Xaraya / Postnuke CVS Notices - Message

Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites

View Statistics - Next Notice - Previous Notice

Directory filter : [ all ] / postnuke_modules / reviews [ view in CVS ]

Date Directory [filter] File(s) [view] Author [filter]
07 Aug 2002 08:09:38postnuke_modules/reviewsindex.html,NONE,1.1 pnadmin.php,NONE,1.1 pnadminapi.php,NONE,1.1 pninit.php,NONE,1.1 pntables.php,NONE,1.1 pnuser.php,NONE,1.1 pnuserapi.php,NONE,1.1 pnversion.php,NONE,1.1Vlodomyr Metenchuk
 module converted to new API

Update of /home/cvsroot/postnuke_modules/reviews
In directory ns7.hostnuke.net:/tmp/cvs-serv27813

Added Files:
	index.html pnadmin.php pnadminapi.php pninit.php pntables.php 
	pnuser.php pnuserapi.php pnversion.php 
Log Message:
module converted to new API


--- NEW FILE: index.html ---

--- NEW FILE: pnadmin.php ---
<?php
// $Id: pnadmin.php,v 1.1 2002/08/07 08:09:35 voll Exp $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2002 by the PostNuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WIthOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Jim McDonald
// Purpose of file:  Reviews administration display functions
// ----------------------------------------------------------------------

/**
 * the main administration function
 * This function is the default function, and is called whenever the
 * module is initiated without defining arguments.  As such it can
 * be used for a number of things, but most commonly it either just
 * shows the module menu and returns or calls whatever the module
 * designer feels should be the default function (often this is the
 * view() function)
 */
function reviews_admin_main()
{
    $output = new pnHTML();

    if (!pnSecAuthAction(0, 'reviews::', '::', ACCESS_EDIT)) {
        $output->Text(_REVIEWSNOAUTH);
        return $output->GetOutput();
    }

    $output->SetInputMode(_PNH_VERBATIMINPUT);
    $output->Text(reviews_adminmenu());
    $output->SetInputMode(_PNH_PARSEINPUT);

    return $output->GetOutput();
}

/**
 * Main administration menu
 */
function reviews_adminmenu()
{
    // Create output object - this object will store all of our output so that
    // we can return it easily when required
    $output = new pnHTML();

    // Display status message if any.  Note that in future this functionality
    // will probably be in the theme rather than in this menu, but this is the
    // best place to keep it for now
    $output->Text(pnGetStatusMsg());
    $output->Linebreak(2);

    // Start options menu
    $output->TableStart(_REVADMIN);
    // $output->SetOutputMode(_PNH_RETURNOUTPUT);
    $output->SetInputMode(_PNH_VERBATIMINPUT);

    if (!pnModAPILoad('reviews', 'user')) {
        pnSessionSetVar('errormsg', _LOADFAILED);
        return $output->GetOutput();
    }

    $result = pnModAPIFunc('reviews', 'user', 'gettitles');
    $title = $result['title'];
    $description = $result['description'];
    $alanguage = $result['alanguage'];
    $letters = $result['letters'];
                        
    // Configuration
    if (pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADMIN)) {
        $output->Text("<center>");
        $output->FormStart(pnModURL('reviews', 'admin', 'updatetitles'));
        $output->FormHidden('authid', pnSecGenAuthKey());

        $output->Text(_REVTITLE."<br>");
        $output->FormText('title', $title, 50, 100);

        $output->Text("<br><br>"._REVDESC."<br>");
        $output->FormTextArea('description', $description, 15, 60, 'virtual');

        $output->Text("<br><br>"._LANGUAGE."<br>");
        $currentlang = $alanguage;
        $output->Text("<select name=\"alanguage\" class=\"pn-text\">");
        $lang = languagelist();
        // $output->Text("<option value=\"\">"._ALL.'</option>');
        $handle = opendir('language');
        while ($f = readdir($handle))
        {
            if (is_dir("language/$f") && @$lang[$f])
            {
                $langlist[$f] = $lang[$f];
            }
        }
        asort($langlist);
        foreach ($langlist as $k=>$v)
        {
            $output->Text('<option value="'.$k.'"');
            if ( $currentlang == $k)
            {
                $output->Text(' selected');
            }
            $output->Text('>'. pnVarPrepForDisplay($v) . '</option> ');
        }
        $output->Text("</select>");

        $output->Text("<br><br>"._REVLETTERS."<br>");
        $output->FormTextArea('letters', $letters, 15, 60, 'virtual');

        $output->Linebreak(2);
        $output->FormSubmit(_SAVECHANGES);
        $output->FormEnd();
        $output->Text("</center>");
    }
    $output->TableEnd();

    // Waiting reviews
    if (pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADD)) {
        $output->TableStart(_REVWAITING);

        $items = pnModAPIFunc('reviews', 'user', 'getallwaiting');
        
        if ($items == false) {
            $output->Text("<br><br><i>"._NOREVIEW2ADD."</i><br><br>");
        } else {
            foreach ($items as $item) {
                $id = $item['id'];
                $date = $item['date'];
                $title = $item['title'];
                $text = $item['text'];
                $reviewer = $item['reviewer'];
                $email = $item['email'];
                $score = $item['score'];
                $url = $item['url'];
                $url_title = $item['url_title'];
                $rlanguage = $item['rlanguage'];
       
                $output->FormStart(pnModURL('reviews', 'admin', 'create'));
                $output->Text("<hr noshade size=\"1\"><br><table border=\"0\" cellpadding=\"1\" cellspacing=\"2\">"
                ."<tr><td><b>"._REVIEWID.":</td><td><b>".pnVarPrepForDisplay($id)."</b></td></tr>"
                ."<input type=\"hidden\" name=\"id\" value=\"$id\">"
                ."<tr><td>"._DATE.":</td><td><input type=\"text\" name=\"date\" value=\"".pnVarPrepForDisplay($date)."\" size=\"11\" maxlength=\"10\"></td></tr>"
                ."<tr><td>"._PRODUCTTITLE.":</td><td><input type=\"text\" name=\"title\" value=\"".pnVarPrepForDisplay($title)."\" size=\"25\" maxlength=\"40\"></td></tr>"
                ."<tr><td>"._LANGUAGE.":</td><td>");

                $currentlang = pnUserGetLang();
                $output->Text("<select name=\"alanguage\" class=\"pn-text\">");
                $lang = languagelist();
                $output->Text("<option value=\"\">"._ALL.'</option>');
                $handle = opendir('language');
                while ($f = readdir($handle))
                {
                    if (is_dir("language/$f") && @$lang[$f])
                    {
                        $langlist[$f] = $lang[$f];
                    }
                }
                asort($langlist);
                foreach ($langlist as $k=>$v)
                {
                    $output->Text('<option value="'.$k.'"');
                    if ( $currentlang == $k)
                    {
                        $output->Text(' selected');
                    }
                    $output->Text('>'. pnVarPrepForDisplay($v) . '</option> ');
                }
                $output->Text("</select>");
      
