#!/usr/bin/perl # MimerDesk # Web based groupware and eLearning environment # www.mimerdesk.org # # Copyright (C) 2001 Ionstream Ltd. # www.ionstream.fi # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the Free # Software Foundation; either version 2 of the License, or (at your option) # any later version. # # This program is distributed with a hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # $Id: product_review_add.html,v 1.10 2002/06/18 15:50:25 inf Exp $ #"""""""""""""""""""""""""""""""""""""""""# # # # MimerDesk: product database # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # (c) Ionstream Oy 1999 - 2001 # # # # Programmed by: Hannes Muurinen # # # #_________________________________________# use lib::MimerDesk; use strict; use vars qw($form $APPLICATION $USER $IP $LAST_ACT $FORWARDED $TIME_USED $IDLE $form_errors $database_error $kuvat $ACTIVEGRP $REVIEWS_NAME $admin_status $GROUPACTIVOR $PRODUCT_INFO $PRODUCT_CATEGORY $PRODUCT_REVIEW $REVIEW_COMMENT $edit_on $trans $default_none_given_text ); use CGI::Carp "fatalsToBrowser"; sub print_template; read_config('../config/mimerdesk.cfg'); $config{'theme'} = 'default'; $APPLICATION = 'Resources - Reviews'; # database table names: $PRODUCT_INFO = 'product_info'; $PRODUCT_CATEGORY = 'product_category'; $PRODUCT_REVIEW = 'product_review'; $REVIEW_COMMENT = 'review_comment'; $edit_on = 'true'; # The main program ################### initialize(); $form = decode_multipart(); $form->{'ID'} =~ tr/0-9//cd; $form->{'auth'} =~ tr/0-9a-z//cd; unlink($form->{'file-to-upload-01'}) if $form->{'file-to-upload-01'} ne '' && $form->{'upload'} ne 'Upload'; ($USER, $IP, $LAST_ACT, $FORWARDED, $TIME_USED, $IDLE, $ACTIVEGRP) = authenticate($form->{'ID'}, $form->{'auth'}, $form->{'changeGroup'}); $trans = lib::MimerDesk->new_gettext(program => 'product_review_add',language => $config{'language'}); $APPLICATION = $trans->gettext('Resources - Reviews'); $REVIEWS_NAME = $trans->gettext('Public reviews'); $default_none_given_text = '-'; #check if the program should behave as a group tool: if ($form->{'grouptool'} =~ /^\d+$/) { lock_tables('READ', 'groupusers'); db_list("SELECT RIGHTS,USER FROM groupusers where USER = '$USER' and GID = '$form->{'grouptool'}'"); while (my $ref = $sth->fetchrow_hashref()) { $admin_status = $ref->{'RIGHTS'}; $GROUPACTIVOR = $ref->{'USER'}; } db_end(); unlock_tables(); if (!$GROUPACTIVOR) { lock_tables('READ', 'users'); db_list("SELECT * FROM users where nimi = '$USER'"); while (my $ref = $sth->fetchrow_hashref()) {$admin_status = $ref->{'flags'};} db_end(); unlock_tables(); } else { # group databases: $PRODUCT_INFO = "$form->{'grouptool'}_$PRODUCT_INFO"; $PRODUCT_CATEGORY = "$form->{'grouptool'}_$PRODUCT_CATEGORY"; $PRODUCT_REVIEW = "$form->{'grouptool'}_$PRODUCT_REVIEW"; $REVIEW_COMMENT = "$form->{'grouptool'}_$REVIEW_COMMENT"; lock_tables('READ', 'groups'); db_list("SELECT GRPNAME,GID FROM groups where GID = '$form->{'grouptool'}'"); while (my $ref = $sth->fetchrow_hashref()) {$REVIEWS_NAME = tagged('a', {href => "group.html?ID=$form->{'ID'}&auth=$form->{'auth'}&changeGroup=$ref->{'GID'}", onMouseOver => "doClock(); return true", class => "contentLinkBlue", content => $ref->{'GRPNAME'}});} db_end(); unlock_tables(); } } else { lock_tables('READ', 'users'); db_list("SELECT * FROM users where nimi = '$USER'"); while (my $ref = $sth->fetchrow_hashref()) {$admin_status = $ref->{'flags'};} db_end(); unlock_tables(); } $edit_on = '' if $admin_status !