Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_modules / reviews [ view in CVS ]
Date | Directory [filter] | File(s) [view] | Author [filter] |
07 Aug 2002 08:09:38 | postnuke_modules/reviews | index.html,NONE,1.1 pnadmin.php,NONE,1.1 pnadminapi.php,NONE,1.1 pninit.php,NONE,1.1 pntables.php,NONE,1.1 pnuser.php,NONE,1.1 pnuserapi.php,NONE,1.1 pnversion.php,NONE,1.1 | Vlodomyr Metenchuk |
module converted to new API |
Update of /home/cvsroot/postnuke_modules/reviews In directory ns7.hostnuke.net:/tmp/cvs-serv27813 Added Files: index.html pnadmin.php pnadminapi.php pninit.php pntables.php pnuser.php pnuserapi.php pnversion.php Log Message: module converted to new API --- NEW FILE: index.html --- --- NEW FILE: pnadmin.php --- <?php // $Id: pnadmin.php,v 1.1 2002/08/07 08:09:35 voll Exp $ // ---------------------------------------------------------------------- // POST-NUKE Content Management System // Copyright (C) 2002 by the PostNuke Development Team. // http://www.postnuke.com/ // ---------------------------------------------------------------------- // Based on: // PHP-NUKE Web Portal System - http://phpnuke.org/ // Thatware - http://thatware.org/ // ---------------------------------------------------------------------- // LICENSE // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License (GPL) // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WIthOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // To read the license please visit http://www.gnu.org/copyleft/gpl.html // ---------------------------------------------------------------------- // Original Author of file: Jim McDonald // Purpose of file: Reviews administration display functions // ---------------------------------------------------------------------- /** * the main administration function * This function is the default function, and is called whenever the * module is initiated without defining arguments. As such it can * be used for a number of things, but most commonly it either just * shows the module menu and returns or calls whatever the module * designer feels should be the default function (often this is the * view() function) */ function reviews_admin_main() { $output = new pnHTML(); if (!pnSecAuthAction(0, 'reviews::', '::', ACCESS_EDIT)) { $output->Text(_REVIEWSNOAUTH); return $output->GetOutput(); } $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(reviews_adminmenu()); $output->SetInputMode(_PNH_PARSEINPUT); return $output->GetOutput(); } /** * Main administration menu */ function reviews_adminmenu() { // Create output object - this object will store all of our output so that // we can return it easily when required $output = new pnHTML(); // Display status message if any. Note that in future this functionality // will probably be in the theme rather than in this menu, but this is the // best place to keep it for now $output->Text(pnGetStatusMsg()); $output->Linebreak(2); // Start options menu $output->TableStart(_REVADMIN); // $output->SetOutputMode(_PNH_RETURNOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!pnModAPILoad('reviews', 'user')) { pnSessionSetVar('errormsg', _LOADFAILED); return $output->GetOutput(); } $result = pnModAPIFunc('reviews', 'user', 'gettitles'); $title = $result['title']; $description = $result['description']; $alanguage = $result['alanguage']; $letters = $result['letters']; // Configuration if (pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADMIN)) { $output->Text("<center>"); $output->FormStart(pnModURL('reviews', 'admin', 'updatetitles')); $output->FormHidden('authid', pnSecGenAuthKey()); $output->Text(_REVTITLE."<br>"); $output->FormText('title', $title, 50, 100); $output->Text("<br><br>"._REVDESC."<br>"); $output->FormTextArea('description', $description, 15, 60, 'virtual'); $output->Text("<br><br>"._LANGUAGE."<br>"); $currentlang = $alanguage; $output->Text("<select name=\"alanguage\" class=\"pn-text\">"); $lang = languagelist(); // $output->Text("<option value=\"\">"._ALL.'</option>'); $handle = opendir('language'); while ($f = readdir($handle)) { if (is_dir("language/$f") && @$lang[$f]) { $langlist[$f] = $lang[$f]; } } asort($langlist); foreach ($langlist as $k=>$v) { $output->Text('<option value="'.$k.'"'); if ( $currentlang == $k) { $output->Text(' selected'); } $output->Text('>'. pnVarPrepForDisplay($v) . '</option> '); } $output->Text("</select>"); $output->Text("<br><br>"._REVLETTERS."<br>"); $output->FormTextArea('letters', $letters, 15, 60, 'virtual'); $output->Linebreak(2); $output->FormSubmit(_SAVECHANGES); $output->FormEnd(); $output->Text("</center>"); } $output->TableEnd(); // Waiting reviews if (pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADD)) { $output->TableStart(_REVWAITING); $items = pnModAPIFunc('reviews', 'user', 'getallwaiting'); if ($items == false) { $output->Text("<br><br><i>"._NOREVIEW2ADD."</i><br><br>"); } else { foreach ($items as $item) { $id = $item['id']; $date = $item['date']; $title = $item['title']; $text = $item['text']; $reviewer = $item['reviewer']; $email = $item['email']; $score = $item['score']; $url = $item['url']; $url_title = $item['url_title']; $rlanguage = $item['rlanguage']; $output->FormStart(pnModURL('reviews', 'admin', 'create')); $output->Text("<hr noshade size=\"1\"><br><table border=\"0\" cellpadding=\"1\" cellspacing=\"2\">" ."<tr><td><b>"._REVIEWID.":</td><td><b>".pnVarPrepForDisplay($id)."</b></td></tr>" ."<input type=\"hidden\" name=\"id\" value=\"$id\">" ."<tr><td>"._DATE.":</td><td><input type=\"text\" name=\"date\" value=\"".pnVarPrepForDisplay($date)."\" size=\"11\" maxlength=\"10\"></td></tr>" ."<tr><td>"._PRODUCTTITLE.":</td><td><input type=\"text\" name=\"title\" value=\"".pnVarPrepForDisplay($title)."\" size=\"25\" maxlength=\"40\"></td></tr>" ."<tr><td>"._LANGUAGE.":</td><td>"); $currentlang = pnUserGetLang(); $output->Text("<select name=\"alanguage\" class=\"pn-text\">"); $lang = languagelist(); $output->Text("<option value=\"\">"._ALL.'</option>'); $handle = opendir('language'); while ($f = readdir($handle)) { if (is_dir("language/$f") && @$lang[$f]) { $langlist[$f] = $lang[$f]; } } asort($langlist); foreach ($langlist as $k=>$v) { $output->Text('<option value="'.