                $output->Text("</td></tr><tr><td>"._TEXT.":</td><td><TEXTAREA name=\"text\" rows=\"6\" wrap=\"virtual\" cols=\"40\">".pnVarPrepHTMLDisplay($text)."</textarea></td></tr>"
                    ."<tr><td>"._REVIEWER."</td><td><input type=\"text\" name=\"reviewer\" value=\"".pnVarPrepForDisplay($reviewer)."\" size=\"41\" maxlength=\"40\"></td></tr>"
                    ."<tr><td>"._EMAIL.":</td><td><input type=\"text\" name=\"email\" value=\"".pnVarPrepForDisplay($email)."\" size=\"41\" maxlength=\"80\"></td></tr>"
                    ."<tr><td>"._SCORE."</td><td><input type=\"text\" name=\"score\" value=\"".pnVarPrepForDisplay($score)."\" size=\"3\" maxlength=\"2\"></td></tr><tr><td>");

                if ($url != "") {
                    $output->Text("<tr><td>"._RELATEDLINK.":</td><td><input type=\"text\" name=\"url\" value=\"".pnVarPrepForDisplay($url)."\" size=\"25\" maxlength=\"100\"></td></tr>"
                        ."<tr><td>"._LINKTITLE.":</td><td><input type=\"text\" name=\"url_title\" value=\"".pnVarPrepForDisplay($url_title)."\" size=\"25\" maxlength=\"50\"></td></tr>");
                    }

                $output->Text("<tr><td>"._IMAGE.":</td><td><input type=\"text\" name=\"cover\" size=\"25\" maxlength=\"100\"><br><i>"
                ._REVIMGINFO."</i></td></tr></table>");
                $output->FormHidden('authid', pnSecGenAuthKey());
                $output->FormSubmit(_ADDREVIEW);
                $output->Text(" - [ ");
                $output->URL(pnModURL('reviews', 'admin', 'deletewaiting',
                                       array('id' => $id)),
                                       _DELETE);
                $output->Text(" ]");
                $output->FormEnd();
            }
        }
        $output->URL(pnModURL('reviews','user','main'),_CLICK2ADDREVIEW);
        $output->Text("</center>");
        $output->TableEnd();
    }

    // Modify
    if (pnSecAuthAction(0, 'reviews::', '::', ACCESS_EDIT)) {
        $output->TableStart(_DELMODREVIEW);
        $output->Text("<center><br><br>"._MODREVINFO."</center>");
        $output->TableEnd();
    }

    if (pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADMIN)) {
        $output->TableStart(_EDITREVIEWSCONFIG);
        $output->URL(pnModURL('reviews','admin','modifyconfig'), _EDITREVIEWSCONFIG); 
        $output->TableEnd();
    }

    // $output->SetOutputMode(_PNH_KEEPOUTPUT);
    $output->SetInputMode(_PNH_PARSEINPUT);
    $output->TableEnd();

    // Return the output that has been generated by this function
    return $output->GetOutput();
}

/**
 * This is a standard function that is called with the results of the
 * form supplied by reviews_admin_new() to create a new item
 * @param 'name' the name of the item to be created
 * @param 'number' the number of the item to be created
 */
function reviews_admin_create($args)
{

    // Get parameters from whatever input we need.
    list($id, $date, $title, $alanguage, $text, $reviewer, $email, $score,
         $url,$url_title, $cover) = pnVarCleanFromInput( 
         'id','date','title','alanguage','text','reviewer','email','score',
         'url','url_title','cover');

    extract($args);

    // Confirm authorisation code.
    if (!pnSecConfirmAuthKey()) {
        pnSessionSetVar('errormsg', _BADAUTHKEY);
        pnRedirect(pnModURL('reviews', 'admin', 'main'));
        return true;
    }

    // Load API.
    if (!pnModAPILoad('reviews', 'admin')) {
        pnSessionSetVar('errormsg', _LOADFAILED);
        return $output->GetOutput();
    }

    // The API function is called.  Note that the name of the API function and
    // the name of this function are identical, this helps a lot when
    // programming more complex modules.  The arguments to the function are
    // passed in as their own arguments array
    $rid = pnModAPIFunc('reviews', 'admin', 'create',
                        array('id' => $id,
                              'date' => $date,
                              'title' => $title,
                              'rlanguage' => $alanguage,
                              'text' => $text,
                              'reviewer' => $reviewer,
                              'email' => $email,
                              'score' => $score,
                              'url' => $url,
                              'url_title' => $url_title,
                              'cover' => $cover));

    if ($rid != false) {
        // Success
        pnSessionSetVar('statusmsg', _REVIEWCREATED);
    }

    pnRedirect(pnModURL('reviews', 'admin', 'main'));

    // Return
    return true;
}

/**
 * delete item
 * @param 'id' the id of the item to be deleted
 * @param 'confirmation' confirmation that this item can be deleted
 */
function reviews_admin_deletewaiting($args)
{
    // Get parameters from whatever input we need.  All arguments to this
    // function should be obtained from pnVarCleanFromInput(), getting them
    // from other places such as the environment is not allowed, as that makes
    // assumptions that will not hold in future versions of PostNuke
    list($id,
         $objectid,
         $confirmation) = pnVarCleanFromInput('id',
                                              'objectid',
                                              'confirmation');

    extract($args);

     if (!empty($objectid)) {
         $id = $objectid;
     }                     
/*
    // Load API.
    if (!pnModAPILoad('reviews', 'user')) {
        $output->Text(_LOADFAILED);
        return $output->GetOutput();
    }

    // The user API function is called.
    $item = pnModAPIFunc('reviews', 'user', 'get', array('id' => $id));

    if ($item == false) {
        $output->Text(_REVIEWSNOSUCHITEM);
        return $output->GetOutput();
    }
*/
    // Security check
    if (!pnSecAuthAction(0, 'reviews::Item', "$item[name]::$id", ACCESS_DELETE)) {
        $output->Text(_REVIEWSNOAUTH);
        return $output->GetOutput();
    }

    // Check for confirmation. 
    if (empty($confirmation)) {
        // No confirmation yet - display a suitable form to obtain confirmation
        // of this action from the user

        // Create output object - this object will store all of our output so
        // that we can return it easily when required
        $output = new pnHTML();