~ /R0/; #only people with 'R0' admin status can do some serious stuff $kuvat = getPictures(); $form->{'action'} = 'New' if ($form->{'action'} ne 'Modify'); $database_error = ''; if ($form->{'submitreview'} eq 'Submittaa' or $form->{'DELETE'} eq 'Remove') {$database_error = process_updateDatabase();} elsif ($form->{'action'} eq 'Modify' and $form->{'productrevID'} ne '') { fetch_review_stuff($form->{'productrevID'});} if ($form->{'main2'} eq 'Main menu') {redirect("product_review.html?ID=$form->{'ID'}&auth=$form->{'auth'}&productID=$form->{'productID'}&grouptool=$form->{'grouptool'}");} elsif ($form->{'upload'} eq 'Upload') {upload();} elsif ($form->{'picdelete'}) {pic_delete();} elsif ($form->{'picpreviewpop'}) {pic_preview();} elsif ($form->{'reviewpreviewpop'}) {review_preview();} elsif ($database_error ne 'ok' and $form->{'CANCEL'} ne 'Cancel') { print_template("$config{'theme'}_product_review_add");} else { redirect("product_review.html?ID=$form->{'ID'}&auth=$form->{'auth'}&productID=$form->{'productID'}&productrevID=$form->{'productrevID'}&grouptool=$form->{'grouptool'}");} # Subs: ########### # print_template # # 1. makes the calendar / error message (if invalid data is given) # 2. prints the header # 3. concatenates the different parts of the page # 4. replaces the <<>>-tags (including the <>-tag) # 5. prints the rest of the page # sub print_template { my ($template, $ref, $fulltemplate, $calendar, $navigation_right, $calinfo, $navigation_left); $template = shift; print_header('pragma'); $ref = get_template('maintemplate',$template); $ref->{'maintemplate'} =~ s/<>/$ref->{$template}/m; $fulltemplate = $ref->{'maintemplate'}; if ($GROUPACTIVOR) { $fulltemplate = create_buttons($fulltemplate, 'Group', 'Reviews', $form); $APPLICATION = $trans->gettext('Group - Reviews'); } else {$fulltemplate = create_buttons($fulltemplate, 'Resources', 'Reviews', $form);} $fulltemplate =~ s/<>/minea/gm; $ref = get_template('js_doClock', 'js_help', 'js_gotosite'); my $stuff = $ref->{'js_doClock'}.$ref->{'js_help'}.$ref->{'js_gotosite'}; $fulltemplate =~ s/<>/$stuff/ms; $fulltemplate =~ s/<>/$form->{'grouptool'}/msg; $fulltemplate =~ s/<>/$REVIEWS_NAME/msg; $fulltemplate =~ s/<>/MimerDesk\: $APPLICATION/ms; $fulltemplate = replace_product_tags($fulltemplate); $fulltemplate = replace_tags($fulltemplate, $USER, $form->{'auth'}, $form->{'ID'}, $TIME_USED); $fulltemplate = add_popups($fulltemplate, $USER, $form->{'auth'}, $form->{'ID'}); print $fulltemplate; db_end('disconnect'); exit; } ######################################################################### # replace_product_tags - replaces some HTML-tags # #-----------------------------------------------------------------------# # replace_product_tags($some_text_with_tags) # # # # Usage: # # $HTML = replace_product_tags($HTML) # # # ######################################################################### sub replace_product_tags { my $template = shift; my %translations = ('Add' => $trans->gettext('Add item review'), 'Modify' => $trans->gettext('Modify item review')); my $some_HTML = $translations{$form->{'action'}}; $template =~ s/<>/$some_HTML/msg; $template =~ s/<>/$form_errors/ms; $template =~ s/<>/$form->{'productID'}/msg; $template =~ s/<>/$form->{'productrevID'}/msg; $template =~ s/<>/$form->{'action'}/ms; my $categoryID; db_list("SELECT * FROM $PRODUCT_INFO where IDnumber = '$form->{'productID'}'"); while (my $ref = $sth->fetchrow_hashref()) { $template =~ s/<>/$ref->{'name'}/msg; $categoryID = $ref->{'categoryID'}; } db_end(); db_list("SELECT name FROM $PRODUCT_CATEGORY where IDnumber = '$categoryID'"); while (my $ref = $sth->fetchrow_hashref()) { $template =~ s/<>/$ref->{'name'}/msg;} db_end(); $template =~ s/<>/$categoryID/msg; $template =~ s/<>/$form->{'headline'}/msg; $template =~ s/<>/$form->{'article'}/msg; if ($form->{'action'} eq 'Modify') {$some_HTML = qq[ ].$trans->gettext('Remove this review').qq[];} else {$some_HTML = '';} $template =~ s/<>/$some_HTML/msg; # $template =~ s/<>/$form->{'isbn'}/ms; # $template =~ s/<>/$form->{'publisher'}/ms; # $template =~ s/<>/$form->{'pubtime'}/ms; # $template =~ s/<>/$form->{'otherinfo'}/ms; $some_HTML = make_product_rating_options($form->{'rating'}); $template =~ s/<>/$some_HTML/msg; # replace the PICS -tag: my ($rivi,$num,$pic); my @pictures = `ls $config{'xtrapics'}/`; foreach $pic (@pictures) { $pic =~ s/\n//; $num = $num + 1; $rivi .