$k.'"'); if ( $currentlang == $k) { $output->Text(' selected'); } $output->Text('>'. pnVarPrepForDisplay($v) . '</option> '); } $output->Text("</select>"); $output->Text("</td></tr><tr><td>"._TEXT.":</td><td><TEXTAREA name=\"text\" rows=\"6\" wrap=\"virtual\" cols=\"40\">".pnVarPrepHTMLDisplay($text)."</textarea></td></tr>" ."<tr><td>"._REVIEWER."</td><td><input type=\"text\" name=\"reviewer\" value=\"".pnVarPrepForDisplay($reviewer)."\" size=\"41\" maxlength=\"40\"></td></tr>" ."<tr><td>"._EMAIL.":</td><td><input type=\"text\" name=\"email\" value=\"".pnVarPrepForDisplay($email)."\" size=\"41\" maxlength=\"80\"></td></tr>" ."<tr><td>"._SCORE."</td><td><input type=\"text\" name=\"score\" value=\"".pnVarPrepForDisplay($score)."\" size=\"3\" maxlength=\"2\"></td></tr><tr><td>"); if ($url != "") { $output->Text("<tr><td>"._RELATEDLINK.":</td><td><input type=\"text\" name=\"url\" value=\"".pnVarPrepForDisplay($url)."\" size=\"25\" maxlength=\"100\"></td></tr>" ."<tr><td>"._LINKTITLE.":</td><td><input type=\"text\" name=\"url_title\" value=\"".pnVarPrepForDisplay($url_title)."\" size=\"25\" maxlength=\"50\"></td></tr>"); } $output->Text("<tr><td>"._IMAGE.":</td><td><input type=\"text\" name=\"cover\" size=\"25\" maxlength=\"100\"><br><i>" ._REVIMGINFO."</i></td></tr></table>"); $output->FormHidden('authid', pnSecGenAuthKey()); $output->FormSubmit(_ADDREVIEW); $output->Text(" - [ "); $output->URL(pnModURL('reviews', 'admin', 'deletewaiting', array('id' => $id)), _DELETE); $output->Text(" ]"); $output->FormEnd(); } } $output->URL(pnModURL('reviews','user','main'),_CLICK2ADDREVIEW); $output->Text("</center>"); $output->TableEnd(); } // Modify if (pnSecAuthAction(0, 'reviews::', '::', ACCESS_EDIT)) { $output->TableStart(_DELMODREVIEW); $output->Text("<center><br><br>"._MODREVINFO."</center>"); $output->TableEnd(); } if (pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADMIN)) { $output->TableStart(_EDITREVIEWSCONFIG); $output->URL(pnModURL('reviews','admin','modifyconfig'), _EDITREVIEWSCONFIG); $output->TableEnd(); } // $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_PARSEINPUT); $output->TableEnd(); // Return the output that has been generated by this function return $output->GetOutput(); } /** * This is a standard function that is called with the results of the * form supplied by reviews_admin_new() to create a new item * @param 'name' the name of the item to be created * @param 'number' the number of the item to be created */ function reviews_admin_create($args) { // Get parameters from whatever input we need. list($id, $date, $title, $alanguage, $text, $reviewer, $email, $score, $url,$url_title, $cover) = pnVarCleanFromInput( 'id','date','title','alanguage','text','reviewer','email','score', 'url','url_title','cover'); extract($args); // Confirm authorisation code. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('reviews', 'admin', 'main')); return true; } // Load API. if (!pnModAPILoad('reviews', 'admin')) { pnSessionSetVar('errormsg', _LOADFAILED); return $output->GetOutput(); } // The API function is called. Note that the name of the API function and // the name of this function are identical, this helps a lot when // programming more complex modules. The arguments to the function are // passed in as their own arguments array $rid = pnModAPIFunc('reviews', 'admin', 'create', array('id' => $id, 'date' => $date, 'title' => $title, 'rlanguage' => $alanguage, 'text' => $text, 'reviewer' => $reviewer, 'email' => $email, 'score' => $score, 'url' => $url, 'url_title' => $url_title, 'cover' => $cover)); if ($rid != false) { // Success pnSessionSetVar('statusmsg', _REVIEWCREATED); } pnRedirect(pnModURL('reviews', 'admin', 'main')); // Return return true; } /** * delete item * @param 'id' the id of the item to be deleted * @param 'confirmation' confirmation that this item can be deleted */ function reviews_admin_deletewaiting($args) { // Get parameters from whatever input we need. All arguments to this // function should be obtained from pnVarCleanFromInput(), getting them // from other places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke list($id, $objectid, $confirmation) = pnVarCleanFromInput('id', 'objectid', 'confirmation'); extract($args); if (!empty($objectid)) { $id = $objectid; } /* // Load API. if (!pnModAPILoad('reviews', 'user')) { $output->Text(_LOADFAILED); return $output->GetOutput(); } // The user API function is called. $item = pnModAPIFunc('reviews', 'user', 'get', array('id' => $id)); if ($item == false) { $output->Text(_REVIEWSNOSUCHITEM); return $output->GetOutput(); } */ // Security check if (!pnSecAuthAction(0, 'reviews::Item', "$item[name]::$id", ACCESS_DELETE)) { $output->Text(_REVIEWSNOAUTH); return $output->GetOutput(); } // Check for confirmation. if (empty($confirmation)) { // No confirmation yet - display a suitable form to obtain confirmation // of this action from the user // Create output object - this object will store all of our output so // that we can return it easily when required $output = new pnHTML(); // Add menu to output - it helps if all of the module pages have a // standard menu at their head to aid in navigation /* $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(reviews_adminmenu()); $output->SetInputMode(_PNH_PARSEINPUT); */ // Title - putting a title ad the head of each page reminds the user // what they are doing $output->Title(_DELETEREVIEW); // Add confirmation to output. Note that this uses a pnHTML helper // function to produce the requested confirmation in a standard // fashion. This not only cuts down on code within the module but // allows it to be altered in future without the module developer // having to worry about it $output->ConfirmAction(_CONFIRMREVIEWDELETE, pnModURL('reviews', 'admin', 'deletewaiting'), _CANCELREVIEWSDELETE, pnModURL('reviews', 'admin', 'main'), array('id' => $id)); // Return the output that has been generated by this function return $output->GetOutput(); } // If we get here it means