} else { $speedlimiterror = 0; } if (!$voted && !$speedlimiterror) { //if the user hasn't yet voted, then vote normally... if ($vote_sent >= 1 && $vote_sent <= $units && $ip == $ip_num) { // keep votes within range, make sure IP matches - no monkey business! list($new_rating, $added) = RATING_addVote($plugin, $id_sent, $vote_sent, $uid, $ip); COM_updateSpeedlimit('rate'); } } else { $added = $current_votes; $new_rating = $current_rating; } } else { list($rating_id, $current_rating, $cout) = RATING_getRating($plugin, $id_sent); $added = $count; $new_rating = $current_rating; $status = 3; } $count = $added; $current_rating = $new_rating; $tense = $count == 1 ? $LANG13['vote'] : $LANG13['votes']; // set message if ($status == 1) { // either IP or UID has already voted $message = "<script>alert('" . $LANG13['ip_rated'] . "');</script>"; } elseif ($status == 2) { $message = "<script>alert('" . sprintf($LANG13['rate_speedlimit'], $last, $_CONF['rating_speedlimit']) . "');</script>"; } elseif ($status == 3) { // no permission to vote or your already own the item
/** * Add a new rating to an item * * Adds a new rating for an item. This will calculate the new overall * rating, update the vote table with the user / ip info and ask the * plugin to update its records. * * @param string $type plugin name * @param string $item_id item id * @param int $rating rating sent by user * @param int $uid user id of rater * @param string $ip IP address of rater * @return array an array with the new overall rating and total number * of votes. * */ function RATING_addVote($type, $item_id, $rating, $uid, $ip) { global $_TABLES; $ratingdate = time(); list($rating_id, $current_rating, $current_votes) = RATING_getRating($type, $item_id); if ($rating < 1) { return array($current_rating, $current_votes); } $tresult = DB_query("SELECT SUM( rating ),COUNT( item_id ) FROM {$_TABLES['rating_votes']} WHERE item_id = '" . DB_escapeString($item_id) . "' AND type='" . DB_escapeString($type) . "'"); if (DB_numRows($tresult) > 0) { list($total_rating, $total_votes) = DB_fetchArray($tresult); } else { $total_rating = 0; $total_votes = 0; } $sum = $total_rating + $rating; $votes = $total_votes + 1; if ($sum > 0 && $votes > 0) { $new_rating = $sum / $votes; } else { $new_rating = 0; $sum = 0; $votes = 0; } $new_rating = sprintf("%2.02f", $new_rating); if ($rating_id != 0) { $sql = "UPDATE {$_TABLES['rating']} SET votes=" . $votes . ", rating='" . DB_escapeString($new_rating) . "' WHERE id = " . $rating_id; DB_query($sql); } else { $sql = "SELECT MAX(id) + 1 AS newid FROM " . $_TABLES['rating']; $result = DB_query($sql); $row = DB_fetchArray($result); $newid = $row['newid']; if ($newid < 1) { $newid = 1; } $sql = "INSERT INTO {$_TABLES['rating']} (id,type,item_id,votes,rating) VALUES (" . $newid . ", '" . $type . "','" . DB_escapeString($item_id) . "'," . $votes . ",'" . DB_escapeString($new_rating) . "' )"; DB_query($sql); } $sql = "INSERT INTO {$_TABLES['rating_votes']} (type,item_id,rating,uid,ip_address,ratingdate) " . "VALUES ('" . DB_escapeString($type) . "','" . DB_escapeString($item_id) . "'," . $rating . "," . $uid . ",'" . DB_escapeString($ip) . "'," . $ratingdate . ");"; DB_query($sql); PLG_itemRated($type, $item_id, $new_rating, $votes); return array($new_rating, $votes); }
/** * Saves the story in it's final state to the database. * * Handles all the SID magic etc. * @return Integer status result from a constant list. */ function saveToDatabase() { global $_TABLES, $_CONF; if (DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1") == $this->_tid) { $this->_featured = 0; $this->_frontpage = 0; $this->_statuscode = STORY_ARCHIVE_ON_EXPIRE; } if ($this->_featured != 1) { $this->_featured = 0; } if ($this->_statuscode == '') { $this->_statuscode = 0; } if ($this->_owner_id == '') { $this->_owner_id = 1; } /* if a featured, non-draft, that goes live straight away, unfeature * other stories in same topic: */ if ($this->_featured == '1') { // there can only be