function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $asb_question, $asb_reponse)
{
global $admin, $user, $NPDS_Prefix;
include 'header.php';
$date = reversedate($date);
$title = stripslashes(FixQuotes(strip_tags($title)));
$text = stripslashes(Fixquotes(urldecode(removeHack($text))));
if (!$user and !$admin) {
//anti_spambot
if (!R_spambot($asb_question, $asb_reponse, $text)) {
Ecr_Log('security', 'Review Anti-Spam : title=' . $title, '');
redirect_url("index.php");
die;
}
}
echo '
<h2>' . translate("Write a Review") . '</h2>
<br /><p class="lead text-danger">' . translate("Thanks for submitting this review") . '';
if ($id != 0) {
echo " " . translate("modification") . "";
} else {
echo ", {$reviewer}";
}
echo '<br /><br />';
if ($admin && $id == 0) {
sql_query("INSERT INTO " . $NPDS_Prefix . "reviews VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$cover}', '{$url}', '{$url_title}', '1')");
echo translate("It is now available in the reviews database.");
} else {
if ($admin && $id != 0) {
sql_query("UPDATE " . $NPDS_Prefix . "reviews SET date='{$date}', title='{$title}', text='{$text}', reviewer='{$reviewer}', email='{$email}', score='{$score}', cover='{$cover}', url='{$url}', url_title='{$url_title}', hits='{$hits}' WHERE id='{$id}'");
echo translate("It is now available in the reviews database.");
} else {
sql_query("INSERT INTO " . $NPDS_Prefix . "reviews_add VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$url}', '{$url_title}')");
echo translate("The editors will look at your submission. It should be available soon!");
}
}
echo '</p><a class="btn btn-default" role="button" href="reviews.php" title="' . translate("Back to Reviews Index") . '"><i class="fa fa-lg fa-undo"></i>
</a>';
include "footer.php";
}
function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage)
{
global $admin, $EditedMessage, $prefix, $db, $module_name;
include 'header.php';
if (eregi("<!--pagebreak-->", $text)) {
$text = ereg_replace("<!--pagebreak-->", "<!--pagebreak-->;", $text);
}
$id = intval($id);
$title = stripslashes(FixQuotes(check_html($title, "nohtml")));
$text = htmlspecialchars(stripslashes(Fixquotes(urldecode(check_html($text, "")))));
$reviewer = stripslashes(check_html($reviewer, "nohtml"));
$url_title = stripslashes(check_html($url_title, "nohtml"));
$email = stripslashes(check_html($email, "nohtml"));
$score = intval($score);
$cover = stripslashes(check_html($cover, "nohtml"));
$url = stripslashes(check_html($url, "nohtml"));
$url_title = stripslashes(check_html($url_title, "nohtml"));
$hits = intval($hits);
if (eregi("<!--pagebreak-->", $text)) {
$text = ereg_replace("<!--pagebreak-->", "<!--pagebreak-->", $text);
}
OpenTable();
echo "<br><center>" . _RTHANKS . "";
$id = intval($id);
if ($id != 0) {
echo " " . _MODIFICATION . "";
} else {
echo ", {$reviewer}";
}
echo "!<br>";
if ($score < 0 or $score > 10) {
$score = 0;
}
if (is_admin($admin) && $id == 0) {
$db->sql_query("INSERT INTO " . $prefix . "_reviews VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$cover}', '{$url}', '{$url_title}', '1', '{$rlanguage}')");
echo "" . _ISAVAILABLE . "";
} else {
if (is_admin($admin) && $id != 0) {
$db->sql_query("UPDATE " . $prefix . "_reviews SET date='{$date}', title='{$title}', text='{$text}', reviewer='{$reviewer}', email='{$email}', score='{$score}', cover='{$cover}', url='{$url}', url_title='{$url_title}', hits='{$hits}', rlanguage='{$rlanguage}' where id = '{$id}'");
echo "" . _ISAVAILABLE . "";
} else {
$db->sql_query("INSERT INTO " . $prefix . "_reviews_add VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$url}', '{$url_title}', '{$rlanguage}')");
echo "" . _EDITORWILLLOOK . "";
}
}
echo "<br><br>[ <a href=\"modules.php?name={$module_name}\">" . _RBACK . "</a> ]<br></center>";
CloseTable();
include "footer.php";
}
