#!/usr/bin/perl
########################################################################
# COPYRIGHT NOTICE:
#
# Copyright 2003 FocalMedia.Net All Rights Reserved.
#
# Selling the code for this program without prior written consent
# from FocalMedia.Net is expressly forbidden. You may not
# redistribute this program in any shape or form.
#
# This program is distributed "as is" and without warranty of any
# kind, either express or implied. In no event shall the liability
# of FocalMedia.Net for any damages, losses and/or causes of action
# exceed the total amount paid by the user for this software.
#
########################################################################
#### EDIT HERE -- FOR WINDOWS/IIS BASED INSTALLATIONS ONLY #######
$config_cgi = "config.cgi"; ## <-- CHANGE THIS LINE TO THE FULL SERVER PATH TO config.cgi
# THE PATH ON A WINDOWS INSTALLATION WILL LOOK SOMETHING LIKE THIS:
# $config_cgi = "c:/inetpub/webpub/cgi-bin/pseek/config.cgi";
#### DO NOT CHANGE ANYTHING BELOW THIS LINE #################
#use FindBin;
#use lib $FindBin::Bin;
use CGI;
use DBI;
use pseek;
use CGI::Carp qw(fatalsToBrowser);
use fmspm;
#### REDIRECT URL
# Set a URL address below to redirect users if the rating link is not valid.
# The line below should look like this for example:
# $redirect_url = "http://www.somewhere.com";
$redirect_url = "";
&get_setup;
fmspm::check_spamb("reviews.cgi", "header", "$data_dir");
$q = CGI->new;
#################
print "Content-type: text/html\n\n";
if ($q->param('fct') eq ""){&review_display;}
if ($q->param('fct') eq "save_review"){&save_review;}
################
sub save_review
{
$gsettings = new_gsettings tseek;
### CHECK IF REGISTRATION SYSTEM IS IN USE AND IF USER NEEDS TO BE LOGGED IN TO RATE LINKS
if (($gsettings->{addurl_reg_system} eq "Yes") and ($gsettings->{comments_reg_system} eq "Yes"))
{
### CHECK IF USER IS LOGGED IN
$query = new CGI;
$usercookie = $query->cookie('cpuser');
$passcookie = $query->cookie('cppass');
if (($usercookie ne "") and ($passcookie ne ""))
{
if ($mysql_hostname eq ""){$dsn = "DBI:mysql:$db_name";}else{$dsn = "DBI:mysql:$db_name:$mysql_hostname:$mysql_port";}
$dbh = DBI->connect($dsn, $db_username, $db_password);
if ( !defined $dbh ) {die "Cannot connect to MySQL server: $DBI::errstr\n"; }
#$sql = "SELECT * FROM lnkusers WHERE rgsuser = '$passed_user' AND rgspass = '$passed_pass' AND activated = 'Y'";
$sql = "SELECT * FROM lnkusers WHERE rgsuser = '$usercookie' AND rgspass = '$passcookie'";
$sth = $dbh->prepare($sql);
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror - From: $sql";}
$rows = $sth->rows();
$sth->finish;
$dbh->disconnect;
if ($rows < 1)
{
$cp_template = pseek::get_file_contents("$data_dir/rgs_rcomment.html");
$cp_template = pseek::ts_insert_template_includes($cp_template);
$cp_template = pseek::fill_vars($cp_template);
print $cp_template;
exit;
}
}
else
{
$cp_template = pseek::get_file_contents("$data_dir/rgs_rcomment.html");
$cp_template = pseek::ts_insert_template_includes($cp_template);
$cp_template = pseek::fill_vars($cp_template);
print $cp_template;
exit;
}
}
#### ERROR CHECKING
$rtext = pseek::get_file_contents("$data_dir/reviews2.txt");
@rtext = split (/\n/, $rtext);
$addurltext = pseek::get_file_contents("$data_dir/addurl2.txt");
@ctexts = split (/\n/, $addurltext);
if ($q->param('name') eq "")
{
# 0 Please supply a name.
$error_text = $rtext[0];
}
if ($q->param('review') eq "")
{
# 1 Please supply a review.
$error_text = $rtext[1];
}
$comment_max_chars = $gsettings->{comment_max_chars};
if ($comment_max_chars < 1) { $comment_max_chars = 256; }
if (length($q->param('review')) > $comment_max_chars)
{
# 1 Max characters allowed exceeded.
$error_text = $rtext[2];
}
### IMAGE AUTH
if ($gsettings->{c_image_auth} eq "Yes")
{
$img_auth_check = pseek::check_img_auth;
if ($img_auth_check eq "false") { $error_text = $ctexts[15]; }
}
####
($lnkid, $cid) = split (/-/, $q->param('id'));
if ($error_text ne "")
{
$prb_template = pseek::get_file_contents("$data_dir/reviewproblem.html");
$prb_template =~ s/%%problem%%/$error_text/gi;
$prb_template =~ s/!!scripts_url!!/$script_url/gi;
if ($gsettings->{searchmeth} eq "fulltext")
{
$prb_template =~ s/!!tseeksearch!!/$script_url\/search2\.cgi/gi;
}
else
{
$prb_template =~ s/!!tseeksearch!!/$script_url\/search\.cgi/gi;
}
$prb_template =~ s/!build_url!/$web_url/gi;
$prb_template =~ s/!!build_url!!/$web_url/gi;
$prb_template = pseek::ts_insert_template_includes($prb_template);
$prb_template = pseek::fill_vars($prb_template);
$prb_template = pseek::insert_go_back_buttons($prb_template, $lnkid, $cid);
print $prb_template; exit;
}
if ($mysql_hostname eq ""){$dsn = "DBI:mysql:$db_name";}else{$dsn = "DBI:mysql:$db_name:$mysql_hostname:$mysql_port";}
$dbh = DBI->connect($dsn, $db_username, $db_password);
if ( !defined $dbh ) {die "Cannot connect to MySQL server: $DBI::errstr\n"; }
$sth = $dbh->prepare("SELECT cid FROM links WHERE lnkid = '$lnkid'");
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror \n From: $sql";}
$rows = $sth->rows();
while ( @row = $sth->fetchrow() )
{
$cid = $row[0];
}
if ($rows < 1)
{
if ($redirect_url ne "")
{
print qq[
FocalMedia.Net
];
exit;
}
else
{
print "Invalid Link";
exit;
}
}
if (($cid eq "") or ($lnkid eq "")) { print "Error: Invalid link"; exit; }
$name = $q->param('name');
$name =~ s/'/\\'/g;
$email = $q->param('email');
$email =~ s/'/\\'/g;
$review = $q->param('review');
$review =~ s/'/\\'/g;
$timep = time();
#### CONNECT TO DB
$sth = $dbh->prepare("INSERT INTO reviews SET cid = '$cid',
lnkid = '$lnkid',
rname = '$name',
remail = '$email',
review = '$review',
approved = 'N',
date = '$timep'
");
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror \n From: $sql";}
$comment_template = pseek::get_file_contents("$data_dir/reviewadded.html");
$comment_template =~ s/!!scripts_url!!/$script_url/g;
if ($gsettings->{searchmeth} eq "fulltext")
{
$comment_template =~ s/!!tseeksearch!!/$script_url\/search2\.cgi/gi;
}
else
{
$comment_template =~ s/!!tseeksearch!!/$script_url\/search\.cgi/gi;
}
$comment_template =~ s/!build_url!/$web_url/g;
$comment_template =~ s/!!build_url!!/$web_url/g;
$wsql = "SELECT * FROM dirs WHERE cid = '$cid'";
$sth = $dbh->prepare($wsql);
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror \n From: $wsql";}
$lv = 0;
while ( @row = $sth->fetchrow() )
{
for ($ms = 2; $ms < 18; $ms++)
{
if ($row[$ms] ne "")
{
if ($gsettings->{dyn_stat} eq "Static")
{
$link_to_cat = $link_to_cat . pseek::encode_dir($row[$ms]) . "/";
}
else
{
$lv++;
$link_to_cat = $link_to_cat . pseek::encode_dir($row[$ms]) . "-";
}
$category = $category . $row[$ms] . "/";
}
}
}
$category = substr($category, 0, length($category) - 1);
if ($gsettings->{dyn_stat} eq "Static")
{
$category = "$category";
}
else
{
$link_to_cat = substr($link_to_cat, 0, length($link_to_cat) - 1);
$category = "$category";
}
$comment_template =~ s/%%category%%/$category/g;
$comment_template =~ s/!!category!!/$category/g;
##### GET LINK INFO
$wsql = "SELECT * FROM links WHERE lnkid = '$lnkid'";
$sth = $dbh->prepare($wsql);
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror - From: $wsql";}
while ( @row = $sth->fetchrow() )
{
$title_with_link = $row[2];
$description = $row[3];
$url = $row[5];
$rating = $row[10];
$votes = $row[11];
$hits = $row[12];
$date = $row[17];
}
$date = pseek::decode_date($date);
if ($rating eq "") { $rating = 0; }
if ($votes eq "") { $votes = 0; }
if ($hits eq "") { $hits = 0; }
if (($url eq "http://") or ($url eq ""))
{
$title_with_link = "$title_with_link";
}
else
{
$title_with_link = "$title_with_link";
}
$comment_template =~ s/%%title_with_link%%/$title_with_link/gi;
$comment_template =~ s/!!title_with_link!!/$title_with_link/gi;
$comment_template =~ s/%%description%%/$description/gi;
$comment_template =~ s/!!description!!/$description/gi;
$comment_template =~ s/%%url%%/$url/gi;
$comment_template =~ s/!!url!!/$url/gi;
$comment_template =~ s/%%itemurl%%/$url/gi;
$comment_template =~ s/!!itemurl!!/$url/gi;
$comment_template =~ s/%%rating%%/$rating/gi;
$comment_template =~ s/!!rating!!/$rating/gi;
$comment_template =~ s/%%votes%%/$votes/gi;
$comment_template =~ s/!!votes!!/$votes/gi;
$comment_template =~ s/%%hits%%/$hits/gi;
$comment_template =~ s/!!hits!!/$hits/gi;
$comment_template =~ s/%%date%%/$date/gi;
$comment_template =~ s/!!date!!/$date/gi;
#####
$comment_template =~ s/!!id!!/$lnkid-$cid/gi;
$comment_template =~ s/!!rate_it!!/$script_url\/rateit2.cgi/gi;
$rating_image = pseek::get_rating_images($rating);
$comment_template =~ s/%%rating_image%%/$rating_image/gi;
$comment_template =~ s/!!rating_image!!/$rating_image/gi;
$sth->finish;
$dbh->disconnect;
$comment_template = pseek::insert_images($comment_template, "$script_url/go.cgi?id=$lnkid");
$comment_template = pseek::ts_insert_template_includes($comment_template);
$comment_template = pseek::fill_vars($comment_template);
$comment_template = pseek::insert_go_back_buttons($comment_template, $lnkid, $cid);
print $comment_template;
}
################
sub review_display
{
$gsettings = new_gsettings tseek;
$cid = $q->param('cid');
$lnkid = $q->param('id');
if (($cid eq "") or ($lnkid eq ""))
{
if ($redirect_url ne "")
{
print qq[
FocalMedia.Net
];
exit;
}
else
{
print "Invalid Link";
exit;
}
}
### CONNECT TO DB
if ($mysql_hostname eq ""){$dsn = "DBI:mysql:$db_name";}else{$dsn = "DBI:mysql:$db_name:$mysql_hostname:$mysql_port";}
$dbh = DBI->connect($dsn, $db_username, $db_password);
if ( !defined $dbh ) {die "Cannot connect to MySQL server: $DBI::errstr\n"; }
### GET CATEGORY
$wsql = "SELECT * FROM dirs WHERE cid = '$cid'";
$sth = $dbh->prepare($wsql);
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror \n From: $wsql";}
$rows = $sth->rows();
if ($rows < 1)
{
if ($redirect_url ne "")
{
print qq[
FocalMedia.Net
];
exit;
}
else
{
print "Invalid Link";
exit;
}
}
$lv = 0;
while ( @row = $sth->fetchrow() )
{
for ($ms = 2; $ms < 18; $ms++)
{
if ($row[$ms] ne "")
{
if ($gsettings->{dyn_stat} eq "Static")
{
$link_to_cat = $link_to_cat . pseek::encode_dir($row[$ms]) . "/";
}
else
{
$lv++;
$link_to_cat = $link_to_cat . pseek::encode_dir($row[$ms]) . "-";
}
$category = $category . $row[$ms] . "/";
}
}
}
$category = substr($category, 0, length($category) - 1);
$comment_template = pseek::get_file_contents("$data_dir/review_it.html");
$comment_template =~ s/!!scripts_url!!/$script_url/g;
if ($gsettings->{searchmeth} eq "fulltext")
{
$comment_template =~ s/!!tseeksearch!!/$script_url\/search2\.cgi/g;
}
else
{
$comment_template =~ s/!!tseeksearch!!/$script_url\/search\.cgi/g;
}
$comment_template =~ s/!build_url!/$web_url/g;
$comment_template =~ s/!!build_url!!/$web_url/g;
if ($gsettings->{dyn_stat} eq "Static")
{
$category = "$category";
}
else
{
$link_to_cat = substr($link_to_cat, 0, length($link_to_cat) - 1);
$category = "$category";
}
$comment_template =~ s/%%category%%/$category/g;
$comment_template =~ s/!!category!!/$category/g;
##### GET LINK INFO
$wsql = "SELECT * FROM links WHERE lnkid = '$lnkid'";
$sth = $dbh->prepare($wsql);
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror \n From: $wsql";}
$rows = $sth->rows();
if ($rows < 1)
{
if ($redirect_url ne "")
{
print qq[
FocalMedia.Net
];
exit;
}
else
{
print "Invalid Link";
exit;
}
}
while ( @row = $sth->fetchrow() )
{
$title_with_link = $row[2];
$description = $row[3];
$url = $row[5];
$rating = $row[10];
$votes = $row[11];
$hits = $row[12];
$date = $row[17];
}
$date = pseek::decode_date($date);
if ($rating eq "") { $rating = 0; }
if ($votes eq "") { $votes = 0; }
if ($hits eq "") { $hits = 0; }
if (($url eq "http://") or ($url eq ""))
{
$title_with_link = "$title_with_link";
}
else
{
$title_with_link = "$title_with_link";
}
$comment_template =~ s/%%title_with_link%%/$title_with_link/gi;
$comment_template =~ s/!!title_with_link!!/$title_with_link/gi;
$comment_template =~ s/%%description%%/$description/gi;
$comment_template =~ s/!!description!!/$description/gi;
$comment_template =~ s/%%url%%/$url/gi;
$comment_template =~ s/!!url!!/$url/gi;
$comment_template =~ s/%%itemurl%%/$url/gi;
$comment_template =~ s/!!itemurl!!/$url/gi;
$comment_template =~ s/%%rating%%/$rating/gi;
$comment_template =~ s/!!rating!!/$rating/gi;
$comment_template =~ s/%%votes%%/$votes/gi;
$comment_template =~ s/!!votes!!/$votes/gi;
$comment_template =~ s/%%hits%%/$hits/gi;
$comment_template =~ s/!!hits!!/$hits/gi;
$comment_template =~ s/%%date%%/$date/gi;
$comment_template =~ s/!!date!!/$date/gi;
#####
$comment_template =~ s/!!id!!/$lnkid-$cid/gi;
$comment_template =~ s/!!rate_it!!/$script_url\/rateit2.cgi/gi;
$rating_image = pseek::get_rating_images($rating);
$comment_template =~ s/%%rating_image%%/$rating_image/gi;
$comment_template =~ s/!!rating_image!!/$rating_image/gi;
$dizbox = <
END_OF_DB
$comment_template =~ s/%%description_box%%/$dizbox/gi;
$comment_template =~ s/!!description_box!!/$dizbox/gi;
$comment_template =~ s/!!review_it!!/$script_url\/reviews.cgi/gi;
#### GET REVIEWS FOR THIS LINK IF ANY
if ($gsettings->{comment_sorting} eq "old") { $sortby = " ORDER by date ASC"; } else { $sortby = " ORDER by date DESC"; }
$wsql = "SELECT * FROM reviews WHERE lnkid = '$lnkid' AND approved = 'Y' $sortby";
$sth = $dbh->prepare($wsql);
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror - From: $wsql";}
$rows = $sth->rows();
$clisting_template = pseek::get_file_contents("$data_dir/reviewlinks.html");
if ($rows > 0)
{
while ( @row = $sth->fetchrow() )
{
$comments_listings = $clisting_template;
$comments_listings =~ s/%%reviewer%%/$row[3]/g;
$comments_listings =~ s/%%review%%/$row[5]/g;
$date = pseek::decode_date($row[7]);
$comments_listings =~ s/%%date%%/$date/g;
$comments_listings =~ s/%%reviewer_email%%/$row[4]/g;
$cm_listings = $cm_listings . $comments_listings;
}
}
$sth->finish;
$dbh->disconnect;
if ($cm_listings eq "") { $cm_listings = $gsettings->{no_comments_text};}
$comment_template =~ s/%%review_listings%%/$cm_listings/g;
$comment_template = pseek::insert_images($comment_template, "$script_url/go.cgi?id=$lnkid");
$comment_template = pseek::ts_insert_template_includes($comment_template);
$comment_template = pseek::fill_vars($comment_template);
### IMAGE AUTHENTICATION
if ($gsettings->{c_image_auth} eq "Yes")
{
$imgbox = pseek::get_imgboxes;
($imdisp, $imgnames) = split (/:::/, $imgbox);
$imgnames =~ s/\.gif//gi;
$comment_template =~ s/!!ia!!/$imgnames/g;
$comment_template =~ s/%%imgbox%%/$imdisp/g;
}
$comment_template = pseek::insert_go_back_buttons($comment_template, $lnkid, $cid);
print $comment_template;
}
sub get_setup
{
$exists = (-e "$config_cgi");
if ($exists > 0)
{
open (STP, "$config_cgi");
while (defined($line=))
{
if ($line =~ m/#/g)
{
$r = pos($line);
$line = substr($line, 0, $r - 1);
}
$line =~ s/\n//g;
if ($line =~ /^DB_NAME/){$db_name = &get_setup_line($line, DB_NAME);}
if ($line =~ /^DB_USERNAME/){$db_username = &get_setup_line($line, DB_USERNAME);}
if ($line =~ /^DB_PASSWORD/){$db_password = &get_setup_line($line, DB_PASSWORD);}
if ($line =~ /^MYSQL_HOSTNAME/){$mysql_hostname = &get_setup_line($line, MYSQL_HOSTNAME);}
if ($line =~ /^MYSQL_PORT/){$mysql_port = &get_setup_line($line, MYSQL_PORT);}
if ($line =~ /^SCRIPT_URL/){$script_url = &get_setup_line($line, SCRIPT_URL);}
if ($line =~ /^ADMIN_URL/){$admin_url = &get_setup_line($line, ADMIN_URL);}
if ($line =~ /^WEB_URL/){$web_url = &get_setup_line($line, WEB_URL);}
if ($line =~ /^WEB_DIR/){$web_dir = &get_setup_line($line, WEB_DIR);}
if ($line =~ /^DATA_DIR/){$data_dir = &get_setup_line($line, DATA_DIR);}
if ($line =~ /^USERNAME/){$username = &get_setup_line($line, USERNAME);}
if ($line =~ /^PASSWORD/){$password = &get_setup_line($line, PASSWORD);}
}
close (STP);
}
}
sub get_setup_line
{
my ($setup_line, $setup_var) = @_;
$crit = "\"";
$setup_line =~ m/$crit/g;
$r1 = pos($setup_line);
$setup_line =~ m/$crit/g;
$r2 = pos($setup_line);
$setup_line = substr($setup_line, $r1, ($r2 - $r1 - 1));
$return_val = $setup_line;
return ($return_val);
}
#### END CONFIGURATION ########################################################