142.         case "5":
  1143.             reviews(5, $field, $order, $scid);
  1144.             break;
  1145.  
  1146.         case "6":
  1147.             reviews(6, $field, $order, $scid);
  1148.             break;
  1149.  
  1150.         case "7":
  1151.             reviews(7, $field, $order, $scid);
  1152.             break;
  1153.  
  1154.         case "8":
  1155.             reviews(8, $field, $order, $scid);
  1156.             break;
  1157.  
  1158.         case "9":
  1159.             reviews(9, $field, $order, $scid);
  1160.             break;
  1161.  
  1162.         case "show":
  1163.             show($rid, $cid, $page, $scid, $author, $author_email, $cover, $pagename, $content, $counter, $r_link, $r_link_title, $score);
  1164.             break;
  1165.  
  1166.         case "show_cats":
  1167.             show_cats();
  1168.             break;
  1169.  
  1170.         case "list_revs":
  1171.             list_revs($scid, $orderby, $page);
  1172.             break;
  1173.  
  1174.         case "list_sub_cats":
  1175.             list_sub_cats($cid);
  1176.             break;
  1177.  
  1178.         case "write_MReview":
  1179.             write_MReview($cid);
  1180.             break;
  1181.  
  1182.         case "preview_review":
  1183.             preview_review($date, $pagename, $MReview_content, $author, $author_email, $score, $cover, $r_link, $r_link_title, $counter, $rid, $cid, $scid);
  1184.             break;
  1185.  
  1186.         case "send_MReview":
  1187.             send_MReview($cid, $scid, $author, $author_email, $pagename, $MReview_content, $cover, $r_link, $r_link_title, $score);
  1188.             break;
  1189.  
  1190.         case "postcomment":
  1191.             postcomment($rid, $pagename);
  1192.             break;
  1193.  
  1194.         case "savecomment":
  1195.             savecomment($xanonpost, $uname, $rid, $score, $comments);
  1196.             break;
  1197.  
  1198.         case "del_comment":
  1199.             del_comment($com_id, $rid);
  1200.             break;
  1201.  
  1202.         default:
  1203.             show_cats();
  1204.             break;
  1205.     }
  1206.  
  1207.     include ("footer.php");
  1208.  
  1209. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top