= "\n"; } $template =~ s/<>/$rivi/m; if ($form->{'picpreview'}) { $some_HTML = pic_preview_popup();} elsif ($form->{'reviewpreview'}) { $some_HTML = review_preview_popup();} else { $some_HTML = '';} $template =~ s/<>/$some_HTML/m; return $template; } ######################################################################### # check_form_errors - checks the form for errors # #-----------------------------------------------------------------------# # check_errors() # # # # Returns the errors in HTML format # # # # Usage: # # $form_errors = check_form_errors() # # # ######################################################################### sub check_form_errors { my $errors = ''; return $errors; } ######################################################################### # process_updateDatabase - adds/modifies/removes products in database # #-----------------------------------------------------------------------# # process_updateDatabase() # # # # Adds/modifies products in database. The event data must # # be given in the form. Returns status ("error"/"ok") # # # # Usage: # # $database_modify_status = process_updateDatabase() # # # ######################################################################### sub process_updateDatabase { my $db_error = ''; if ($form->{'DELETE'} eq "Remove") { #check if the user has rights to do the removing db_list("SELECT user FROM $PRODUCT_REVIEW where IDnumber = '$form->{'productrevID'}'"); while (my $ref = $sth->fetchrow_hashref()) {return 'Review not removed' if $ref->{'user'} ne $USER;} db_end(); #do the removing: db_delete($PRODUCT_REVIEW,"IDnumber = '$form->{'productrevID'}' and user = '$USER'"); db_delete($REVIEW_COMMENT,"reviewID = '$form->{'productrevID'}'"); $db_error = 'ok'; $form->{'productrevID'} = ''; # the review with this ID number is deleted -- we don't want to access it any more } else { my $epoch = time; # $form->{'article'} = itag_replacer($form->{'article'}); # $form->{'article'} = urlify($form->{'article'}); ($epoch,$form->{'productID'},$form->{'article'},$form->{'headline'},$form->{'rating'}) = prepare_fordb($epoch,$form->{'productID'},$form->{'article'},$form->{'headline'},$form->{'rating'}); if ($form->{'submitreview'} eq "Submittaa" and $form->{'action'} eq "New") { db_list("insert into $PRODUCT_REVIEW values (NULL,'$USER','$epoch','$form->{'productID'}','$form->{'article'}','$form->{'headline'}','$form->{'rating'}')"); db_list("select LAST_INSERT_ID() as id"); while (my $ref = $sth->fetchrow_hashref()) {$form->{'productrevID'} = $ref->{'id'};} db_end(); } elsif ($form->{'submitreview'} eq "Submittaa" and $form->{'action'} eq "Modify") { db_list("update $PRODUCT_REVIEW set datetime = '$epoch', review = '$form->{'article'}', headline = '$form->{'headline'}', rating = '$form->{'rating'}' where user = '$USER' and IDnumber = '$form->{'productrevID'}'"); db_end(); } } return 'ok'; } #################### # Get picture list # #################### sub getPictures { my($num, %kuvat); my @pictures = `ls $config{'xtrapics'}/`; foreach (@pictures) { s/\n//; $num = $num + 1; $kuvat->{$_} = $num; $kuvat->{$num} = $_; } $num = ''; return \%kuvat; } ######################## # Upload a new picture # ######################## sub upload { my $prefix = $form->{'file-to-upload-01', 'tiedostonimi'}; $prefix =~ s/(.*)\.(.*)$/$2/; $prefix =~ s/\n//; $prefix = lc $prefix; if ($prefix =~ /jpg/ || $prefix =~ /gif/ || $prefix =~ /png/) { unlink("$config{'xtrapics'}".'/'."$form->{'file-to-upload-01', 'tiedostonimi'}"); rename $form->{'file-to-upload-01'},"$config{'xtrapics'}".'/'."$form->{'file-to-upload-01', 'tiedostonimi'}"; write_log("$USER uploaded a new image named $form->{'file-to-upload-01' , 'tiedostonimi'}", 'notify'); } else { unlink($form->{'file-to-upload-01' , 'tiedostonimi'}); write_log("$USER tried to upload a file named $form->{'file-to-upload-01' , 'tiedostonimi'}", 'error'); } print_template("$config{'theme'}_product_review_add"); } ########################### # Delete selected picture # ########################### sub pic_delete { $form->{'pictures'} =~ tr/\/\&\;\`\'\\\"\|\*\?\~\<\>\^\(\)\[\]\{\}\n\r//d; unlink("$config{'xtrapics'}".'/'."$form->{'pictures'}"); print_template("$config{'theme'}_product_review_add"); } ############################ # Preview selected picture # ############################ sub pic_preview { $form->{'pictures'} =~ tr/\/\&\;\`\'\\\"\|\*\?