forked from Vitexus/PhoenixCart
-
Notifications
You must be signed in to change notification settings - Fork 1
/
article_reviews_write.php
63 lines (44 loc) · 2.56 KB
/
article_reviews_write.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
/*
$Id: article_reviews_write.php, v1.0 2003/12/04 12:00:00 ra Exp $
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
Released under the GNU General Public License
*/
require('includes/application_top.php');
if (!tep_session_is_registered('customer_id')) {
$navigation->set_snapshot();
tep_redirect(tep_href_link('login.php', '', 'SSL'));
}
$article_info_query = tep_db_query("select a.articles_id, ad.articles_name from articles a, articles_description ad where a.articles_id = '" . (int)$_GET['articles_id'] . "' and a.articles_status = '1' and a.articles_id = ad.articles_id and ad.language_id = '" . (int)$languages_id . "'");
if (!tep_db_num_rows($article_info_query)) {
tep_redirect(tep_href_link('article_reviews.php', tep_get_all_get_params(array('action'))));
} else {
$article_info = tep_db_fetch_array($article_info_query);
}
$customer_query = tep_db_query("select customers_firstname, customers_lastname from customers where customers_id = '" . (int)$customer_id . "'");
$customer = tep_db_fetch_array($customer_query);
if (isset($_GET['action']) && ($_GET['action'] == 'process')) {
$rating = tep_db_prepare_input($_POST['rating']);
$review = tep_db_prepare_input($_POST['review']);
$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
$error = true;
$messageStack->add('review', JS_REVIEW_TEXT);
}
if (($rating < 1) || ($rating > 5)) {
$error = true;
$messageStack->add('review', JS_REVIEW_RATING);
}
if ($error == false) {
tep_db_query("insert into article_reviews (articles_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int)$_GET['articles_id'] . "', '" . (int)$customer_id . "', '" . tep_db_input($customer['customers_firstname']) . ' ' . tep_db_input($customer['customers_lastname']) . "', '" . tep_db_input($rating) . "', now())");
$insert_id = tep_db_insert_id();
tep_db_query("insert into article_reviews_description (reviews_id, languages_id, reviews_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($review) . "')");
tep_redirect(tep_href_link('article_reviews.php', tep_get_all_get_params(array('action'))));
}
}
$articles_name = $article_info['articles_name'];
require('includes/languages/' . $language . '/article_reviews_write.php');
require $oscTemplate->map_to_template(__FILE__, 'page');
require 'includes/application_bottom.php';