module stripping html code - please help

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   module stripping html code - please help
fr34k
CZ Super Newbie
fr34k has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Oct 29, 2004
0.00 posts per day
Posts: 36
Points: 464
   
Hi wondered if someone could help me out.

im using nuke 7.9 which has been fully patched and running an up to date version of nuke sentinal.
up until recently i have been using the bog standard review module that came with phpnuke. however this module makes it very difficult for users to navigate and search through the stored reviews.
I have come accross a reviews catgory module for phpnuke called JReviews. It works in the same way as the old review module but adds categories to the reviews index page (making it much easier for navigation/searching)
I have uploaded the module and carried out the sql dump in phpmyadmin, activated the module and proceeded to add a new review. This is where the problem starts.

It appears that the actual review module is stripping away all the html coding used when you add a new review. This obviously means no bold/italic/centering of images/underlining and so on.
Is there a way to stop this module from doing this?
Im a bit of a noob when it comes to coding and so wouldn't have a clue what to add/remove from the module index.php file.

I have posted this problem elsewhere but to no avail and no replies.
I would be more than happy to place a banner/button on my site and allow and copywrites to be added to the review module for the person who could help me out with this problem.

Here is the module code:

<?php

/***********************************************************/
/*                                                                                                     */
/* Author: Rancov Nicolae          [ Register or login to view links on this board. ]                               */
/*                                                                                                     */
/* This program is free software. You can redistribute it and/or modify   */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.           */
/***********************************************************/

if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {
    die ("You can't access this file directly...");
}
if (stristr($_SERVER["QUERY_STRING"],'%25')) header("Location: index.php");

require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);

include("header.php");
    OpenTable();
   menu();
   CloseTable();
//configs

function breadcrb($id) {
global $db, $prefix, $module_name;
      $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_jreviews_categories WHERE id='".intval($id)."'"));
      if ($row["parent"] <>0) {
         breadcrb($row["parent"]);
      echo '/<a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($row["id"]).'"><b>'.$row["name"].'</b></a>';
      } else {
         echo '<a href="modules.php?name='.$module_name.'"><b>'._REVIEWINDEX.'</b></a>/<a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($row["id"]).'"><b>'.$row["name"].'</b></a>';
      }
return $line;
}

function category_index($parent) {
   global $db, $prefix, $module_name;
OpenTable();
$nrcols=3;
$sql = "SELECT * FROM ".$prefix."_jreviews_categories WHERE parent='".$parent."' ORDER BY name ASC";
$result = $db->sql_query($sql);
echo '<table width="100%" border="0" cellspacing="0" cellpadding="5">
   <tr>   ';
$k=1;
while ($row = $db->sql_fetchrow($result)) {
echo '<td align="center" width="'.floor(100/$nrcols).'%" valign="top"><strong>&raquo;</strong> <a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.$row["id"].'"><b>'.$row["name"].'</b></a>';
categorynewreviewgraphic($row["id"]);
$sql1 = "SELECT * FROM ".$prefix."_jreviews_categories WHERE parent='".$row["id"]."' ORDER BY name ASC";
$result1 = $db->sql_query($sql1);
$t=1;
while ($subcat = $db->sql_fetchrow($result1)) {
   if ($t<>1) {
      echo ', <a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.$subcat["id"].'">'.$subcat["name"].'</a>';
   } else {
      $t=0;
      echo '<br /><a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.$subcat["id"].'">'.$subcat["name"].'</a>';
   }
categorynewreviewgraphic($subcat["id"]);
}
if (is_integer($k/$nrcols)) {
   echo '</td></tr>';
} else {
   echo '</td>';
}
$k++;
}
if (!is_integer($k/$nrcols)) {
echo '</tr>';
}
echo '</table><br/>';
CloseTable();
}

function display_score($score) {
    $image = "<img src=\"images/blue.gif\" alt=\"\">";
    $halfimage = "<img src=\"images/bluehalf.gif\" alt=\"\">";
    $full = "<img src=\"images/star.gif\" alt=\"\">";
if ($score==0) {
   echo '-';
} else {
    if ($score == 10) {
   for ($i=0; $i < 5; $i++)
       echo "$full";
    } else if ($score % 2) {
   $score -= 1;
   $score /= 2;
   for ($i=0; $i < $score; $i++)
       echo "$image";
       echo "$halfimage";
    } else {
   $score /= 2;
   for ($i=0; $i < $score; $i++)
       echo "$image";
    }
}