\~\<\>\^\(\)\[\]\{\}\n\r//d; display_pic(); } ####################################################### # Makes the popup command to preview selected picture # ####################################################### sub pic_preview_popup { $form->{'pictures'} =~ tr/\/\&\;\`\'\\\"\|\*\?\~\<\>\^\(\)\[\]\{\}\n\r//d; my $tmpwindowID = (int rand 1000000); return "reviewPopUp(\'ID=$form->{'ID'}\&auth=$form->{'auth'}\&picpreviewpop=true\&pictures=$form->{'pictures'}\&grouptool=$form->{'grouptool'}\',$tmpwindowID,screen.width-50,screen.height-50)"; } ################### # Display picture # ################### sub display_pic { my $piclocation; if ($form->{'pictures'} eq '') { $piclocation = "$config{'loc_pictures'}/nopic.gif"; } else { $piclocation = "$config{'loc_server'}/newspics/$form->{'pictures'}"; } print_header('pragma'); print < Preview picture [$form->{'pictures'}]


Close this window
EOF exit; } ################################################# # Saves the temporary review data to the db and # # makes the popup command to preview the review # ################################################# sub review_preview_popup { my $epoch = time; my $tmpID; my ($productID,$article,$headline,$rating) = ($form->{'productID'},$form->{'article'},$form->{'headline'},$form->{'rating'}); $article = itag_replacer($article); $article = urlify($article); ($epoch,$productID,$article,$headline,$rating) = prepare_fordb($epoch,$productID,$article,$headline,$rating); # productID is set as zero so that the no other users can accidentally see this article (productID:s can normally be only positive integers 1,2,3,...): db_list("insert into $PRODUCT_REVIEW values (NULL,'$USER','$epoch','0','$article','$headline','$rating')"); db_list("select LAST_INSERT_ID() as id"); while (my $ref = $sth->fetchrow_hashref()) {$tmpID = $ref->{'id'};} db_end(); my $tmpwindowID = (int rand 1000000); return "reviewPopUp(\'ID=$form->{'ID'}\&auth=$form->{'auth'}\&reviewpreviewpop=true\&tmpID=$tmpID\&tmpproductID=$productID\&grouptool=$form->{'grouptool'}\',$tmpwindowID,screen.width-50,screen.height-50)"; } ###################### # Preview the review # ###################### # 1. Reads temporary review data from the db # 2. Prints the review # 3. Deletes the temporary data sub review_preview { my ($datetime, $headline, $review, $reviewer, $rating, $product_name); db_list("SELECT * FROM $PRODUCT_REVIEW where IDnumber = '$form->{'tmpID'}' and user = '$USER' and productID = '0'"); while (my $ref = $sth->fetchrow_hashref()) { $datetime = $ref->{'datetime'}; $headline = $ref->{'headline'}; $review = $ref->{'review'}; $reviewer = $ref->{'user'}; $rating = $ref->{'rating'}; } db_end(); my @postingdate = utc_epoch2date($datetime); db_list("SELECT name FROM $PRODUCT_INFO where IDnumber = '$form->{'tmpproductID'}'"); while (my $ref = $sth->fetchrow_hashref()) {$product_name = $ref->{'name'};} db_end(); print_header('pragma'); print < Preview review [$headline]
Review of the item "$product_name"
$headline - $reviewer / \t$postingdate[3].$postingdate[4].$postingdate[5] $postingdate[2]:$postingdate[1]

$review


Rating: $rating/5



Close this window
EOF #Delete the temporary data from the DB: db_delete($PRODUCT_REVIEW,"IDnumber = '$form->{'tmpID'}' and user = '$USER' and productID= '0'"); db_end(); # is this one needed? exit; } ######################################################################### # make_product_rating_options - makes HTML "select" options # #-----------------------------------------------------------------------# # make_product_rating_options($rating) # # # # Returns the "select" field options for product rating in HTML. # # # # Usage: # # $HTML = make_product_rating_options($form->{'rating'}) # # # ######################################################################### sub make_product_rating_options { my $rating = shift; my($HTML, $selected); for(my $i = 1; $i <= 5; $i++) { if ($i == $rating) { $selected = 'SELECTED'; } else { $selected = ''; } $HTML .= qq[