$form_error_message"; $operation = "add"; $form_listing = $listing; $form_reviewer_name = $reviewer_name; $form_reviewer_email = $reviewer_email; $form_reviewer_ip = $reviewer_ip; $form_review_title = $review_title; $form_review_body = $review_body; $form_rating = $rating; $form_date_submitted = $date_submitted; if(get_magic_quotes_gpc()){ $form_listing = stripslashes($listing); $form_reviewer_name = stripslashes($reviewer_name); $form_reviewer_email = stripslashes($reviewer_email); $form_reviewer_ip = stripslashes($reviewer_ip); $form_review_title = stripslashes($review_title); $form_review_body = stripslashes($review_body); $form_rating = stripslashes($rating); $form_date_submitted = stripslashes($date_submitted); } $form_action = "add"; $submit_value="Add Review"; } } elseif($action == 'second'){ list($form_error, $form_error_message) = check_form_data(1); if(!$form_error) { $show_form = 0; // add listing to db $date_submitted = time(); $active = 0; $reviewer_ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; $requete = "INSERT INTO reviews ( "; $requete .= "listing, "; $requete .= "reviewer_name, "; $requete .= "reviewer_email, "; $requete .= "reviewer_ip, "; $requete .= "review_title, "; $requete .= "review_body, "; $requete .= "rating, "; $requete .= "date_submitted, "; $requete .= "active "; $requete .= ") VALUES ( "; $requete .= "$listing, "; $requete .= "'$reviewer_name', "; $requete .= "'$reviewer_email', "; $requete .= "'$reviewer_ip', "; $requete .= "'$review_title', "; $requete .= "'$review_body', "; $requete .= "'$rating', "; $requete .= "FROM_UNIXTIME($date_submitted), "; $requete .= "$active "; $requete .= ")"; $result = mysql_query ($requete, $V['dbConn']) or mysql_die("Failed to add review."); echo "
".REVIEW_THANK_YOU."
"; // email the site admin to inform them of a new review to be approved $requete = "SELECT id FROM reviews WHERE date_submitted = FROM_UNIXTIME($date_submitted)"; $result = mysql_query ($requete, $V['dbConn']); $row = mysql_fetch_object($result); $review_id = $row->id; mysql_free_result($result); $requete = "SELECT config_value FROM config WHERE config_name = 'contact_email'"; $result = mysql_query ($requete, $V['dbConn']); $row = mysql_fetch_object($result); $contact_email = $row->config_value; mysql_free_result($result); $requete = "SELECT config_value FROM config WHERE config_name = 'website_name'"; $result = mysql_query ($requete, $V['dbConn']); $row = mysql_fetch_object($result); $site_name = $row->config_value; mysql_free_result($result); $to = $V['config']['reviewNotificationEmail']; $subject = $site_name." - Review approval needed"; $body = "A review has been submitted that requires approval. To approve this review, click the link below. To delete it, log in to the site administration area and delete it from using the Reviews administration area. ".$V['siteUrl'].$V['adminPath']."reviews.php?action=activate&id=".$review_id." Listing Reviewed: $listing_reviewed Reviewer Name: $reviewer_name Reviewer Email: $reviewer_email Reviewer IP: $reviewer_ip Review Title: $review_title Review Body: $review_body Rating: $rating Date Submitted: ".date("F j, Y g:i A", "$date_submitted")." "; $headers .= "From: <".$V['config']['reviewNotificationEmail'].">\n"; mail($to, $subject, $body, $headers); // end: email the site admin } else { echo "$form_error_message"; $form_listing = $listing; $form_reviewer_name = $reviewer_name; $form_reviewer_email = $reviewer_email; $form_reviewer_ip = $reviewer_ip; $form_review_title = $review_title; $form_review_body = $review_body; $form_date_submitted = $date_submitted; if(get_magic_quotes_gpc()){ $form_listing = stripslashes($listing); $form_reviewer_name = stripslashes($reviewer_name); $form_reviewer_email = stripslashes($reviewer_email); $form_reviewer_ip = stripslashes($reviewer_ip); $form_review_title = stripslashes($review_title); $form_review_body = stripslashes($review_body); $form_rating = stripslashes($rating); $form_date_submitted = stripslashes($date_submitted); } $form_action = "update"; $submit_value="Update Listing"; } } } elseif($operation = "edit") { $show_form = 1; if(get_magic_quotes_gpc()){ $listing = stripslashes($listing); $reviewer_name = stripslashes($reviewer_name); $reviewer_email = stripslashes($reviewer_email); $review_title = stripslashes($review_title); $review_body = stripslashes($review_body); $rating = stripslashes($rating); } $form_listing = $listing; $form_reviewer_name = $reviewer_name; $form_reviewer_email = $reviewer_email; $form_reviewer_ip = $reviewer_ip; $form_review_title = $review_title; $form_review_body = $review_body; $form_rating = $rating; $form_action = "add"; $submit_value = SUBMIT_REVIEW; } else { $show_form = 1; $form_listing = ""; $form_reviewer_name = ""; $form_reviewer_email = ""; $form_reviewer_ip = ""; $form_review_title = ""; $form_review_body = ""; $form_rating = ""; $form_action = "add"; $submit_value = SUBMIT_REVIEW; ?>