}

function write_review() {
    global $admin, $sitename, $user, $cookie, $prefix, $user_prefix, $currentlang, $multilingual, $db, $module_name;
    $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_config"));
    $anonpost=intval($row["anonpost"]);
    if (is_user($user) || $anonpost==1) {
    OpenTable();
    echo '<b>'._WRITEREVIEWFOR. $sitename.'</b><br><br>
    <i>'._ENTERINFO.'</i><br><br>
    <form method="post" action="modules.php?name='.$module_name.'">
    <b>'._PRODUCTTITLE.':</b><br>
    <input type="text" name="title" size="50" maxlength="150"><br>
    <i>'._NAMEPRODUCT.'</i><br>
    <b>Category:</b><select name="category">';
$sql = "SELECT * FROM ".$prefix."_jreviews_categories ORDER BY name ASC";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
   echo '<option value="'.intval($row["id"]).'">'.stripslashes(check_html($row["name"], "nohtml")).'</option>';
}
echo '</select>';   
    if ($multilingual == 1) {
   echo "<br><b>"._LANGUAGE.": </b>"
       ."<select name=\"rlanguage\">";
   $handle=opendir('language');
   while ($file = readdir($handle)) {
       if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
           $langFound = $matches[1];
           $languageslist .= "$langFound ";
       }
   }
   closedir($handle);
   $languageslist = explode(" ", $languageslist);
   for ($i=0; $i < sizeof($languageslist); $i++) {
       if($languageslist[$i]!="") {
      echo "<option value=\"$languageslist[$i]\" ";
      if($languageslist[$i]==strtolower($currentlang)) echo "selected";
      echo ">$languageslist[$i]</option>\n";
       }
   }
   echo "</select><br><br>";
    } else {
   echo "<input type=\"hidden\" name=\"rlanguage\" value=\"$language\"><br><br>";
    }
    echo "<b>"._REVIEW.":</b><br>
    <textarea name=\"text\" rows=\"15\" wrap=\"virtual\" cols=\"60\"></textarea><br>";
    if (is_admin($admin)) {
   echo "<font class=\"content\">"._PAGEBREAK."</font><br>";
    }
    echo "
    <i>"._CHECKREVIEW."</i><br><br>
    <b>"._YOURNAME.":</b><br>";
    if (is_user($user)) {
        $result = $db->sql_query("select name, user_email from ".$user_prefix."_users where username='$cookie[1]'");
        list($rname, $email) = $db->sql_fetchrow($result);
        $rname = stripslashes(check_html($rname, "nohtml"));
        $email = stripslashes(check_html($email, "nohtml"));
   }
   echo "<input type=\"text\" name=\"reviewer\" size=\"41\" maxlength=\"40\" value=\"$rname\"><br>
       <i>"._FULLNAMEREQ."</i><br><br>
       <b>"._REMAIL.":</b><br>
       <input type=\"text\" name=\"email\" size=\"40\" maxlength=\"80\" value=\"$email\"><br>
       <i>"._REMAILREQ."</i><br><br>
       <b>"._SCORE."</b><br>
       <select name=\"score\">
       <option name=\"score\" value=\"10\">10</option>
       <option name=\"score\" value=\"9\">9</option>
       <option name=\"score\" value=\"8\">8</option>
       <option name=\"score\" value=\"7\">7</option>
       <option name=\"score\" value=\"6\">6</option>
       <option name=\"score\" value=\"5\">5</option>
       <option name=\"score\" value=\"4\">4</option>
       <option name=\"score\" value=\"3\">3</option>
       <option name=\"score\" value=\"2\">2</option>
       <option name=\"score\" value=\"1\">1</option>
       <option name=\"score\" value=\"0\">0</option>
       </select>
       <i>"._SELECTSCORE."</i><br><br>
       <b>"._RELATEDLINK.":</b><br>
       <input type=\"text\" name=\"url\" size=\"40\" maxlength=\"100\" value=\"http://\"><br>
       <i>"._PRODUCTSITE."</i><br><br>
       <b>"._LINKTITLE.":</b><br>
       <input type=\"text\" name=\"url_title\" size=\"40\" maxlength=\"50\"><br>
       <i>"._LINKTITLEREQ."</i><br><br>
   ";
    if(is_admin($admin)) {
      echo "<b>"._RIMAGEFILE.":</b><br>
         <input type=\"text\" name=\"cover\" size=\"40\" maxlength=\"100\"><br>
         <i>"._RIMAGEFILEREQ."</i><br><br>
      ";
    }
    echo "<i>"._CHECKINFO."</i><br><br>
       <input type=\"hidden\" name=\"rop\" value=\"preview_review\">
       <input type=\"submit\" value=\""._PREVIEW."\"> <input type=\"button\" onClick=\"history.go(-1)\" value=\""._CANCEL."\"></form>
    ";
    CloseTable();
  } else {         
      $pagetitle = "- "._ACCESSDENIED."";
      title("$sitename: "._ACCESSDENIED."");
      OpenTable();
      echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
          .""._MODULEUSERS."";            
      echo "<br><br>"._GOBACK."";
      CloseTable();
   }
}

function preview_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage, $category) {
    global $admin, $db, $multilingual, $module_name, $prefix;
    if (eregi("<!--pagebreak-->", $text)) {
      $text = ereg_replace("<!--pagebreak-->","&lt;!--pagebreak--&gt;",$text);
    }
    $title = stripslashes(check_html($title, "nohtml"));
    $text = stripslashes(check_html($text, ""));
    $category = intval($category);
    $reviewer = stripslashes(check_html($reviewer, "nohtml"));
    $url_title = stripslashes(check_html($url_title, "nohtml"));
    $email = stripslashes(check_html($email, "nohtml"));
    $score = intval($score);
    $cover = stripslashes(check_html($cover, "nohtml"));
    $url = stripslashes(check_html($url, "nohtml"));
    $url_title = stripslashes(check_html($url_title, "nohtml"));
    $hits = intval($hits);
    $id = intval($id);
    OpenTable();
    echo "<form method=\"post\" action=\"modules.php?name=$module_name\">";

    if ($title == "") {
       $error = 1;
   echo ""._INVALIDTITLE."<br>";
    }
    if ($text == "") {
       $error = 1;
   echo ""._INVALIDTEXT."<br>";
    }
    if (($score < 0) || ($score > 10)) {
   $error = 1;
   echo ""._INVALIDSCORE."<br>";
    }
    if (($hits < 0) && ($id != 0)) {
   $error = 1;
   echo ""._INVALIDHITS."<br>";
    }
    if ($reviewer == "" || $email == "") {
   $error = 1;
   echo ""._CHECKNAME."<br>";
    } else if ($reviewer != "" && $email != "")
   if (!(eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$",$email))) {
       $error = 1;
       /* eregi checks for a valid email! works nicely for me! */
       echo ""._INVALIDEMAIL."<br>";
   }
   if (($url_title != "" && $url =="") || ($url_title == "" && $url != "")) {
       $error = 1;
       echo ""._INVALIDLINK."<br>";
   } else if (($url != "") && (!(eregi('(^http[s]*:[/]+)(.*)', $url))))
       $url = "http://" . $url;
       /* If the user ommited the http, this nifty eregi will add it */
   if ($error == 1)
       echo "<br>"._GOBACK."";
   else
   {
   if ($date == "")
       $date = date("Y-m-d", time());
       $year2 = substr($date,0,4);
       $month = substr($date,5,2);
       $day = substr($date,8,2);
       $fdate = date("F jS Y",mktime (0,0,0,$month,$day,$year2));
           echo "<table border=\"0\" width=\"100%\"><tr><td colspan=\"2\">";
       echo "<p><font class=\"title\"><i><b>$title</b></i></font><br>";
       echo "<blockquote><p>";
       if ($cover != "")
          echo "<img src=\"images/reviews/$cover\" align=\"right\" border=\"1\" vspace=\"2\" alt=\"\">";
       echo "$text<p>";
      $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_jreviews_categories WHERE id='".intval($category)."'"));
       echo "<b>Category</b> ".$row["name"]."<br>";      
       echo "<b>"._ADDED."</b> $fdate<br>";
       if ($multilingual == 1) {
      echo "<b>"._LANGUAGE."</b> $rlanguage<br>";
       }
       echo "<b>"._REVIEWER."</b> <a href=\"mailto:$email\">$reviewer</a><br>";
       echo "<b>"._SCORE."</b> ";
       display_score($score);
       if ($url != "")
      echo "<br><b>"._RELATEDLINK.":</b> <a href=\"$url\" target=\"new\">$url_title</a>";
          $id = intval($id);
       if ($id != 0) {
      echo "<br><b>"._REVIEWID.":</b> $id<br>";
      echo "<b>"._HITS.":</b> $hits<br>";
       }
       echo "</font></blockquote>";
       echo "</td></tr></table>";
       $text = urlencode($text);
       echo "<p><i>"._LOOKSRIGHT."</i> ";
       echo "<input type=\"hidden\" name=\"id\" value=$id>
        <input type=\"hidden\" name=\"hits\" value=\"$hits\">
        <input type=\"hidden\" name=\"rop\" value=send_review>
        <input type=\"hidden\" name=\"date\" value=\"$date\">
        <input type=\"hidden\" name=\"title\" value=\"$title\">
        <input type=\"hidden\" name=\"text\" value=\"$text\">
        <input type=\"hidden\" name=\"category\" value=\"$category\">
        <input type=\"hidden\" name=\"reviewer\" value=\"$reviewer\">
        <input type=\"hidden\" name=\"email\" value=\"$email\">
        <input type=\"hidden\" name=\"score\" value=\"$score\">
        <input type=\"hidden\" name=\"url\" value=\"$url\">
        <input type=\"hidden\" name=\"url_title\" value=\"$url_title\">
        <input type=\"hidden\" name=\"cover\" value=\"$cover\">";
        echo "<input type=\"hidden\" name=\"rlanguage\" value=\"$rlanguage\">";
      echo "<input type=\"submit\" name=\"rop\" value=\""._YES."\"> <input type=\"button\" onClick=\"history.go(-1)\" value=\""._NO."\">";
          $id = intval($id);
       if($id != 0)
          $word = ""._RMODIFIED."";
       else
          $word = ""._RADDED."";
       if(is_admin($admin))
          echo "<br><br><b>"._NOTE."</b> "._ADMINLOGGED." $word.";
   }
    CloseTable();
}

function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage, $category) {
    global $admin, $EditedMessage, $prefix, $db, $module_name;
    if (eregi("<!--pagebreak-->", $text)) {
   $text = ereg_replace("<!--pagebreak-->","&lt;!--pagebreak--&gt;;",$text);
    }
    $id = intval($id);
    $title = stripslashes(FixQuotes(check_html($title, "nohtml")));
    $text = htmlspecialchars(stripslashes(Fixquotes(urldecode(check_html($text, "")))));
    $category = intval($category);
    $reviewer = stripslashes(check_html($reviewer, "nohtml"));
    $url_title = stripslashes(check_html($url_title, "nohtml"));
    $email = stripslashes(check_html($email, "nohtml"));
    $score = intval($score);
    $cover = stripslashes(check_html($cover, "nohtml"));
    $url = stripslashes(check_html($url, "nohtml"));
    $url_title = stripslashes(check_html($url_title, "nohtml"));
    $hits = intval($hits);
    if (eregi("&lt;!--pagebreak--&gt;", $text)) {
   $text = ereg_replace("&lt;!--pagebreak--&gt;","<!--pagebreak-->",$text);
    }
    OpenTable();
    echo "<br><center>"._RTHANKS."";
   $id = intval($id);
    if ($id != 0)
   echo " "._MODIFICATION."";
    else
   echo ", $reviewer";
    echo "!<br>";
    if ($score < 0 OR $score > 10) {
       $score = 0;
    }
    if ((is_admin($admin)) && ($id == 0)) {
   $db->sql_query("INSERT INTO ".$prefix."_jreviews VALUES (NULL, '$date', '$title', '$text', '$category', '$reviewer', '$email', '$score', '$cover', '$url', '$url_title', '1', '$rlanguage', '$score', '1')");
   echo ""._ISAVAILABLE."";
    } else if ((is_admin($admin)) && ($id != 0)) {
   $db->sql_query("UPDATE ".$prefix."_jreviews SET date='$date', title='$title', text='$text', category='$category', reviewer='$reviewer', email='$email', score='$score', cover='$cover', url='$url', url_title='$url_title', hits='$hits', rlanguage='$rlanguage', rating='$score' where id = '$id'");
   fix_rating($id);
   echo ""._ISAVAILABLE."";
    } else {
   $db->sql_query("INSERT INTO ".$prefix."_jreviews_add VALUES (NULL, '$date', '$title', '$text', '$category', '$reviewer', '$email', '$score', '$url', '$url_title', '$rlanguage', '$score')");
   echo ""._EDITORWILLLOOK."";
    }
    echo "<br><br>[ <a href=\"modules.php?name=$module_name\">"._RBACK."</a> ]<br></center>";
    CloseTable();
}

