73 lines
2.9 KiB
PHP
73 lines
2.9 KiB
PHP
<?php
|
|
@session_start();
|
|
@error_reporting( 7 );
|
|
@ini_set( 'display_errors', true );
|
|
@ini_set( 'html_errors', false );
|
|
|
|
define( 'DATALIFEENGINE', true );
|
|
define( 'ROOT_DIR', substr( dirname( __FILE__ ), 0, -12 ) );
|
|
define( 'SYSTEM_DIR', ROOT_DIR . '/system' );
|
|
|
|
$go_rate = intval( $_REQUEST['go_rate'] );
|
|
$id = intval( $_REQUEST['id'] );
|
|
$type = intval( $_REQUEST['type'] );
|
|
|
|
if( $go_rate > 1 or $go_rate < -1 ) $go_rate = 0;
|
|
if( ! $go_rate or ! $id ) die( "Hacking attempt!" );
|
|
|
|
include SYSTEM_DIR . '/data/config.php';
|
|
require_once SYSTEM_DIR . '/classes/mysql.php';
|
|
require_once SYSTEM_DIR . '/data/dbconfig.php';
|
|
require_once SYSTEM_DIR . '/modules/functions.php';
|
|
|
|
$_REQUEST['skin'] = totranslit($_REQUEST['skin'], false, false);
|
|
if( $_REQUEST['skin'] ) {if( @is_dir( ROOT_DIR . '/templates/' . $_REQUEST['skin'] ) ) {$config['skin'] = $_REQUEST['skin'];
|
|
} else {die( "Hacking attempt!" );}}
|
|
|
|
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
|
|
$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];
|
|
|
|
$user_group = $cache->get( "usergroup" );
|
|
if( ! $user_group ) {$user_group = array ();
|
|
$db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
|
|
while ( $row = $db->get_row() ) {$user_group[$row['id']] = array ();
|
|
foreach ( $row as $key => $value ) {$user_group[$row['id']][$key] = stripslashes($value);}
|
|
}
|
|
$cache->set( "usergroup", $user_group );
|
|
$db->free();
|
|
}
|
|
|
|
require_once SYSTEM_DIR . '/modules/sitelogin.php';
|
|
|
|
if( ! $user_group[$member_id['user_group']]['allow_rating'] ) die( "Hacking attempt!" );
|
|
$_IP = $db->safesql( $_SERVER['REMOTE_ADDR'] );
|
|
|
|
$member_id['name'] = $db->safesql($member_id['name']);
|
|
if( $is_logged ) $where = "member = '{$member_id['name']}'"; else $where = "ip ='{$_IP}'";
|
|
|
|
$row = $db->super_query( "SELECT type_id FROM " . PREFIX . "_rate where type_id ='$id' AND {$where} AND type='$type'" );
|
|
|
|
if( ! $row['type_id'] AND count( explode( ".", $_IP ) ) == 4 ) {
|
|
if($type==1)$db->query( "UPDATE " . PREFIX . "_post set rating=rating+'$go_rate' where id ='$id'" );
|
|
else $db->query("UPDATE " . PREFIX . "_comments set rating=rating+'$go_rate' where id ='$id'");
|
|
|
|
if ($db->get_affected_rows()){
|
|
if( $is_logged ) $user_name = $member_id['name']; else $user_name = "anonymous";
|
|
$rate_date = time() + (0 * 60);
|
|
|
|
$db->query( "INSERT INTO " . PREFIX . "_rate (type_id, ip, member, date, rating, type) values ('$id', '$_IP', '$user_name', '$rate_date', '$go_rate', '$type')" );
|
|
$cache->clear( array('news_', 'comm_', 'rss') );
|
|
}}
|
|
|
|
if($type==1){
|
|
$row = $db->super_query( "SELECT id, rating FROM " . PREFIX . "_post where id ='$id'" );
|
|
$buffer = ShortRating( $row['id'], $row['rating'], false );
|
|
}else{
|
|
$row = $db->super_query("SELECT * FROM " . PREFIX . "_comments where id ='$id'");
|
|
$buffer = CommRating($row['id'], $row['rating'], false);
|
|
}
|
|
$db->close();
|
|
|
|
@header( "Content-type: text/html; charset=" . $config['charset'] );
|
|
echo $buffer;
|
|
?>
|