that the user has confirmed the action // Confirm authorisation code. This checks that the form had a valid // authorisation code attached to it. If it did not then the function will // proceed no further as it is possible that this is an attempt at sending // in false data to the system if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('reviews', 'admin', 'main')); return true; } // Load API. if (!pnModAPILoad('reviews', 'admin')) { $output->Text(_LOADFAILED); return $output->GetOutput(); } // The API function is called. if (pnModAPIFunc('reviews', 'admin', 'deletewaiting', array('id' => $id))) { // Success pnSessionSetVar('statusmsg', _REVIEWDELETED); } // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work pnRedirect(pnModURL('reviews', 'admin', 'main')); // Return return true; } /** * This is a standard function to modify the configuration parameters of the * module */ function reviews_admin_modifyconfig() { $output = new pnHTML(); if (!pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADMIN)) { $output->Text(_REVIEWSNOAUTH); return $output->GetOutput(); } // Title - putting a title ad the head of each page $output->Title(_REVIEWSMODIFYCONFIG); // Start form $output->FormStart(pnModURL('reviews', 'admin', 'updateconfig')); // Add an authorisation ID $output->FormHidden('authid', pnSecGenAuthKey()); $output->TableStart(); // Number of items to display per page $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(pnVarPrepForDisplay(_REVIEWSITEMSPERPAGE)); $row[] = $output->FormText('itemsperpage', pnModGetVar('reviews', 'itemsperpage'), 3, 3); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddrow($row, 'left'); $output->SetInputMode(_PNH_PARSEINPUT); $output->Linebreak(2); $output->TableEnd(); // End form $output->Linebreak(2); $output->FormSubmit(_REVIEWSUPDATE); $output->FormEnd(); // Return the output that has been generated by this function return $output->GetOutput(); } /** * This is a standard function that is called with the results of the * form supplied by reviews_admin_new() to create a new item * @param 'name' the name of the item to be created * @param 'number' the number of the item to be created */ function reviews_admin_updatetitles($args) { // Get parameters from whatever input we need. list($title, $description, $alanguage, $letters) = pnVarCleanFromInput( 'title','description','alanguage', 'letters'); extract($args); // Confirm authorisation code. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('reviews', 'admin', 'main')); return true; } // Load API. if (!pnModAPILoad('reviews', 'admin')) { pnSessionSetVar('errormsg', _LOADFAILED); return $output->GetOutput(); } // The API function is called. Note that the name of the API function and // the name of this function are identical, this helps a lot when // programming more complex modules. The arguments to the function are // passed in as their own arguments array $rid = pnModAPIFunc('reviews', 'admin', 'updatetitles', array('title' => $title, 'description' => $description, 'alanguage' => $alanguage, 'letters' => $letters)); if ($rid != false) { // Success pnSessionSetVar('statusmsg', _REVIEWCONFUPDATED); } pnRedirect(pnModURL('reviews', 'admin', 'main')); return true; } /** * This is a standard function to update the configuration parameters of the * module given the information passed back by the modification form */ function reviews_admin_updateconfig() { $title = pnVarCleanFromInput('title'); // Confirm authorisation code. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('reviews', 'admin', 'view')); return true; } // Update module variables. if (!isset($itemsperpage)) { $itemsperpage = 10; } pnModSetVar('reviews', 'itemsperpage', $itemsperpage); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work pnRedirect(pnModURL('reviews', 'admin', 'view')); // Return return true; } ?> --- NEW FILE: pnadminapi.php --- <?php // $Id: pnadminapi.php,v 1.1 2002/08/07 08:09:35 voll Exp $ // ---------------------------------------------------------------------- // POST-NUKE Content Management System // Copyright (C) 2002 by the PostNuke Development Team. // http://www.postnuke.com/ // ---------------------------------------------------------------------- // Based on: // PHP-NUKE Web Portal System - http://phpnuke.org/ // Thatware - http://thatware.org/ // ---------------------------------------------------------------------- // LICENSE // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License (GPL) // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WIthOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // To read the license please visit http://www.gnu.org/copyleft/gpl.html // ---------------------------------------------------------------------- // Original Author of file: Volodymyr Metenchuk // Purpose of file: Reviews administration API // ---------------------------------------------------------------------- function reviews_adminapi_create($args) { extract($args); if ((!isset($id)) || (!isset($date)) || (!isset($title)) || (!isset($text)) || (!isset($reviewer)) || (!isset($email)) || (!isset($score)) || (!isset($cover)) || (!isset($url)) || (!isset($url_title)) || (!isset($rlanguage))) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } if (!pnModAPILoad('reviews', 'user')) { pnSessionSetVar('errormsg', _LOADFAILED); return false; } if (!pnSecAuthAction(0, 'reviews::', "::", ACCESS_ADD)) { pnSessionSetVar('errormsg', _REVIEWSADDNOAUTH); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_column']; $nextid = $dbconn->GenId($pntable['reviews']); $query = "INSERT INTO $pntable[reviews] ($column[id], $column[date], $column[title], $column[text], $column[reviewer], $column[email], $column[score], $column[cover], $column[url], $column[url_title], $column[hits], $column[language]) VALUES ($nextid, '". pnVarPrepForStore($date)."', '".pnVarPrepForStore($title). "', '".pnVarPrepForStore($text)."', '". pnVarPrepForStore($reviewer)."', '".pnVarPrepForStore($email). "', '".pnVarPrepForStore($score)."', '".pnVarPrepForStore($cover). "', '".pnVarPrepForStore($url)."', '". pnVarPrepForStore($url_title)."', '1', '$rlanguage')"; $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', "ERROR