        // Add menu to output - it helps if all of the module pages have a
        // standard menu at their head to aid in navigation
/*
        $output->SetInputMode(_PNH_VERBATIMINPUT);
        $output->Text(reviews_adminmenu());
        $output->SetInputMode(_PNH_PARSEINPUT);
*/
        // Title - putting a title ad the head of each page reminds the user
        // what they are doing
        $output->Title(_DELETEREVIEW);

        // Add confirmation to output.  Note that this uses a pnHTML helper
        // function to produce the requested confirmation in a standard
        // fashion.  This not only cuts down on code within the module but
        // allows it to be altered in future without the module developer
        // having to worry about it

        $output->ConfirmAction(_CONFIRMREVIEWDELETE,
                               pnModURL('reviews', 'admin', 'deletewaiting'),
                               _CANCELREVIEWSDELETE,
                               pnModURL('reviews', 'admin', 'main'),
                               array('id' => $id));

        // Return the output that has been generated by this function
        return $output->GetOutput();
    }

    // If we get here it means that the user has confirmed the action

    // Confirm authorisation code.  This checks that the form had a valid
    // authorisation code attached to it.  If it did not then the function will
    // proceed no further as it is possible that this is an attempt at sending
    // in false data to the system
    if (!pnSecConfirmAuthKey()) {
        pnSessionSetVar('errormsg', _BADAUTHKEY);
        pnRedirect(pnModURL('reviews', 'admin', 'main'));
        return true;
    }
    // Load API.
    if (!pnModAPILoad('reviews', 'admin')) {
        $output->Text(_LOADFAILED);
        return $output->GetOutput();
    }

    // The API function is called.
    if (pnModAPIFunc('reviews', 'admin', 'deletewaiting', array('id' => $id))) {
        // Success
        pnSessionSetVar('statusmsg', _REVIEWDELETED);
    }

    // This function generated no output, and so now it is complete we redirect
    // the user to an appropriate page for them to carry on their work
    pnRedirect(pnModURL('reviews', 'admin', 'main'));
    // Return
    return true;
}

/**
 * This is a standard function to modify the configuration parameters of the
 * module
 */
function reviews_admin_modifyconfig()
{
    $output = new pnHTML();

    if (!pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADMIN)) {
        $output->Text(_REVIEWSNOAUTH);
        return $output->GetOutput();
    }

    // Title - putting a title ad the head of each page
    $output->Title(_REVIEWSMODIFYCONFIG);

    // Start form
    $output->FormStart(pnModURL('reviews', 'admin', 'updateconfig'));


    // Add an authorisation ID
    $output->FormHidden('authid', pnSecGenAuthKey());

    $output->TableStart();

    // Number of items to display per page
    $row = array();
    $output->SetOutputMode(_PNH_RETURNOUTPUT);
    $row[] = $output->Text(pnVarPrepForDisplay(_REVIEWSITEMSPERPAGE));
    $row[] = $output->FormText('itemsperpage', pnModGetVar('reviews', 'itemsperpage'), 3, 3);
    $output->SetOutputMode(_PNH_KEEPOUTPUT);
    $output->SetInputMode(_PNH_VERBATIMINPUT);
    $output->TableAddrow($row, 'left');
    $output->SetInputMode(_PNH_PARSEINPUT);
    $output->Linebreak(2);

    $output->TableEnd();

    // End form
    $output->Linebreak(2);
    $output->FormSubmit(_REVIEWSUPDATE);
    $output->FormEnd();
    
    // Return the output that has been generated by this function
    return $output->GetOutput();
}

/**
 * This is a standard function that is called with the results of the
 * form supplied by reviews_admin_new() to create a new item
 * @param 'name' the name of the item to be created
 * @param 'number' the number of the item to be created
 */
function reviews_admin_updatetitles($args)
{

    // Get parameters from whatever input we need.
    list($title, $description, $alanguage, $letters) = 
        pnVarCleanFromInput( 'title','description','alanguage', 'letters');

    extract($args);

    // Confirm authorisation code.
    if (!pnSecConfirmAuthKey()) {
        pnSessionSetVar('errormsg', _BADAUTHKEY);
        pnRedirect(pnModURL('reviews', 'admin', 'main'));
        return true;
    }

    // Load API.
    if (!pnModAPILoad('reviews', 'admin')) {
        pnSessionSetVar('errormsg', _LOADFAILED);
        return $output->GetOutput();
    }

    // The API function is called.  Note that the name of the API function and
    // the name of this function are identical, this helps a lot when
    // programming more complex modules.  The arguments to the function are
    // passed in as their own arguments array
    $rid = pnModAPIFunc('reviews', 'admin', 'updatetitles',
                        array('title' => $title,
                              'description' => $description,
                              'alanguage' => $alanguage,
                              'letters' => $letters));

    if ($rid != false) {
        // Success
        pnSessionSetVar('statusmsg', _REVIEWCONFUPDATED);
    }

    pnRedirect(pnModURL('reviews', 'admin', 'main'));

    return true;
}

/**
 * This is a standard function to update the configuration parameters of the
 * module given the information passed back by the modification form
 */
function reviews_admin_updateconfig()
{
    $title = pnVarCleanFromInput('title');

    // Confirm authorisation code.
    if (!pnSecConfirmAuthKey()) {
        pnSessionSetVar('errormsg', _BADAUTHKEY);
        pnRedirect(pnModURL('reviews', 'admin', 'view'));
        return true;
    }

    // Update module variables.
    if (!isset($itemsperpage)) {
        $itemsperpage = 10;
    }
    pnModSetVar('reviews', 'itemsperpage', $itemsperpage);

    // This function generated no output, and so now it is complete we redirect
    // the user to an appropriate page for them to carry on their work
    pnRedirect(pnModURL('reviews', 'admin', 'view'));

    // Return
    return true;
}

?>
--- NEW FILE: pnadminapi.php ---
<?php
// $Id: pnadminapi.php,v 1.1 2002/08/07 08:09:35 voll Exp $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2002 by the PostNuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WIthOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Volodymyr Metenchuk
// Purpose of file:  Reviews administration API
// ----------------------------------------------------------------------

function reviews_adminapi_create($args)
{
    extract($args);

    if ((!isset($id)) || (!isset($date)) || (!isset($title)) || (!isset($text)) ||
        (!isset($reviewer)) || (!isset($email)) || (!isset($score)) ||
        (!isset($cover)) || (!isset($url)) || (!isset($url_title)) ||
        (!isset($rlanguage))) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    if (!pnModAPILoad('reviews', 'user')) {
        pnSessionSetVar('errormsg', _LOADFAILED);
        return false;
    }

    if (!pnSecAuthAction(0, 'reviews::', "::", ACCESS_ADD)) {
        pnSessionSetVar('errormsg', _REVIEWSADDNOAUTH);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $column = &$pntable['reviews_column'];
    $nextid = $dbconn->GenId($pntable['reviews']);
    $query = "INSERT INTO $pntable[reviews] ($column[id], $column[date],
             $column[title], $column[text], $column[reviewer], $column[email],
             $column[score], $column[cover], $column[url], $column[url_title],
             $column[hits], $column[language]) VALUES ($nextid, '".
             pnVarPrepForStore($date)."', '".pnVarPrepForStore($title).
             "', '".pnVarPrepForStore($text)."', '".
             pnVarPrepForStore($reviewer)."', '".pnVarPrepForStore($email).
             "', '".pnVarPrepForStore($score)."', '".pnVarPrepForStore($cover).
             "', '".pnVarPrepForStore($url)."', '".
             pnVarPrepForStore($url_title)."', '1', '$rlanguage')";
    $result = $dbconn->Execute($query);

