sibtracker/system/ajax/rating.php
2019-05-18 13:46:03 +08:00

73 lines
2.9 KiB
PHP

<?php
@session_start();
@error_reporting( 7 );
@ini_set( 'display_errors', true );
@ini_set( 'html_errors', false );
define( 'DATALIFEENGINE', true );
define( 'ROOT_DIR', substr( dirname( __FILE__ ), 0, -12 ) );
define( 'SYSTEM_DIR', ROOT_DIR . '/system' );
$go_rate = intval( $_REQUEST['go_rate'] );
$id = intval( $_REQUEST['id'] );
$type = intval( $_REQUEST['type'] );
if( $go_rate > 1 or $go_rate < -1 ) $go_rate = 0;
if( ! $go_rate or ! $id ) die( "Hacking attempt!" );
include SYSTEM_DIR . '/data/config.php';
require_once SYSTEM_DIR . '/classes/mysql.php';
require_once SYSTEM_DIR . '/data/dbconfig.php';
require_once SYSTEM_DIR . '/modules/functions.php';
$_REQUEST['skin'] = totranslit($_REQUEST['skin'], false, false);
if( $_REQUEST['skin'] ) {if( @is_dir( ROOT_DIR . '/templates/' . $_REQUEST['skin'] ) ) {$config['skin'] = $_REQUEST['skin'];
} else {die( "Hacking attempt!" );}}
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];
$user_group = $cache->get( "usergroup" );
if( ! $user_group ) {$user_group = array ();
$db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
while ( $row = $db->get_row() ) {$user_group[$row['id']] = array ();
foreach ( $row as $key => $value ) {$user_group[$row['id']][$key] = stripslashes($value);}
}
$cache->set( "usergroup", $user_group );
$db->free();
}
require_once SYSTEM_DIR . '/modules/sitelogin.php';
if( ! $user_group[$member_id['user_group']]['allow_rating'] ) die( "Hacking attempt!" );
$_IP = $db->safesql( $_SERVER['REMOTE_ADDR'] );
$member_id['name'] = $db->safesql($member_id['name']);
if( $is_logged ) $where = "member = '{$member_id['name']}'"; else $where = "ip ='{$_IP}'";
$row = $db->super_query( "SELECT type_id FROM " . PREFIX . "_rate where type_id ='$id' AND {$where} AND type='$type'" );
if( ! $row['type_id'] AND count( explode( ".", $_IP ) ) == 4 ) {
if($type==1)$db->query( "UPDATE " . PREFIX . "_post set rating=rating+'$go_rate' where id ='$id'" );
else $db->query("UPDATE " . PREFIX . "_comments set rating=rating+'$go_rate' where id ='$id'");
if ($db->get_affected_rows()){
if( $is_logged ) $user_name = $member_id['name']; else $user_name = "anonymous";
$rate_date = time() + (0 * 60);
$db->query( "INSERT INTO " . PREFIX . "_rate (type_id, ip, member, date, rating, type) values ('$id', '$_IP', '$user_name', '$rate_date', '$go_rate', '$type')" );
$cache->clear( array('news_', 'comm_', 'rss') );
}}
if($type==1){
$row = $db->super_query( "SELECT id, rating FROM " . PREFIX . "_post where id ='$id'" );
$buffer = ShortRating( $row['id'], $row['rating'], false );
}else{
$row = $db->super_query("SELECT * FROM " . PREFIX . "_comments where id ='$id'");
$buffer = CommRating($row['id'], $row['rating'], false);
}
$db->close();
@header( "Content-type: text/html; charset=" . $config['charset'] );
echo $buffer;
?>