inserting review: " . $dbconn->ErrorMsg() ); return false; } else { $result = $dbconn->Execute("DELETE FROM $pntable[reviews_add] WHERE {$pntable['reviews_add_column']['id']} = ". pnVarPrepForStore($id).""); if($dbconn->ErrorNo()<>0) { pnSessionSetVar('errormsg', "ERROR deleting queued review: " . $dbconn->ErrorMsg() ); return false; } } return true; } function reviews_adminapi_updatetitles($args) { extract($args); if ((!isset($title)) || (!isset($description)) || (!isset($alanguage)) || (!isset($letters))) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } if (!pnModAPILoad('reviews', 'user')) { pnSessionSetVar('errormsg', _LOADFAILED); return false; } if (!pnSecAuthAction(0, 'reviews::', "::", ACCESS_EDIT)) { pnSessionSetVar('errormsg', _REVIEWSEDITNOAUTH); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_main_column']; $currentlang = pnUserGetLang(); if (pnConfigGetVar('multilingual') == 1) { $querylang = " WHERE $column[language] ='$alanguage'"; } else { $querylang = ""; } $resultrm = $dbconn->Execute("SELECT $column[title], $column[description], $column[language], $column[letters] FROM $pntable[reviews_main] $querylang"); if ($resultrm->EOF) { $sql = "INSERT INTO $pntable[reviews_main] VALUES('" .pnVarPrepForStore($title)."','".pnVarPrepForStore($description)."','" .pnVarPrepForStore($alanguage)."','".pnVarPrepForStore($letters)."')"; } else { $sql = "UPDATE $pntable[reviews_main] SET $column[title]='".pnVarPrepForStore($title)."', $column[description]='".pnVarPrepForStore($description)."', $column[language]='".pnVarPrepForStore($alanguage)."', $column[letters]='".pnVarPrepForStore($letters)."' $querylang"; } $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', "ERROR updating configuration: " . $dbconn->ErrorMsg() ); return false; } return true; } function reviews_adminapi_deletewaiting($args) { extract($args); if (!isset($id)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } if (!pnSecAuthAction(0, 'reviews::', "::", ACCESS_DELETE)) { pnSessionSetVar('errormsg', _REVIEWSDELNOAUTH); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $result = $dbconn->Execute("DELETE FROM $pntable[reviews_add] WHERE {$pntable['reviews_add_column']['id']} = ".pnVarPrepForStore($id).""); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', "ERROR deleting queued review: " . $dbconn->ErrorMsg() ); return false; } return true; } ?> --- NEW FILE: pninit.php --- <?php // $Id: pninit.php,v 1.1 2002/08/07 08:09:35 voll Exp $ // ---------------------------------------------------------------------- // POST-NUKE Content Management System // Copyright (C) 2002 by the PostNuke Development Team. // http://www.postnuke.com/ // ---------------------------------------------------------------------- // Based on: // PHP-NUKE Web Portal System - http://phpnuke.org/ // Thatware - http://thatware.org/ // ---------------------------------------------------------------------- // LICENSE // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License (GPL) // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WIthOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // To read the license please visit http://www.gnu.org/copyleft/gpl.html // ---------------------------------------------------------------------- // Original Author of file: Volodymyr Metenchuk // Purpose of file: Initialisation functions for reviews // ---------------------------------------------------------------------- /** * initialise the reviews module * This function is only ever called once during the lifetime of a particular * module instance */ function reviews_init() { // Get database setup - note that both pnDBGetConn() and pnDBGetTables() // return arrays but we handle them differently. For pnDBGetConn() // we currently just want the first item, which is the official // database handle. For pnDBGetTables() we want to keep the entire // tables array together for easy reference later on list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // It's good practice to name the table and column definitions you // are getting - $table and $column don't cut it in more complex modules // Create the table - the formatting here is not mandatory, but it does // make the SQL statement relatively easy to read. Also, separating out // the SQL statement from the Execute() command allows for simpler // debug operation if it is ever needed $reviewstable = $pntable['reviews']; $reviewscolumn = &$pntable['reviews_column']; $sql = "CREATE TABLE $reviewstable ( pn_id int(11) NOT NULL auto_increment, pn_date datetime NOT NULL default '0000-00-00 00:00:00', pn_title varchar(150) NOT NULL default '', pn_text text NOT NULL, pn_reviewer varchar(20) default NULL, pn_email varchar(60) default NULL, pn_score int(11) NOT NULL default '0', pn_cover varchar(100) NOT NULL default '', pn_url varchar(100) NOT NULL default '', pn_url_title varchar(50) NOT NULL default '', pn_hits int(11) NOT NULL default '0', pn_language varchar(30) NOT NULL default '', PRIMARY KEY (pn_id))"; $dbconn->Execute($sql); $reviewstable_add = $pntable['reviews_add']; $reviewscolumn_add = &$pntable['reviews_column_add']; $sql = "CREATE TABLE $reviewstable_add ( pn_id int(11) NOT NULL auto_increment, pn_date datetime default NULL, pn_title varchar(150) NOT NULL default '', pn_text text NOT NULL, pn_reviewer varchar(20) NOT NULL default '', pn_email varchar(60) default NULL, pn_score int(11) NOT NULL default '0', pn_url varchar(100) NOT NULL default '', pn_url_title varchar(50) NOT NULL default '', pn_language varchar(30) NOT NULL default '', PRIMARY KEY (pn_id))"; $dbconn->Execute($sql); $reviewstable_comments = $pntable['reviews_comments']; $reviewscolumn_comments = &$pntable['reviews_column_comments']; $sql = "CREATE TABLE $reviewstable_comments ( pn_cid int(11) NOT NULL auto_increment, pn_rid int(11) NOT NULL default '0', pn_userid varchar(25) NOT NULL default '', pn_date datetime default NULL, pn_comments text, pn_score int(11) NOT NULL default '0', PRIMARY KEY (pn_cid))"; $dbconn->Execute($sql); $reviewstable_main = $pntable['reviews_main']; $reviewscolumn_main = &$pntable['reviews_column_main']; $sql = "CREATE TABLE $reviewstable_main ( pn_title varchar(100) default NULL, pn_description text, pn_language varchar(30) NOT NULL default '', pn_letters text)"; $dbconn->Execute($sql); $alphabet = "A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z|1|2|3|4|5|6|7|8|9|0"; $sql = "INSERT INTO $reviewstable_main VALUES('Reviews Section Title', 'Reviews Section Long Description','eng','$alphabet')"; $dbconn->Execute($sql); // Check for an error with the database code, and if so set an // appropriate error message and return if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _CREATETABLEFAILED); return false; } // Set up an initial value for a module variable. Note that all module // variables should be initialised with some value in this way rather // than just left blank, this helps the user-side code and means that // there doesn't need to be a check to see if the variable is set in // the rest of the code as it always will be pnModSetVar('reviews', 'itemsperpage', 10); // Initialisation successful return true; } /** * upgrade the reviews module from an old version * This function can be called multiple times */ function reviews_upgrade($oldversion) { // Upgrade dependent on old version number switch($oldversion) { case 1.0: // Code to upgrade from version 1.0 goes here pnModSetVar('reviews', 'itemsperpage', 10); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $reviewstable_main = $pntable['reviews_main']; $reviewscolumn_main = &$pntable['reviews_column_main']; $sql = "ALTER TABLE $reviewstable_main ADD pn_language varchar(30) NOT NULL default '' AFTER pn_description"; $dbconn->Execute($sql); $sql = "ALTER TABLE $reviewstable_main ADD pn_letters text AFTER pn_language"; $dbconn->Execute($sql); $alphabet = "A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z|1|2|3|4|5|6|7|8|9|0"; $sql = "UPDATE $reviewstable_main SET pn_language='eng', pn_letters='$alphabet'"; $dbconn->Execute($sql); break; case 1.1: // Code to upgrade from version 2.0 goes here break; } // Update successful return true; } /** * delete the reviews module * This function is only ever called once during the lifetime of a particular * module instance */ function reviews_delete() { // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables() // return arrays but we handle them differently. For pnDBGetConn() // we currently just want the first item, which is the official // database handle. For pnDBGetTables() we want to keep the entire // tables array together for easy reference later on list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // Drop the table - for such a simple command the advantages of separating // out the SQL statement from the Execute() command are minimal, but as // this has been done elsewhere it makes sense to stick to a single method $sql = "DROP TABLE $pntable[reviews]"; $dbconn->Execute($sql); $sql = "DROP TABLE $pntable[reviews_add]"; $dbconn->Execute($sql); $sql = "DROP TABLE $pntable[reviews_comments]"; $dbconn->Execute($sql); $sql = "DROP TABLE $pntable[reviews_main]"; $dbconn->Execute($sql); // Check for an error with the database code, and if so set an // appropriate error message and return if ($dbconn->ErrorNo() != 0) { // Report failed deletion attempt return false; } // Delete any module variables pnModDelVar('reviews', 'itemsperpage'); // Deletion successful return true; } ?> --- NEW FILE: pntables.php --- <?php // $Id: pntables.php,v 1.1 2002/08/07 08:09:35 voll Exp $ // ---------------------------------------------------------------------- // POST-NUKE Content Management System // Copyright (C) 2002 by the PostNuke Development Team. // http://www.postnuke.com/ // ---------------------------------------------------------------------- // Based on: // PHP-NUKE Web Portal System - http://phpnuke.org/ // Thatware - http://thatware.org/ // ---------------------------------------------------------------------- // LICENSE // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License (GPL) // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WIthOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // To read the license please visit http://www.gnu.org/copyleft/gpl.html // ---------------------------------------------------------------------- // Original Author of file: Volodymyr Metenchuk // Purpose of file: Table information for reviews module // ---------------------------------------------------------------------- /** * This function is called internally by the core whenever the module is * loaded. It adds in the information */ function reviews_pntables() { // Initialise table array $pntable = array(); // Get the name for the template item table. This is not necessary // but helps in the following statements and keeps them readable // Set the table name // Set the column names. Note that the array has been formatted // on-screen to be very easy to read by a user. $reviews = pnConfigGetVar('prefix') . '_reviews'; $pntable['reviews'] = $reviews; $pntable['reviews_column'] = array ( 'id' => $reviews . '.pn_id', 'date' => $reviews . '.pn_date', 'title' => $reviews . '.pn_title', 'text' => $reviews . '.pn_text', 'reviewer' => $reviews . '.pn_reviewer', 'email' => $reviews . '.pn_email', 'score' => $reviews . '.pn_score', 'cover' => $reviews . '.pn_cover', 'url' => $reviews . '.pn_url', 'url_title' => $reviews . '.pn_url_title', 'hits' => $reviews . '.pn_hits', 'rlanguage' => $reviews . '.pn_language', 'language' => $reviews . '.pn_language'); $reviews_add = pnConfigGetVar('prefix') . '_reviews_add'; $pntable['reviews_add'] = $reviews_add; $pntable['reviews_add_column'] = array ( 'id' => $reviews_add . '.pn_id', 'date' => $reviews_add . '.pn_date', 'title' => $reviews_add . '.pn_title', 'text' => $reviews_add . '.pn_text', 'reviewer' => $reviews_add . '.pn_reviewer', 'email' => $reviews_add . '.pn_email', 'score' => $reviews_add . '.pn_score', 'url' => $reviews_add . '.pn_url', 'url_title' => $reviews_add . '.pn_url_title', 'rlanguage' => $reviews_add . '.pn_language', 'language' => $reviews_add . '.pn_language'); $reviews_comments = pnConfigGetVar('prefix') . '_reviews_comments'; $pntable['reviews_comments'] = $reviews_comments; $pntable['reviews_comments_column'] = array ( 'cid' => $reviews_comments . '.pn_cid', 'rid' => $reviews_comments . '.pn_rid', 'userid' => $reviews_comments . '.pn_userid', 'date' => $reviews_comments . '.pn_date', 'comments' => $reviews_comments . '.pn_comments', 'score' => $reviews_comments . '.pn_score'); $reviews_main = pnConfigGetVar('prefix') . '_reviews_main'; $pntable['reviews_main'] = $reviews_main; $pntable['reviews_main_column'] = array ( 'title' => $reviews_main . '.pn_title', 'description' => $reviews_main . '.pn_description', 'language' => $reviews_main . '.pn_language', 'letters' => $reviews_main . '.pn_letters'); // Return the table information return $pntable; } ?