    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', "ERROR inserting review: " . $dbconn->ErrorMsg() );
        return false;
    } else {
        $result = $dbconn->Execute("DELETE FROM $pntable[reviews_add]
                                  WHERE {$pntable['reviews_add_column']['id']} = ".
                                  pnVarPrepForStore($id)."");
        if($dbconn->ErrorNo()<>0) {
            pnSessionSetVar('errormsg', "ERROR deleting queued review: " . $dbconn->ErrorMsg() );
            return false;
        }
    }
    return true;
}

function reviews_adminapi_updatetitles($args)
{
    extract($args);

    if ((!isset($title)) ||
        (!isset($description)) ||
        (!isset($alanguage)) ||
        (!isset($letters))) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    if (!pnModAPILoad('reviews', 'user')) {
        pnSessionSetVar('errormsg', _LOADFAILED);
        return false;
    }

    if (!pnSecAuthAction(0, 'reviews::', "::", ACCESS_EDIT)) {
        pnSessionSetVar('errormsg', _REVIEWSEDITNOAUTH);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $column = &$pntable['reviews_main_column'];
    $currentlang = pnUserGetLang();
    if (pnConfigGetVar('multilingual') == 1) {
        $querylang = " WHERE $column[language] ='$alanguage'";
    } else {
        $querylang = "";
    }

    $resultrm = $dbconn->Execute("SELECT $column[title], $column[description], $column[language], $column[letters]
                                FROM $pntable[reviews_main] $querylang");

    if ($resultrm->EOF) {
        $sql = "INSERT INTO $pntable[reviews_main] VALUES('"
            .pnVarPrepForStore($title)."','".pnVarPrepForStore($description)."','"
            .pnVarPrepForStore($alanguage)."','".pnVarPrepForStore($letters)."')";
    } else {
        $sql = "UPDATE $pntable[reviews_main]
                               SET $column[title]='".pnVarPrepForStore($title)."',
                               $column[description]='".pnVarPrepForStore($description)."',
                               $column[language]='".pnVarPrepForStore($alanguage)."',
                               $column[letters]='".pnVarPrepForStore($letters)."' $querylang";

    }

    $result = $dbconn->Execute($sql);
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', "ERROR updating configuration: " . $dbconn->ErrorMsg() );
        return false;
    }

    return true;
}

function reviews_adminapi_deletewaiting($args)
{
    extract($args);

    if (!isset($id)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    if (!pnSecAuthAction(0, 'reviews::', "::", ACCESS_DELETE)) {
        pnSessionSetVar('errormsg', _REVIEWSDELNOAUTH);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $result = $dbconn->Execute("DELETE FROM $pntable[reviews_add] WHERE {$pntable['reviews_add_column']['id']} = ".pnVarPrepForStore($id)."");

    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', "ERROR deleting queued review: " . $dbconn->ErrorMsg() );
        return false;
    }

    return true;
}

?>
--- NEW FILE: pninit.php ---
<?php
// $Id: pninit.php,v 1.1 2002/08/07 08:09:35 voll Exp $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2002 by the PostNuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WIthOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Volodymyr Metenchuk
// Purpose of file:  Initialisation functions for reviews
// ----------------------------------------------------------------------

/**
 * initialise the reviews module
 * This function is only ever called once during the lifetime of a particular
 * module instance
 */
function reviews_init()
{
    // Get database setup - note that both pnDBGetConn() and pnDBGetTables()
    // return arrays but we handle them differently.  For pnDBGetConn()
    // we currently just want the first item, which is the official
    // database handle.  For pnDBGetTables() we want to keep the entire
    // tables array together for easy reference later on
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    // It's good practice to name the table and column definitions you
    // are getting - $table and $column don't cut it in more complex modules

    // Create the table - the formatting here is not mandatory, but it does
    // make the SQL statement relatively easy to read.  Also, separating out
    // the SQL statement from the Execute() command allows for simpler
    // debug operation if it is ever needed

    $reviewstable = $pntable['reviews'];
    $reviewscolumn = &$pntable['reviews_column'];
    $sql = "CREATE TABLE $reviewstable (
        pn_id int(11) NOT NULL auto_increment,
        pn_date datetime NOT NULL default '0000-00-00 00:00:00',
        pn_title varchar(150) NOT NULL default '',
        pn_text text NOT NULL,
        pn_reviewer varchar(20) default NULL,
        pn_email varchar(60) default NULL,
        pn_score int(11) NOT NULL default '0',
        pn_cover varchar(100) NOT NULL default '',
        pn_url varchar(100) NOT NULL default '',
        pn_url_title varchar(50) NOT NULL default '',
        pn_hits int(11) NOT NULL default '0',
        pn_language varchar(30) NOT NULL default '',
        PRIMARY KEY  (pn_id))";
    $dbconn->Execute($sql);

    $reviewstable_add = $pntable['reviews_add'];
    $reviewscolumn_add = &$pntable['reviews_column_add'];
    $sql = "CREATE TABLE $reviewstable_add (
        pn_id int(11) NOT NULL auto_increment,
        pn_date datetime default NULL,
        pn_title varchar(150) NOT NULL default '',
        pn_text text NOT NULL,
        pn_reviewer varchar(20) NOT NULL default '',
        pn_email varchar(60) default NULL,
        pn_score int(11) NOT NULL default '0',
        pn_url varchar(100) NOT NULL default '',
        pn_url_title varchar(50) NOT NULL default '',
        pn_language varchar(30) NOT NULL default '',
        PRIMARY KEY  (pn_id))";
    $dbconn->Execute($sql);

    $reviewstable_comments = $pntable['reviews_comments'];
    $reviewscolumn_comments = &$pntable['reviews_column_comments'];
    $sql = "CREATE TABLE $reviewstable_comments (
        pn_cid int(11) NOT NULL auto_increment,
        pn_rid int(11) NOT NULL default '0',
        pn_userid varchar(25) NOT NULL default '',
        pn_date datetime default NULL,
        pn_comments text,
        pn_score int(11) NOT NULL default '0',
        PRIMARY KEY  (pn_cid))";
    $dbconn->Execute($sql);

    $reviewstable_main = $pntable['reviews_main'];
    $reviewscolumn_main = &$pntable['reviews_column_main'];
    $sql = "CREATE TABLE $reviewstable_main (
        pn_title varchar(100) default NULL,
        pn_description text,
        pn_language varchar(30) NOT NULL default '',
        pn_letters text)";
    $dbconn->Execute($sql);

    $alphabet = "A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z|1|2|3|4|5|6|7|8|9|0";
    $sql = "INSERT INTO $reviewstable_main VALUES('Reviews Section Title',
           'Reviews Section Long Description','eng','$alphabet')";
    $dbconn->Execute($sql);

    // Check for an error with the database code, and if so set an
    // appropriate error message and return
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _CREATETABLEFAILED);
        return false;
    }

    // Set up an initial value for a module variable.  Note that all module
    // variables should be initialised with some value in this way rather
    // than just left blank, this helps the user-side code and means that
    // there doesn't need to be a check to see if the variable is set in
    // the rest of the code as it always will be
    pnModSetVar('reviews', 'itemsperpage', 10);

    // Initialisation successful
    return true;
}

/**
 * upgrade the reviews module from an old version
 * This function can be called multiple times
 */
function reviews_upgrade($oldversion)
{
    // Upgrade dependent on old version number
    switch($oldversion) {
        case 1.0:
            // Code to upgrade from version 1.0 goes here
            pnModSetVar('reviews', 'itemsperpage', 10);
            list($dbconn) = pnDBGetConn();
            $pntable = pnDBGetTables();

            $reviewstable_main = $pntable['reviews_main'];
            $reviewscolumn_main = &$pntable['reviews_column_main'];

            $sql = "ALTER TABLE $reviewstable_main ADD pn_language varchar(30) NOT NULL default '' AFTER pn_description";
            $dbconn->Execute($sql);

            $sql = "ALTER TABLE $reviewstable_main ADD pn_letters text AFTER pn_language";
            $dbconn->Execute($sql);

            $alphabet = "A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z|1|2|3|4|5|6|7|8|9|0";
            $sql = "UPDATE $reviewstable_main SET pn_language='eng', pn_letters='$alphabet'";
                 
            $dbconn->Execute($sql);
            break;
        case 1.1:
            // Code to upgrade from version 2.0 goes here
            break;
    }

    // Update successful
    return true;
}

/**
 * delete the reviews module
 * This function is only ever called once during the lifetime of a particular
 * module instance
 */
function reviews_delete()
{
    // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables()
    // return arrays but we handle them differently.  For pnDBGetConn()
    // we currently just want the first item, which is the official
    // database handle.  For pnDBGetTables() we want to keep the entire
    // tables array together for easy reference later on
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    // Drop the table - for such a simple command the advantages of separating
    // out the SQL statement from the Execute() command are minimal, but as
    // this has been done elsewhere it makes sense to stick to a single method
    $sql = "DROP TABLE $pntable[reviews]";
    $dbconn->Execute($sql);
    $sql = "DROP TABLE $pntable[reviews_add]";
    $dbconn->Execute($sql);
    $sql = "DROP TABLE $pntable[reviews_comments]";
    $dbconn->Execute($sql);
    $sql = "DROP TABLE $pntable[reviews_main]";
    $dbconn->Execute($sql);

    // Check for an error with the database code, and if so set an
    // appropriate error message and return
    if ($dbconn->ErrorNo() != 0) {
        // Report failed deletion attempt
        return false;
    }

    // Delete any module variables
    pnModDelVar('reviews', 'itemsperpage');

    // Deletion successful
    return true;
}

?>
--- NEW FILE: pntables.php ---
<?php
// $Id: pntables.php,v 1.1 2002/08/07 08:09:35 voll Exp $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2002 by the PostNuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WIthOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Volodymyr Metenchuk
// Purpose of file:  Table information for reviews module
// ----------------------------------------------------------------------

/**
 * This function is called internally by the core whenever the module is
 * loaded.  It adds in the information
 */
function reviews_pntables()
{
    // Initialise table array
    $pntable = array();

    // Get the name for the template item table.  This is not necessary
    // but helps in the following statements and keeps them readable

    // Set the table name

    // Set the column names.  Note that the array has been formatted
    // on-screen to be very easy to read by a user.

    $reviews = pnConfigGetVar('prefix') . '_reviews';
    $pntable['reviews'] = $reviews;
    $pntable['reviews_column'] = array (
        'id'        => $reviews . '.pn_id',
        'date'      => $reviews . '.pn_date',
        'title'     => $reviews . '.pn_title',
        'text'      => $reviews . '.pn_text',
        'reviewer'  => $reviews . '.pn_reviewer',
        'email'     => $reviews . '.pn_email',
        'score'     => $reviews . '.pn_score',
        'cover'     => $reviews . '.pn_cover',
        'url'       => $reviews . '.pn_url',
        'url_title' => $reviews . '.pn_url_title',
        'hits'      => $reviews . '.pn_hits',
        'rlanguage' => $reviews . '.pn_language',
        'language'  => $reviews . '.pn_language');

    $reviews_add = pnConfigGetVar('prefix') . '_reviews_add';
    $pntable['reviews_add'] = $reviews_add;
    $pntable['reviews_add_column'] = array (
        'id'        => $reviews_add . '.pn_id',
        'date'      => $reviews_add . '.pn_date',
        'title'     => $reviews_add . '.pn_title',
        'text'      => $reviews_add . '.pn_text',
        'reviewer'  => $reviews_add . '.pn_reviewer',
        'email'     => $reviews_add . '.pn_email',
        'score'     => $reviews_add . '.pn_score',
        'url'       => $reviews_add . '.pn_url',
        'url_title' => $reviews_add . '.pn_url_title',
        'rlanguage' => $reviews_add . '.pn_language',
        'language'  => $reviews_add . '.pn_language');

    $reviews_comments = pnConfigGetVar('prefix') . '_reviews_comments';
    $pntable['reviews_comments'] = $reviews_comments;
    $pntable['reviews_comments_column'] = array (
        'cid'      => $reviews_comments . '.pn_cid',
        'rid'      => $reviews_comments . '.pn_rid',
        'userid'   => $reviews_comments . '.pn_userid',
        'date'     => $reviews_comments . '.pn_date',
        'comments' => $reviews_comments . '.pn_comments',
        'score'    => $reviews_comments . '.pn_score');

    $reviews_main = pnConfigGetVar('prefix') . '_reviews_main';
    $pntable['reviews_main'] = $reviews_main;
    $pntable['reviews_main_column'] = array (
        'title'       => $reviews_main . '.pn_title',
        'description' => $reviews_main . '.pn_description',
        'language'    => $reviews_main . '.pn_language',
        'letters'     => $reviews_main . '.pn_letters');

    // Return the table information
    return $pntable;
}

?>
--- NEW FILE: pnuser.php ---
<?php
// $Id: pnuser.php,v 1.1 2002/08/07 08:09:35 voll Exp $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2002 by the PostNuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
[...1124 lines suppressed...]

function reviews_user_deletecomment()
{
    list($cid,$id) = pnVarCleanFromInput('cid','id');

    $output = new pnHTML();
    if(!pnModAPILoad('reviews', 'user')) {
	$output->Text(_APILOADFAILED);
	return $output->GetOutput();
    }
    $result = pnModAPIFunc('reviews', 'user', 'deletecomment', array('cid' => $cid, 'id' => $id));

    if($result == false) {
        $output->Text(_REVIEWSCOMMENTDELETEFAILED);
        return $output->GetOutput();
    }
    pnRedirect(pnModURL('reviews', 'user', 'main'));
}

?>
--- NEW FILE: pnuserapi.php ---
<?php
// $Id: pnuserapi.php,v 1.1 2002/08/07 08:09:35 voll Exp $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2002 by the PostNuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WIthOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Jim McDonald
// Purpose of file:  Template user API
// ----------------------------------------------------------------------

/**
 * get all example items
 * @returns array
 * @return array of items, or false on failure
 */
function reviews_userapi_getall($args)
{
    extract($args);

    if (!isset($startnum)) {
        $startnum = 1;
    }
    if (!isset($numitems)) {
        $numitems = -1;
    }

    if ((!isset($startnum)) || (!isset($numitems))) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    $items = array();

    if (!pnSecAuthAction(0, 'reviews::', '::', ACCESS_READ)) {
        return $items;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $column = &$pntable['reviews_column'];


    $sql = "SELECT $column[id],$column[date],$column[title],$column[text],$column[reviewer],
            $column[email],$column[score],$column[cover],$column[url],$column[url_title],$column[hits],
            $column[rlanguage] FROM $pntable[reviews] ORDER BY $column[title]";
    $result = $dbconn->SelectLimit($sql, $numitems, $startnum-1);

    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _GETFAILED);
        return false;
    }
    for (; !$result->EOF; $result->MoveNext()) {
    list($id, $date, $title, $text, $reviewer, $email, $score, $cover,
         $url, $url_title, $hits, $rlanguage) = $result->fields;
        if (pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ)) {
            $items[] = 
            array('id' => $id,
                  'date' => $date,
                  'title' => $title,
                  'text' => $text,
                  'reviewer' => $reviewer,
                  'email' => $email,
                  'score' => $score,
                  'cover' => $cover,
                  'url' => $url,
                  'url_title' => $url_title,
                  'hits' => $hits,
                  'rlanguage' => $rlanguage);
        }
    }

    $result->Close();

    return $items;
}

/**
 * get all example items
 * @returns array
 * @return array of items, or false on failure
 */
function reviews_userapi_getallwaiting($args)
{
    extract($args);

    $items = array();

    if (!pnSecAuthAction(0, 'reviews::', '::', ACCESS_ADMIN)) {
        return $items;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $column = &$pntable['reviews_add_column'];

    $sql = "SELECT $column[id], $column[date], $column[title], $column[text],
            $column[reviewer], $column[email], $column[score], $column[url],
            $column[url_title], $column[language] FROM $pntable[reviews_add]
            ORDER BY $column[id]";

    $result = $dbconn->Execute($sql);

    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _GETFAILED);
        return false;
    }
    for (; !$result->EOF; $result->MoveNext()) {
    list($id, $date, $title, $text, $reviewer, $email, $score, 
         $url, $url_title, $rlanguage) = $result->fields;
        if (pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_ADMIN)) {
            $items[] = 
            array('id' => $id,
                  'date' => $date,
                  'title' => $title,
                  'text' => $text,
                  'reviewer' => $reviewer,
                  'email' => $email,
                  'score' => $score,
                  'url' => $url,
                  'url_title' => $url_title,
                  'rlanguage' => $rlanguage);
        }
    }

    $result->Close();

    return $items;
}

/**
 * get a specific item
 * @param $args['id'] id of example item to get
 * @returns array
 * @return item array, or false on failure
 */
function reviews_userapi_get($args)
{
    extract($args);

    if (!isset($id)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $column = &$pntable['reviews_column'];

    $sql = "SELECT $column[date],$column[title], $column[text],$column[reviewer],$column[email],
            $column[score],$column[cover],$column[url],$column[url_title],$column[hits],$column[rlanguage]
            FROM $pntable[reviews] WHERE $column[id] = " . pnVarPrepForStore($id);
    $result = $dbconn->Execute($sql);

    if ($dbconn->ErrorNo() != 0) {
        return false;
    }

    if ($result->EOF) {
        return false;
    }

    list($date, $title, $text, $reviewer, $email, $score, $cover,
         $url, $url_title, $hits, $rlanguage) = $result->fields;

    $result->Close();

    if (!pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ)) {
        return false;
    }

    $item = array('id' => $id,
                  'date' => $date,
                  'title' => $title,
                  'text' => $text,
                  'reviewer' => $reviewer,
                  'email' => $email,
                  'score' => $score,
                  'cover' => $cover,
                  'url' => $url,
                  'url_title' => $url_title,
                  'hits' => $hits,
                  'rlanguage' => $rlanguage);

    return $item;
}

/**
 * utility function to count the number of items held by this module
 * @returns integer
 * @return number of items held by this module
 */
function reviews_userapi_countitems()
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $column = &$pntable['reviews_column'];

    $sql = "SELECT COUNT(1)
            FROM $pntable[reviews]";
    $result = $dbconn->Execute($sql);

    if ($dbconn->ErrorNo() != 0) {
        return false;
    }

    list($numitems) = $result->fields;

    $result->Close();

    return $numitems;
}

/**
 * get all items for selected letter
 * @returns array
 * @return array of items, or false on failure
 */
function reviews_userapi_view($args)
{
    extract($args);

    if (!isset($letter)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $reviewstable = $pntable['reviews'];
    $column = &$pntable['reviews_column'];

    $currentlang = pnUserGetLang();

    if (pnConfigGetVar('multilingual') == 1) {
        $querylang = "AND ($column[language] ='$currentlang' OR $column[language] = '')";
    } else {
        $querylang = "";
    }

    if ($letter == _ALL) {
      $query = "SELECT $column[id], $column[title], $column[hits], $column[reviewer], $column[score]
                FROM $reviewstable WHERE $column[id] != '' $querylang ";
    } else {
      $query = "SELECT $column[id], $column[title], $column[hits], $column[reviewer], $column[score]
                FROM $reviewstable WHERE UPPER($column[title]) LIKE '$letter%' $querylang ";
    }

    switch($field) {
        case "reviewer":
            $query .= " ORDER by pn_reviewer $order";
            break;
        case "score":
            $query .= " ORDER by pn_score $order";
            break;
        case "hits":
            $query .= " ORDER by pn_hits $order";
            break;
        default:
            $query .= " ORDER by pn_title $order";
            break;
    }
    $result = $dbconn->Execute($query);

    if ($dbconn->ErrorNo() != 0) {
        error_log("Error: " . $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg());
       PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database");
        return false;
    }

    if ($result->EOF) {
        return false;
    }

    for (; !$result->EOF; $result->MoveNext()) {
    list($id, $title, $hits, $reviewer, $score) = $result->fields;
        if (pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ)) {
            $items[] = 
            array('id' => $id,
                  'title' => $title,
                  'hits' => $hits,
                  'reviewer' => $reviewer,
                  'score' => $score);
        }
    }

    $result->Close();

    return $items;
}

/**
 * get all items for selected letter
 * @returns array
 * @return array of items, or false on failure
 */
function reviews_userapi_viewmenu($args)
{
    extract($args);

    if (!isset($order)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $reviewstable = $pntable['reviews'];
    $column = &$pntable['reviews_column'];

    $currentlang = pnUserGetLang();

    if (pnConfigGetVar('multilingual') == 1) {
        $querylang = "($column[language]='$currentlang' OR $column[language]='')";
    } else {
        $querylang = "";
    }

    $query = "SELECT $column[id], $column[title], $column[hits], $column[date]
             FROM $reviewstable WHERE $querylang ";

    switch($order) {
        case "hits":
            $query .= "ORDER BY $column[hits] DESC LIMIT 10";
            break;
        case "date":
            $query .= "ORDER BY $column[date] DESC LIMIT 10";
            break;
    }
    $result = $dbconn->Execute($query);

    if ($dbconn->ErrorNo() != 0) {
        error_log("Error: " . $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg());
       PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database");
        return false;
    }

    if ($result->EOF) {
        return false;
    }

    for (; !$result->EOF; $result->MoveNext()) {
    list($id, $title, $hits, $date) = $result->fields;
        if (pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ)) {
            $items[] = 
            array('id' => $id,
                  'title' => $title,
                  'hits' => $hits,
                  'date' => $date);
        }
    }

    $result->Close();

    return $items;
}

function reviews_userapi_add($args)
{
    extract($args);

    if ((!isset($date)) || (!isset($title)) || (!isset($text)) || (!isset($reviewer)) ||
        (!isset($email)) || (!isset($score)) || (!isset($cover)) || (!isset($url)) ||
        (!isset($url_title)) || (!isset($hits)) || (!isset($id)) || (!isset($rlanguage))) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    if ($id == 0) {
        // New review
        if (!(pnSecAuthAction(0, 'reviews::', "$title::", ACCESS_COMMENT))) {
            pnSessionSetVar('errormsg', _REVIEWSSUBMITNOAUTH);
            return false;
        }

        if (pnSecAuthAction(0, 'reviews::', "$title::", ACCESS_ADD)) {
            // Add immediately
            $column = &$pntable['reviews_column'];
            $newid = $dbconn->GenId($pntable['reviews']);
            $query = "INSERT INTO $pntable[reviews] ($column[id], $column[date], $column[title], $column[text], $column[reviewer], $column[email], $column[score], $column[cover], $column[url], $column[url_title], $column[hits], $column[language]) VALUES ($newid,
            '".pnVarPrepForStore($date)."',
                '".pnVarPrepForStore($title)."',
                '".pnVarPrepForStore($text)."',
                '".pnVarPrepForStore($reviewer)."',
                '".pnVarPrepForStore($email)."',
                '".pnVarPrepForStore($score)."',
                '".pnVarPrepForStore($cover)."',
                '".pnVarPrepForStore($url)."',
                '".pnVarPrepForStore($url_title)."',
                '1',
                '".pnVarPrepForStore($rlanguage)."'
            )";
            $result = $dbconn->Execute($query);
            if($dbconn->ErrorNo()<>0) {
                error_log("ERROR 1 : " . $dbconn->ErrorMsg());
            }
        } else {
            // Add to waiting list
            $column = &$pntable['reviews_add_column'];
            $nextid = $dbconn->GenId($pntable['reviews_add']);
            $result = $dbconn->Execute("INSERT INTO $pntable[reviews_add] ($column[id], $column[date], $column[title], $column[text], $column[reviewer], $column[email], $column[score], $column[url], $column[url_title], $column[language]) VALUES ($nextid,
            '".pnVarPrepForStore($date)."',
                '".pnVarPrepForStore($title)."',
                '".pnVarPrepForStore($text)."',
                '".pnVarPrepForStore($reviewer)."',
                '".pnVarPrepForStore($email)."',
                '".pnVarPrepForStore($score)."',
                '".pnVarPrepForStore($url)."',
                '".pnVarPrepForStore($url_title)."',
                '".pnVarPrepForStore($rlanguage)."'
            )");
            if($dbconn->ErrorNo()<>0) {
                error_log("ERROR 1 : " . $dbconn->ErrorMsg());
            }
        }
    } else {
        // Updated review
        if (!(pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_EDIT))) {
            pnSessionSetVar('errormsg', _REVIEWSEDITNOAUTH);
            return false;
        }

        $column = &$pntable['reviews_column'];
        $result = $dbconn->Execute("UPDATE $pntable[reviews] SET $column[date]='".pnVarPrepForStore($date)
             ."', $column[title]='".pnVarPrepForStore($title)."', $column[text]='".pnVarPrepForStore($text)
             ."', $column[reviewer]='".pnVarPrepForStore($reviewer)."', $column[email]='".pnVarPrepForStore($email)
             ."', $column[score]='".pnVarPrepForStore($score)."', $column[cover]='".pnVarPrepForStore($cover)
             ."', $column[url]='".pnVarPrepForStore($url)."', $column[url_title]='".pnVarPrepForStore($url_title)
             ."', $column[hits]='".pnVarPrepForStore($hits)."', $column[language]='".pnVarPrepForStore($rlanguage)
             ."' WHERE $column[id] = ".pnVarPrepForStore($id)."");
        if($dbconn->ErrorNo()<>0) {
            error_log("ERROR 2 : " . $dbconn->ErrorMsg());
        }
    }
    return true;
}

function reviews_userapi_delete($args)
{
    extract($args);

    if (!isset($id_del)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $column = &$pntable['reviews_column'];
    $result = $dbconn->Execute("SELECT $column[title]
                              FROM $pntable[reviews]
                              WHERE $column[id]=".pnVarPrepForStore($id_del)."");
    list($title) = $result->fields;
    $result->Close();
    if (!(pnSecAuthAction(0, 'reviews::', "::$id_del", ACCESS_DELETE))) {
        pnSessionSetVar('errormsg', _REVIEWSDELNOAUTH);
        return false;
    }
    $dbconn->Execute("DELETE FROM $pntable[reviews] WHERE {$pntable['reviews_column']['id']}=".pnVarPrepForStore($id_del)."");
    $dbconn->Execute("DELETE FROM $pntable[reviews_comments] WHERE {$pntable['reviews_comments_column']['rid']}='".pnVarPrepForStore($id_del)."'");
    return true;
}

function reviews_userapi_updatehits($args)
{
    extract($args);

    if (!isset($id)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
 
    $column = &$pntable['reviews_column'];
    $result = $dbconn->Execute("SELECT $column[title] FROM $pntable[reviews] WHERE $column[id]=".pnVarPrepForStore($id)."");
    list($title) = $result->fields;
    $result->Close();

    if (!(pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_READ))) {
        pnSessionSetVar('errormsg', _REVIEWSNOAUTH);
        return false;
    }
    $dbconn->Execute("UPDATE $pntable[reviews] SET $column[hits]=$column[hits]+1 WHERE $column[id]=".pnVarPrepForStore($id)."");
    if($dbconn->ErrorNo()<>0) {
        error_log("ERROR 5 : " . $dbconn->ErrorMsg());
        return false;
    }
    return true;
}

function reviews_userapi_viewcomments($args)
{
    extract($args);

    if (!isset($id)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $commcolumn = &$pntable['reviews_comments_column'];
    $result = $dbconn->Execute("SELECT $commcolumn[cid], $commcolumn[userid], $commcolumn[date],
              $commcolumn[comments], $commcolumn[score] FROM $pntable[reviews_comments]
              WHERE $commcolumn[rid]='".pnVarPrepForStore($id)."' ORDER BY $commcolumn[date] DESC");

    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _GETFAILED);
        return false;
    }
    for (; !$result->EOF; $result->MoveNext()) {
        list($cid, $uname, $date, $comments, $score) = $result->fields;
        if (pnSecAuthAction(0, 'reviews::', "", ACCESS_READ)) {
            $items[] = 
            array('cid' => $cid,
                  'uname' => $uname,
                  'date' => $date,
                  'comments' => $comments,
                  'score' => $score);
        }
    }

    $result->Close();

    return $items;
}

function reviews_userapi_savecomment($args)
{
    extract($args);

    if ((!isset($uname)) || (!isset($id)) || (!isset($score)) || (!isset($comments))) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    if (!(pnSecAuthAction(0, 'reviews::', "::$id", ACCESS_COMMENT))) {
        pnSessionSetVar('errormsg', _REVIEWSCOMMENTNOAUTH);
        return false;
    }

    $column = &$pntable['reviews_comments_column'];
    $newid = $dbconn->GenId($pntable['reviews_comments_column']);
    $query = "INSERT INTO $pntable[reviews_comments] "
        . "($column[cid], $column[rid], $column[userid], $column[date], $column[comments], $column[score]) "
        . "VALUES ($newid, '".pnVarPrepForStore($id)."', '".pnVarPrepForStore($uname)."', now(), '"
        . pnVarPrepForStore($comments)."', '".pnVarPrepForStore($score)."' )";
    $result = $dbconn->Execute($query);
    if($dbconn->ErrorNo()<>0)
    {
        error_log("ERROR 4 : " . $dbconn->ErrorMsg());
    }
    return true;
 }


function reviews_userapi_deletecomment($args)
{
    extract($args);

    if ((!isset($cid)) || (!isset($id))) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }

    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $column = &$pntable['reviews_column'];
    $result = $dbconn->Execute("SELECT $column[title]
                              FROM $pntable[reviews]
                              WHERE $column[id]=".pnVarPrepForStore($id)."");
    list($title) = $result->fields;
    if (!(pnSecAuthAction(0, 'reviews::', "$title::$id", ACCESS_DELETE))) {
        pnSessionSetVar('errormsg', _REVIEWSDELNOAUTH);
        return false;
    }
    $dbconn->Execute("DELETE FROM $pntable[reviews_comments] WHERE {$pntable['reviews_comments_column']['cid']}='".pnVarPrepForStore($cid)."'");
    return true;
}

function reviews_userapi_gettitles()
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();

    $column = &$pntable['reviews_main_column'];
    $currentlang = pnUserGetLang();

    if (pnConfigGetVar('multilingual') == 1) {
        $querylang = " WHERE ($column[language] ='$currentlang' OR $column[language] = '')";
    } else {
        $querylang = "";
    }

    $resultrm = $dbconn->Execute("SELECT $column[title], $column[description], $column[language], $column[letters]
                                FROM $pntable[reviews_main] $querylang");
    list($title, $description, $alanguage, $letters) = $resultrm->fields;
    $item['title'] = $title;
    $item['description'] = $description;
    $item['alanguage'] = $alanguage;
    $item['letters'] = $letters;

    return $item;
}

?>
--- NEW FILE: pnversion.php ---
<?php // $Id: pnversion.php,v 1.1 2002/08/07 08:09:35 voll Exp $ $Name:  $

$modversion['name'] = 'Reviews';
$modversion['id'] = '31';
$modversion['version'] = '1.1';
$modversion['description'] = 'Reviews Module';
$modversion['credits'] = 'docs/credits.txt';
$modversion['help'] = 'docs/install.txt';
$modversion['changelog'] = 'docs/changelog.txt';
$modversion['license'] = 'docs/license.txt';
$modversion['official'] = 1;
$modversion['author'] = 'Volodymyr Metenchuk';
$modversion['contact'] = 'http://postnuke.solidno.ru';
$modversion['admin'] = 0;
$modversion['securityschema'] = array('reviews::' => 'review name::review ID');;

?>

Directory filter : [ all ] / postnuke_modules / reviews [ view in CVS ]

View Statistics - Next Notice - Previous Notice


Visit Developer Site - Browse CVS Repository Syndicate via backend.rss
(max. once per hour please)
Powered by CVSNotice 0.1.3