-
Notifications
You must be signed in to change notification settings - Fork 0
/
threadrate.php
98 lines (91 loc) · 3.98 KB
/
threadrate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
<?php
error_reporting(7);
require("./global.php");
if ($s!=$session['dbsessionhash']) {
$newurl = replacesession($scriptpath);
eval("standarderror(\"".gettemplate("error_invalidsession")."\");");
}
$permissions=getpermissions();
if (!$permissions['canthreadrate']) {
show_nopermission();
}
$vote = intval($vote);
if ($vote < 1 or $vote > 5) {
eval("standarderror(\"".gettemplate("error_invalidvote")."\");");
exit;
}
$threadid = verifyid("thread",$threadid);
$threadinfo=getthreadinfo($threadid);
updateuserforum($threadinfo['forumid']);
if ($threadinfo[visible]==0 or $threadinfo[open]==0) {
eval("standarderror(\"".gettemplate("error_threadrateclosed")."\");");
exit;
}
if ($bbuserinfo['userid'] != 0) {
if ($rating=$DB_site->query_first("SELECT vote, threadrateid
FROM threadrate
WHERE userid = $bbuserinfo[userid]
AND threadid = '$threadid'")) {
if ($votechange) {
if ($vote != $rating[vote]) {
$voteupdate = $vote - $rating[vote];
$DB_site->query("UPDATE threadrate
SET vote = '$vote'
WHERE threadrateid = $rating[threadrateid]");
$DB_site->query("UPDATE thread
SET votetotal = votetotal + $voteupdate
WHERE threadid = '$threadid'");
}
eval("standardredirect(\"".gettemplate("redirect_threadrate_update")."\",\"showthread.php?s=$session[sessionhash]&threadid=$threadid\");");
exit;
} else {
eval("standarderror(\"".gettemplate("error_threadratevoted")."\");");
exit;
}
} else {
$DB_site->query("INSERT INTO threadrate (threadid,userid,vote)
VALUES ('$threadid','$bbuserinfo[userid]','$vote')");
$DB_site->query("UPDATE thread
SET votetotal = votetotal + $vote, votenum = votenum + 1
WHERE threadid = '$threadid'");
eval("standardredirect(\"".gettemplate("redirect_threadrate_add")."\",\"showthread.php?s=$session[sessionhash]&threadid=$threadid\");");
exit;
}
} else {
// Check for entry in Database for this Ip Addr/Threadid
// Check for cookie on user's computer for this threadid
if ($rating=$DB_site->query_first("SELECT vote, threadrateid
FROM threadrate
WHERE ipaddress = '".addslashes($ipaddress)."'
AND threadid = '$threadid'")) {
if ($votechange) {
if ($vote != $rating[vote]) {
$voteupdate = $vote - $rating[vote];
$DB_site->query("UPDATE threadrate
SET vote = '$vote'
WHERE threadrateid = $rating[threadrateid]");
$DB_site->query("UPDATE thread
SET votetotal = votetotal + $voteupdate
WHERE threadid = '$threadid'");
}
eval("standardredirect(\"".gettemplate("redirect_threadrate_update")."\",\"showthread.php?s=$session[sessionhash]&threadid=$threadid\");");
exit;
} else {
eval("standarderror(\"".gettemplate("error_threadratevoted")."\");");
exit;
}
} elseif (get_bbarraycookie('threadrate', $threadid)) {
eval("standarderror(\"".gettemplate("error_threadratevoted")."\");");
exit;
} else {
$DB_site->query("INSERT INTO threadrate (threadid,vote,ipaddress)
VALUES ('$threadid','$vote','".addslashes($ipaddress)."')");
$DB_site->query("UPDATE thread
SET votetotal = votetotal + $vote, votenum = votenum + 1
WHERE threadid = '$threadid'");
set_bbarraycookie('threadrate', $threadid, $vote, 1);
eval("standardredirect(\"".gettemplate("redirect_threadrate_add")."\",\"showthread.php?s=$session[sessionhash]&threadid=$threadid\");");
exit;
}
}
?>