> --- NEW FILE: pnuser.php --- <?php // $Id: pnuser.php,v 1.1 2002/08/07 08:09:35 voll Exp $ // ---------------------------------------------------------------------- // POST-NUKE Content Management System // Copyright (C) 2002 by the PostNuke Development Team. // http://www.postnuke.com/ // ---------------------------------------------------------------------- // Based on: // PHP-NUKE Web Portal System - http://phpnuke.org/ // Thatware - http://thatware.org/ // ---------------------------------------------------------------------- // LICENSE // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License (GPL) // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, [...1124 lines suppressed...] function reviews_user_deletecomment() { list($cid,$id) = pnVarCleanFromInput('cid','id'); $output = new pnHTML(); if(!pnModAPILoad('reviews', 'user')) { $output->Text(_APILOADFAILED); return $output->GetOutput(); } $result = pnModAPIFunc('reviews', 'user', 'deletecomment', array('cid' => $cid, 'id' => $id)); if($result == false) { $output->Text(_REVIEWSCOMMENTDELETEFAILED); return $output->GetOutput(); } pnRedirect(pnModURL('reviews', 'user', 'main')); } ?> --- NEW FILE: pnuserapi.php --- <?php // $Id: pnuserapi.php,v 1.1 2002/08/07 08:09:35 voll Exp $ // ---------------------------------------------------------------------- // POST-NUKE Content Management System // Copyright (C) 2002 by the PostNuke Development Team. // http://www.postnuke.com/ // ---------------------------------------------------------------------- // Based on: // PHP-NUKE Web Portal System - http://phpnuke.org/ // Thatware - http://thatware.org/ // ---------------------------------------------------------------------- // LICENSE // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License (GPL) // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WIthOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // To read the license please visit http://www.gnu.org/copyleft/gpl.html // ---------------------------------------------------------------------- // Original Author of file: Jim McDonald // Purpose of file: Template user API // ---------------------------------------------------------------------- /** * get all example items * @returns array * @return array of items, or false on failure */ function reviews_userapi_getall($args) { extract($args); if (!isset($startnum)) { $startnum = 1; } if (!isset($numitems)) { $numitems = -1; } if ((!isset($startnum)) || (!isset($numitems))) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } $items = array(); if (!pnSecAuthAction(0, 'reviews::', '::', ACCESS_READ)) { return $items; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_column']; $sql = "SELECT $column[id],$column[date],$column[title],$column[text],$column[reviewer], $column[email],$column[score],$column[cover],$column[url],$column[url_title],$column[hits], $column[rlanguage] FROM $pntable[reviews] ORDER BY $column[title]"; $result = $dbconn->SelectLimit($sql, $numitems, $startnum-1); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _GETFAILED); return false; } for (; !$result->EOF; $result->MoveNext()) { list($id, $date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $rlanguage) = $result->fields; if (pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ)) { $items[] = array('id' => $id, 'date' => $date, 'title' => $title, 'text' => $text, 'reviewer' => $reviewer, 'email' => $email, 'score' => $score, 'cover' => $cover, 'url' => $url, 'url_title' => $url_title, 'hits' => $hits, 'rlanguage' => $rlanguage); } } $result->Close(); return $items; } /** * get all example items * @returns array * @return array of items, or false on failure */ function reviews_userapi_getallwaiting($args) { extract($args); $items = array(); if (!pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADMIN)) { return $items; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_add_column']; $sql = "SELECT $column[id], $column[date], $column[title], $column[text], $column[reviewer], $column[email], $column[score], $column[url], $column[url_title], $column[language] FROM $pntable[reviews_add] ORDER BY $column[id]"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _GETFAILED); return false; } for (; !$result->EOF; $result->MoveNext()) { list($id, $date, $title, $text, $reviewer, $email, $score, $url, $url_title, $rlanguage) = $result->fields; if (pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_ADMIN)) { $items[] = array('id' => $id, 'date' => $date, 'title' => $title, 'text' => $text, 'reviewer' => $reviewer, 'email' => $email, 'score' => $score, 'url' => $url, 'url_title' => $url_title, 'rlanguage' => $rlanguage); } } $result->Close(); return $items; } /** * get a specific item * @param $args['id'] id of example item to get * @returns array * @return item array, or false on failure */ function reviews_userapi_get($args) { extract($args); if (!isset($id)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_column']; $sql = "SELECT $column[date],$column[title], $column[text],$column[reviewer],$column[email], $column[score],$column[cover],$column[url],$column[url_title],$column[hits],$column[rlanguage] FROM $pntable[reviews] WHERE $column[id] = " . pnVarPrepForStore($id); $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return false; } if ($result->EOF) { return false; } list($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $rlanguage) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ)) { return false; } $item = array('id' => $id, 'date' => $date, 'title' => $title, 'text' => $text, 'reviewer' => $reviewer, 'email' => $email, 'score' => $score, 'cover' => $cover, 'url' => $url, 'url_title' => $url_title, 'hits' => $hits, 'rlanguage' => $rlanguage); return $item; } /** * utility function to count the number of items held by this module * @returns integer * @return number of items held by this module */ function reviews_userapi_countitems() { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_column']; $sql = "SELECT COUNT(1) FROM $pntable[reviews]"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return false; } list($numitems) = $result->fields; $result->Close(); return $numitems; } /** * get all items for selected letter * @returns array * @return array of items, or false on failure */ function reviews_userapi_view($args) { extract($args); if (!isset($letter)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $reviewstable = $pntable['reviews']; $column = &$pntable['reviews_column']; $currentlang = pnUserGetLang(); if (pnConfigGetVar('multilingual') == 1) { $querylang = "AND ($column[language] ='$currentlang' OR $column[language] = '')"; } else { $querylang = ""; } if ($letter == _ALL) { $query = "SELECT $column[id], $column[title], $column[hits], $column[reviewer], $column[score] FROM $reviewstable WHERE $column[id] != '' $querylang "; } else { $query = "SELECT $column[id], $column[title], $column[hits], $column[reviewer], $column[score] FROM $reviewstable WHERE UPPER($column[title]) LIKE '$letter%' $querylang "; } switch($field) { case "reviewer": $query .= " ORDER by pn_reviewer $order"; break; case "score": $query .= " ORDER by pn_score $order"; break; case "hits": $query .= " ORDER by pn_hits $order"; break; default: $query .= " ORDER by pn_title $order"; break; } $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { error_log("Error: " . $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg()); PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database"); return false; } if ($result->EOF) { return false; } for (; !$result->EOF; $result->MoveNext()) { list($id, $title, $hits, $reviewer, $score) = $result->fields; if (pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ)) { $items[] = array('id' => $id, 'title' => $title, 'hits' => $hits, 'reviewer' => $reviewer, 'score' => $score); } } $result->Close(); return $items; } /** * get all items for selected letter * @returns array * @return array of items, or false on failure */ function reviews_userapi_viewmenu($args) { extract($args); if (!isset($order)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $reviewstable = $pntable['reviews']; $column = &$pntable['reviews_column']; $currentlang = pnUserGetLang(); if (pnConfigGetVar('multilingual') == 1) { $querylang = "($column[language]='$currentlang' OR $column[language]='')"; } else { $querylang = ""; } $query = "SELECT $column[id], $column[title], $column[hits], $column[date] FROM $reviewstable WHERE $querylang "; switch($order) { case "hits": $query .= "ORDER BY $column[hits] DESC LIMIT 10"; break; case "date": $query .= "ORDER BY $column[date] DESC LIMIT 10"; break; } $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { error_log("Error: " . $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg()); PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database"); return false; } if ($result->EOF) { return false; } for (; !$result->EOF; $result->MoveNext()) { list($id, $title, $hits, $date) = $result->fields; if (pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ)) { $items[] = array('id' => $id, 'title' => $title, 'hits' => $hits, 'date' => $date); } } $result->Close(); return $items; } function reviews_userapi_add($args) { extract($args); if ((!isset($date)) || (!isset($title)) || (!isset($text)) || (!isset($reviewer)) || (!isset($email)) || (!isset($score)) || (!isset($cover)) || (!isset($url)) || (!isset($url_title)) || (!isset($hits)) || (!isset($id)) || (!isset($rlanguage))) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if ($id == 0) { // New review if (!(pnSecAuthAction(0, 'reviews::', "$title::", ACCESS_COMMENT))) { pnSessionSetVar('errormsg', _REVIEWSSUBMITNOAUTH); return false; } if (pnSecAuthAction(0, 'reviews::', "$title::", ACCESS_ADD)) { // Add immediately $column = &$pntable['reviews_column']; $newid = $dbconn->GenId($pntable['reviews']); $query = "INSERT INTO $pntable[reviews] ($column[id], $column[date], $column[title], $column[text], $column[reviewer], $column[email], $column[score], $column[cover], $column[url], $column[url_title], $column[hits], $column[language]) VALUES ($newid, '".pnVarPrepForStore($date)."', '".pnVarPrepForStore($title)."', '".pnVarPrepForStore($text)."', '".pnVarPrepForStore($reviewer)."', '".pnVarPrepForStore($email)."', '".pnVarPrepForStore($score)."', '".pnVarPrepForStore($cover)."', '".pnVarPrepForStore($url)."', '".pnVarPrepForStore($url_title)."', '1', '".pnVarPrepForStore($rlanguage)."' )"; $result = $dbconn->Execute($query); if($dbconn->ErrorNo()<>0) { error_log("ERROR 1 : " . $dbconn->ErrorMsg()); } } else { // Add to waiting list $column = &$pntable['reviews_add_column']; $nextid = $dbconn->GenId($pntable['reviews_add']); $result = $dbconn->Execute("INSERT INTO $pntable[reviews_add] ($column[id], $column[date], $column[title], $column[text], $column[reviewer], $column[email], $column[score], $column[url], $column[url_title], $column[language]) VALUES ($nextid, '".pnVarPrepForStore($date)."', '".pnVarPrepForStore($title)."', '".pnVarPrepForStore($text)."', '".pnVarPrepForStore($reviewer)."', '".pnVarPrepForStore($email)."', '".pnVarPrepForStore($score)."', '".pnVarPrepForStore($url)."', '".pnVarPrepForStore($url_title)."', '".pnVarPrepForStore($rlanguage)."' )"); if($dbconn->ErrorNo()<>0) { error_log("ERROR 1 : " . $dbconn->ErrorMsg()); } } } else { // Updated review if (!(pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_EDIT))) { pnSessionSetVar('errormsg', _REVIEWSEDITNOAUTH); return false; } $column = &$pntable['reviews_column']; $result = $dbconn->Execute("UPDATE $pntable[reviews] SET $column[date]='".pnVarPrepForStore($date) ."', $column[title]='".pnVarPrepForStore($title)."', $column[text]='".pnVarPrepForStore($text) ."', $column[reviewer]='".pnVarPrepForStore($reviewer)."', $column[email]='".pnVarPrepForStore($email) ."', $column[score]='".pnVarPrepForStore($score)."', $column[cover]='".pnVarPrepForStore($cover) ."', $column[url]='".pnVarPrepForStore($url)."', $column[url_title]='".pnVarPrepForStore($url_title) ."', $column[hits]='".pnVarPrepForStore($hits)."', $column[language]='".pnVarPrepForStore($rlanguage) ."' WHERE $column[id] = ".pnVarPrepForStore($id).""); if($dbconn->ErrorNo()<>0) { error_log("ERROR 2 : " . $dbconn->ErrorMsg()); } } return true; } function reviews_userapi_delete($args) { extract($args); if (!isset($id_del)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_column']; $result = $dbconn->Execute("SELECT $column[title] FROM $pntable[reviews] WHERE $column[id]=".pnVarPrepForStore($id_del).""); list($title) = $result->fields; $result->Close(); if (!(pnSecAuthAction(0, 'reviews::', "::$id_del", ACCESS_DELETE))) { pnSessionSetVar('errormsg', _REVIEWSDELNOAUTH); return false; } $dbconn->Execute("DELETE FROM $pntable[reviews] WHERE {$pntable['reviews_column']['id']}=".pnVarPrepForStore($id_del).""); $dbconn->Execute("DELETE FROM $pntable[reviews_comments] WHERE {$pntable['reviews_comments_column']['rid']}='".pnVarPrepForStore($id_del)."'"); return true; } function reviews_userapi_updatehits($args) { extract($args); if (!isset($id)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_column']; $result = $dbconn->Execute("SELECT $column[title] FROM $pntable[reviews] WHERE $column[id]=".pnVarPrepForStore($id).""); list($title) = $result->fields; $result->Close(); if (!(pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ))) { pnSessionSetVar('errormsg', _REVIEWSNOAUTH); return false; } $dbconn->Execute("UPDATE $pntable[reviews] SET $column[hits]=$column[hits]+1 WHERE $column[id]=".pnVarPrepForStore($id).""); if($dbconn->ErrorNo()<>0) { error_log("ERROR 5 : " . $dbconn->ErrorMsg()); return false; } return true; } function reviews_userapi_viewcomments($args) { extract($args); if (!isset($id)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $commcolumn = &$pntable['reviews_comments_column']; $result = $dbconn->Execute("SELECT $commcolumn[cid], $commcolumn[userid], $commcolumn[date], $commcolumn[comments], $commcolumn[score] FROM $pntable[reviews_comments] WHERE $commcolumn[rid]='".pnVarPrepForStore($id)."' ORDER BY $commcolumn[date] DESC"); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _GETFAILED); return false; } for (; !$result->EOF; $result->MoveNext()) { list($cid, $uname, $date, $comments, $score) = $result->fields; if (pnSecAuthAction(0, 'reviews::', "", ACCESS_READ)) { $items[] = array('cid' => $cid, 'uname' => $uname, 'date' => $date, 'comments' => $comments, 'score' => $score); } } $result->Close(); return $items; } function reviews_userapi_savecomment($args) { extract($args); if ((!isset($uname)) || (!isset($id)) || (!isset($score)) || (!isset($comments))) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!(pnSecAuthAction(0, 'reviews::', "::$id", ACCESS_COMMENT))) { pnSessionSetVar('errormsg', _REVIEWSCOMMENTNOAUTH); return false; } $column = &$pntable['reviews_comments_column']; $newid = $dbconn->GenId($pntable['reviews_comments_column']); $query = "INSERT INTO $pntable[reviews_comments] " . "($column[cid], $column[rid], $column[userid], $column[date], $column[comments], $column[score]) " . "VALUES ($newid, '".pnVarPrepForStore($id)."', '".pnVarPrepForStore($uname)."', now(), '" . pnVarPrepForStore($comments)."', '".pnVarPrepForStore($score)."' )"; $result = $dbconn->Execute($query); if($dbconn->ErrorNo()<>0) { error_log("ERROR 4 : " . $dbconn->ErrorMsg()); } return true; } function reviews_userapi_deletecomment($args) { extract($args); if ((!isset($cid)) || (!isset($id))) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_column']; $result = $dbconn->Execute("SELECT $column[title] FROM $pntable[reviews] WHERE $column[id]=".pnVarPrepForStore($id).""); list($title) = $result->fields; if (!(pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_DELETE))) { pnSessionSetVar('errormsg', _REVIEWSDELNOAUTH); return false; } $dbconn->Execute("DELETE FROM $pntable[reviews_comments] WHERE {$pntable['reviews_comments_column']['cid']}='".pnVarPrepForStore($cid)."'"); return true; } function reviews_userapi_gettitles() { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = &$pntable['reviews_main_column']; $currentlang = pnUserGetLang(); if (pnConfigGetVar('multilingual') == 1) { $querylang = " WHERE ($column[language] ='$currentlang' OR $column[language] = '')"; } else { $querylang = ""; } $resultrm = $dbconn->Execute("SELECT $column[title], $column[description], $column[language], $column[letters] FROM $pntable[reviews_main] $querylang"); list($title, $description, $alanguage, $letters) = $resultrm->fields; $item['title'] = $title; $item['description'] = $description; $item['alanguage'] = $alanguage; $item['letters'] = $letters; return $item; } ?> --- NEW FILE: pnversion.php --- <?php // $Id: pnversion.php,v 1.1 2002/08/07 08:09:35 voll Exp $ $Name: $ $modversion['name'] = 'Reviews'; $modversion['id'] = '31'; $modversion['version'] = '1.1'; $modversion['description'] = 'Reviews Module'; $modversion['credits'] = 'docs/credits.txt'; $modversion['help'] = 'docs/install.txt'; $modversion['changelog'] = 'docs/changelog.txt'; $modversion['license'] = 'docs/license.txt'; $modversion['official'] = 1; $modversion['author'] = 'Volodymyr Metenchuk'; $modversion['contact'] = 'http://postnuke.solidno.ru'; $modversion['admin'] = 0; $modversion['securityschema'] = array('reviews::' => 'review name::review ID');; ?>
View Statistics - Next Notice - Previous Notice
Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |