rate.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: rate.php,v $
// | $Date: 2004/02/10 01:34:25 $
// | $Revision: 1.25 $
// +-------------------------------------------------------------+
// | File Details:
// | - FAQ article comments/ratings handler.
// +-------------------------------------------------------------+

error_reporting(E_ALL & ~E_NOTICE);
require_once('./global.php');
//Nullify WTN-WDYL Team

// globalise variables
$global = array	(
			array('article', 'number', '0')
);
rg($global);

$template_cache = templatecache('FAQ_comment,HF_header_small');

eval(makeeval('header', 'HF_header_small'));

if ($settings[faq_restrict] AND !$session[userid]) {
	error('error_q_a_restrict');
}

// category permissions
$db->query("SELECT catid FROM faq_permissions WHERE groupid = '$session[usergroup]'");
while ($result = $db->row_array()) {
	$groups[] = $result[catid];
}

$article = $db->query_return("SELECT * FROM faq_articles WHERE id = '$article' AND category IN " . array2sql($groups));
if (!$db->num_rows()) {
	error('error_q_a_restrict');
}

############################### ADD COMMENT (1) ###############################
	
if ($_REQUEST['do'] == "addcomment") {

	$showcomment = 1;
}

############################### ADD COMMENT (1) ###############################
	
if ($_REQUEST['do'] == "addcomment2") {

	$email = iff(validate_email($_REQUEST['email']), $_REQUEST['email']);

	if (trim($_REQUEST[comment]) != '') {
		$db->query("
			INSERT INTO faq_comments SET
			useremail = '" . mysql_escape_string($email) ."',
			articleid = '$article[id]',
			comments = '" . mysql_escape_string(htmlspecialchars_uni($_REQUEST[comment])) . "',
			userid = '$session[userid]',
			new = 1
		");
	}

	if ($email) {

		// create $user array for consistancy in email
		$user_details['email'] = $email;
		$user_details = update_user_details($user_details);;
		eval(makeemaileval('message', 'BODY_comment_sent', $subject));
		dp_mail($user_details['email'], $subject, $message);
	}

	$message = 'comment_thanks';
}

############################### ADD RATING ###############################

if ($_REQUEST['do'] == "rate") {

	// minus one hour
	$time = mktime() - (60 * 60);	

	// if logged in check userid / session
	if ($user[id]) {
		$result = $db->query_return("
			SELECT faqid
			FROM faq_rating
			WHERE faqid = '$article[id]'
			AND (session = '$session[id]' OR userid = '$user[id]')
		");

		// if already there we need to update the rating
		if ($db->num_rows()) {

			$db->query("
				UPDATE faq_rating SET
				rating = '" . intval($_REQUEST[rating]) . "',
				timestamp = '" . mktime() . "',
				ipaddress = '" . addslashes($ipaddress) . "',
				session = '$session[id]'
				WHERE faqid = '$article[id]' 
				AND userid = '" . intval($session[userid]) . "
			'");
			$updated = 1;
		} else {
			$add_new = 1;
		}

	// not logged in check session or IP address
	} else {
		$result = $db->query_return("
			SELECT faqid AS total
			FROM faq_rating
			WHERE faqid = '$article[id]' AND
			ipaddress = '" . addslashes($ipaddress) . "' OR session = '$session[id]'
		");

		if (!$db->num_rows()) {
			$add_new = 1;
		}
	}

	// no results so complete
	if ($add_new) {

		$db->query("
			INSERT INTO faq_rating SET
			faqid = '$article[id]',
			ipaddress = '" . addslashes($ipaddress) . "',
			timestamp = '" . mktime() . "',
			rating = '" . intval($_REQUEST[rating]) . "',
			userid = '" . intval($session[userid]) . "'
		");
	} else {
		$guest_repeat = 1;
	}

	// updating rating (either for a new rating or an updated one
	$result = $db->query_return("
		SELECT AVG(rating) AS rating, COUNT(rating) AS votes 
		FROM faq_rating 
		WHERE faqid = '$article[id]'
		GROUP BY faqid
	");
		
	$db->query("
		UPDATE faq_articles SET
		votes = '" . addslashes($result[votes]) . "',
		rating = '" . intval($result[rating]) . "'
		WHERE id = '$article[id]'
	");

	if ($updated) {
		$message = 'rating_already';
		$showcommment = 1;
	} elseif ($guest_repeat) {
		$message = 'rating_failed';
		$showcomment = 1;
	} else {
		$message = 'rating_added';
		$showcomment = 1;
	}

}

############################### DISPLAY FORM ###############################

// no article error
if (!$article) {
	$message = 'no_article';
	unset($showcomment);
}

eval(makeeval('echo', 'FAQ_comment'));

?>