one non-draft featured story if ($this->_draft_flag == 0 and $this->_date <= time()) { if ($this->_frontpage == 1) { // un-feature any featured frontpage story DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND frontpage = 1 AND date <= NOW()"); } // un-feature any featured story in the same topic DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND tid = '{$this->_tid}' AND date <= NOW()"); } } $oldArticleExists = false; $currentSidExists = false; /* Fix up old sid => new sid stuff */ if ($this->_sid != $this->_originalSid) { /* The sid has changed. Load from request will have * ensured that if the new sid exists an error has * been thrown, but we need to know if the old sid * actually existed (as opposed to being a generated * sid that was then thrown away) to reduce the sheer * number of SQL queries we do. */ $checksid = DB_escapeString($this->_originalSid); $newsid = DB_escapeString($this->_sid); $sql = "SELECT 1 FROM {$_TABLES['stories']} WHERE sid='{$checksid}'"; $result = DB_query($sql); if ($result && DB_numRows($result) > 0) { $oldArticleExists = true; } if ($oldArticleExists) { /* Move Comments */ $sql = "UPDATE {$_TABLES['comments']} SET sid='{$newsid}' WHERE type='article' AND sid='{$checksid}'"; DB_query($sql); /* Move Images */ $sql = "UPDATE {$_TABLES['article_images']} SET ai_sid = '{$newsid}' WHERE ai_sid = '{$checksid}'"; DB_query($sql); /* Move trackbacks */ $sql = "UPDATE {$_TABLES['trackback']} SET sid='{$newsid}' WHERE sid='{$checksid}' AND type='article'"; DB_query($sql); /* Move ratings */ $sql = "UPDATE {$_TABLES['rating']} SET item_id='{$newsid}' WHERE item_id='{$checksid}' AND type='article'"; DB_query($sql); $sql = "UPDATE {$_TABLES['rating_votes']} SET item_id='{$newsid}' WHERE item_id='{$checksid}' AND type='article'"; DB_query($sql); CACHE_remove_instance('story_' . $this->_originalSid); } } /* Acquire Comment Count */ $sql = "SELECT count(1) FROM {$_TABLES['comments']} WHERE type='article' AND sid='" . DB_escapeString($this->_sid) . "'"; $result = DB_query($sql); if ($result && DB_numRows($result) == 1) { $array = DB_fetchArray($result); $this->_comments = $array[0]; } else { $this->_comments = 0; } /* Acquire Rating / Votes */ list($rating_id, $rating, $votes) = RATING_getRating('article', $this->_sid); $this->_rating = $rating; $this->_votes = $votes; //@TODO - remove this call on save // Get the related URLs $this->_related = implode("\n", STORY_extractLinks("{$this->_introtext} {$this->_bodytext}")); $sql = 'REPLACE INTO ' . $_TABLES['stories'] . ' ('; $values = ' VALUES ('; $fields = ''; reset($this->_dbFields); /* This uses the database field array to generate a SQL Statement. This * means that when adding new fields to save and load, all we need to do * is add the field name to the array, and the code will magically cope. */ while (list($fieldname, $save) = each($this->_dbFields)) { if ($save === 1) { $varname = '_' . $fieldname; $sql .= $fieldname . ', '; if ($fieldname == 'date' || $fieldname == 'expire' || $fieldname == 'comment_expire') { // let the DB server do this conversion if (!empty($this->{$varname})) { $values .= 'FROM_UNIXTIME(' . $this->{$varname} . '), '; } else { $values .= "'0000-00-00 00:00:00', "; } } else { $values .= '\'' . DB_escapeString($this->{$varname}) . '\', '; } } } $sql = substr($sql, 0, strlen($sql) - 2); $values = substr($values, 0, strlen($values) - 2); $sql .= ') ' . $values . ')'; DB_query($sql); CACHE_remove_instance('story_' . $this->_sid); /* Clean up the old story */ if ($oldArticleExists && !empty($checksid)) { $sql = "DELETE FROM {$_TABLES['stories']} WHERE sid='{$checksid}'"; DB_query($sql); CACHE_remove_instance('story_' . $this->_originalSid); } if ($this->type == 'submission') { if (!empty($checksid)) { DB_delete($_TABLES['storysubmission'], 'sid', $checksid); } else { DB_delete($_TABLES['storysubmission'], 'sid', DB_escapeString($this->_sid)); } } CACHE_remove_instance('whatsnew'); CACHE_remove_instance('stmenu'); return STORY_SAVED; }