function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $asb_question, $asb_reponse) { global $admin, $user, $NPDS_Prefix; include 'header.php'; $date = reversedate($date); $title = stripslashes(FixQuotes(strip_tags($title))); $text = stripslashes(Fixquotes(urldecode(removeHack($text)))); if (!$user and !$admin) { //anti_spambot if (!R_spambot($asb_question, $asb_reponse, $text)) { Ecr_Log('security', 'Review Anti-Spam : title=' . $title, ''); redirect_url("index.php"); die; } } echo ' <h2>' . translate("Write a Review") . '</h2> <br /><p class="lead text-danger">' . translate("Thanks for submitting this review") . ''; if ($id != 0) { echo " " . translate("modification") . ""; } else { echo ", {$reviewer}"; } echo '<br /><br />'; if ($admin && $id == 0) { sql_query("INSERT INTO " . $NPDS_Prefix . "reviews VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$cover}', '{$url}', '{$url_title}', '1')"); echo translate("It is now available in the reviews database."); } else { if ($admin && $id != 0) { sql_query("UPDATE " . $NPDS_Prefix . "reviews SET date='{$date}', title='{$title}', text='{$text}', reviewer='{$reviewer}', email='{$email}', score='{$score}', cover='{$cover}', url='{$url}', url_title='{$url_title}', hits='{$hits}' WHERE id='{$id}'"); echo translate("It is now available in the reviews database."); } else { sql_query("INSERT INTO " . $NPDS_Prefix . "reviews_add VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$url}', '{$url_title}')"); echo translate("The editors will look at your submission. It should be available soon!"); } } echo '</p><a class="btn btn-default" role="button" href="reviews.php" title="' . translate("Back to Reviews Index") . '"><i class="fa fa-lg fa-undo"></i> </a>'; include "footer.php"; }
function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage) { global $admin, $EditedMessage, $prefix, $db, $module_name; include 'header.php'; if (eregi("<!--pagebreak-->", $text)) { $text = ereg_replace("<!--pagebreak-->", "<!--pagebreak-->;", $text); } $id = intval($id); $title = stripslashes(FixQuotes(check_html($title, "nohtml"))); $text = htmlspecialchars(stripslashes(Fixquotes(urldecode(check_html($text, ""))))); $reviewer = stripslashes(check_html($reviewer, "nohtml")); $url_title = stripslashes(check_html($url_title, "nohtml")); $email = stripslashes(check_html($email, "nohtml")); $score = intval($score); $cover = stripslashes(check_html($cover, "nohtml")); $url = stripslashes(check_html($url, "nohtml")); $url_title = stripslashes(check_html($url_title, "nohtml")); $hits = intval($hits); if (eregi("<!--pagebreak-->", $text)) { $text = ereg_replace("<!--pagebreak-->", "<!--pagebreak-->", $text); } OpenTable(); echo "<br><center>" . _RTHANKS . ""; $id = intval($id); if ($id != 0) { echo " " . _MODIFICATION . ""; } else { echo ", {$reviewer}"; } echo "!<br>"; if ($score < 0 or $score > 10) { $score = 0; } if (is_admin($admin) && $id == 0) { $db->sql_query("INSERT INTO " . $prefix . "_reviews VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$cover}', '{$url}', '{$url_title}', '1', '{$rlanguage}')"); echo "" . _ISAVAILABLE . ""; } else { if (is_admin($admin) && $id != 0) { $db->sql_query("UPDATE " . $prefix . "_reviews SET date='{$date}', title='{$title}', text='{$text}', reviewer='{$reviewer}', email='{$email}', score='{$score}', cover='{$cover}', url='{$url}', url_title='{$url_title}', hits='{$hits}', rlanguage='{$rlanguage}' where id = '{$id}'"); echo "" . _ISAVAILABLE . ""; } else { $db->sql_query("INSERT INTO " . $prefix . "_reviews_add VALUES (NULL, '{$date}', '{$title}', '{$text}', '{$reviewer}', '{$email}', '{$score}', '{$url}', '{$url_title}', '{$rlanguage}')"); echo "" . _EDITORWILLLOOK . ""; } } echo "<br><br>[ <a href=\"modules.php?name={$module_name}\">" . _RBACK . "</a> ]<br></center>"; CloseTable(); include "footer.php"; }