sql_fetchrow($db->sql_query($sql)); if( $value[0] ) { include( "modules/{$name}/include/pagetitle.inc.php" ); } else { $pagetitle = '> Coppermine'; } define('IN_COPPERMINE', true); define('RATEPIC_PHP', true); switch($func) { default: include('header.php'); require( "modules/{$name}/include/init.inc.php" ); // Check if required parameters are present if( !isset( $_GET['pic'] ) || !isset( $_GET['rate'] ) ) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); $pic = (int) filter_input( INPUT_GET , 'pic' , FILTER_SANITIZE_NUMBER_INT ); $rate = (int) filter_input( INPUT_GET , 'rate' , FILTER_SANITIZE_NUMBER_INT ); $rate = min( $rate , 5); $rate = max( $rate , 0); // Retrieve picture/album information & check if user can rate picture $sql = "SELECT a.votes as votes_allowed, p.votes as votes, pic_rating FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE p.aid = a.aid AND pid = '$pic' LIMIT 1"; $result = $db->sql_query($sql); if( !$db->sql_numrows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); $row = $db->sql_fetchrow( $result ); //mysql_free_result($result); if( !USER_CAN_RATE_PICTURES || $row['votes_allowed'] == 'NO' ) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); // Clean votes older votes $curr_time = time(); $clean_before = $curr_time - $CONFIG['keep_votes_time'] * 86400; $sql = "DELETE FROM {$CONFIG['TABLE_VOTES']} WHERE vote_time < $clean_before"; $result = $db->sql_query($sql); // Check if user already rated this picture $user_md5_id = USER_ID ? md5(USER_ID) : $USER['ID']; $sql = "SELECT pic_id FROM {$CONFIG['TABLE_VOTES']} WHERE pic_id = '$pic' AND user_md5_id = '$user_md5_id'"; $result = $db->sql_query($sql); if( $db->sql_numrows($result) ) cpg_die(ERROR, $lang_rate_pic_php['already_rated'], __FILE__, __LINE__); // Update picture rating $new_rating = round( ( $row['votes'] * $row['pic_rating'] + $rate * 2000 ) / ( $row['votes'] + 1 ) ); $sql = "UPDATE {$CONFIG['TABLE_PICTURES']} SET pic_rating = '$new_rating', votes = votes + 1 WHERE pid = '$pic' LIMIT 1"; $result = $db->sql_query($sql); // Update the votes table $sql = "INSERT INTO {$CONFIG['TABLE_VOTES']} VALUES ('$pic', '$user_md5_id', '$curr_time')"; $result = $db->sql_query($sql); $location = "{$CPG_URL}&file=displayimage&pos=-{$pic}"; $header_location = ( @preg_match( '/Microsoft|WebSTAR|Xitami/' , getenv( 'SERVER_SOFTWARE' ) ) ) ? 'Refresh: 0; URL=' : 'Location: '; header( $header_location . $location ); pageheader( $lang_info , "" ); msg_box( $lang_info , $lang_rate_pic_php['rate_ok'] , $lang_continue , $location ); pagefooter(); ob_end_flush(); include( 'footer.php' ); break; } ?>