function reviews_index() {
   global $bgcolor3, $bgcolor2, $prefix, $multilingual, $currentlang, $db, $module_name, $id;
    if ($multilingual == 1) {
    $querylang = "WHERE rlanguage='$currentlang'";
    } else {
    $querylang = "";
    }
    OpenTable();
    echo "<table border=\"0\" width=\"95%\" CELLPADDING=\"2\" CELLSPACING=\"4\" align=\"center\">
    <tr><td colspan=\"2\"><center><font class=\"title\">"._RWELCOME."</font></center><br>";
    $result = $db->sql_query("select title, description from ".$prefix."_jreviews_main");
    list($title, $description) = $db->sql_fetchrow($result);
   $title = stripslashes(check_html($title, "nohtml"));
   $description = stripslashes($description);
    echo "<center><b>$title</b><br>$description</center>";
    echo "<br>";
    category_index(intval($id));
    echo "</td></tr>";
    echo "<tr><td width=\"50%\" bgcolor=\"$bgcolor2\"><b>"._10MOSTRATED."</b></td>";
    echo "<td width=\"50%\" bgcolor=\"$bgcolor2\"><b>"._10MOSTREC."</b></td></tr>";



   echo '<tr><td width="50%" bgcolor="'.$bgcolor3.'" valign="top">';
   $result_rec = $db->sql_query("SELECT * FROM ".$prefix."_jreviews $querylang ORDER BY rating DESC, totalvotes DESC, hits DESC limit 10");
    $y = 1;
   while ($myrow1 = $db->sql_fetchrow($result_rec)) {
      $id = intval($myrow1['id']);
      $title = stripslashes(check_html($myrow1['title'], "nohtml"));
      $hits = intval($myrow1['hits']);
      echo $y.') <a href="modules.php?name='.$module_name.'&amp;rop=showcontent&amp;id='.$id.'">'.$title.'</a> - ['._RATING11.$myrow1["rating"].']<br />';
      $y++;
}
    echo '</td>';
   echo '<td width="50%" bgcolor="'.$bgcolor3.'" valign="top">';
   $result_rec = $db->sql_query("SELECT * FROM ".$prefix."_jreviews $querylang order by date DESC limit 10");
    $y = 1;
   
   while ($myrow2 = $db->sql_fetchrow($result_rec)) {
      $id = intval($myrow2['id']);
      $title = stripslashes(check_html($myrow2['title'], "nohtml"));
      $hits = intval($myrow2['hits']);
      echo $y.') <a href="modules.php?name='.$module_name.'&amp;rop=showcontent&amp;id='.$id.'">'.$title.'</a> - ['.$myrow2["date"].']<br />';
      $y++;
}
    echo '</td></tr>';
    echo "<tr><td colspan=\"2\"><br></td></tr>";
    $result2 = $db->sql_query("SELECT * FROM ".$prefix."_jreviews $querylang");
    $numresults = $db->sql_numrows($result2);
    echo "<tr><td colspan=\"2\"><center>"._THEREARE." $numresults "._REVIEWSINDB."</center></td></tr></table>";
    CloseTable();
}

function reviews($id, $order, $field) {
    global $bgcolor4, $sitename, $prefix, $multilingual, $currentlang, $db, $module_name;
    if ($multilingual == 1) {
    $querylang = "AND rlanguage='$currentlang'";
    } else {
    $querylang = "";
    }
    $numcat = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_jreviews_categories WHERE parent = '".intval($id)."'"));
    $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_jreviews_categories WHERE id='".intval($id)."'"));

//    if ($numcat<>0) {
//       OpenTable();
//       echo '<center>Category: <a href="modules.php?name='.$module_name.'"><b>Main</b></a>/<a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.$row["id"].'"><b>'.$row["name"].'</b></a>';
//       echo 'Category: '.breadcrb($id);
//       CloseTable();
//   }
      OpenTable();
      echo '<center><font class="title">'._CATEGORY.':</font> ';
      breadcrb($id);
      echo '</center>';
      CloseTable();
    if ($numcat<>0) {
       category_index($id);
    }
    OpenTable();
    echo '<center><b>'.$sitename.' - '._REVIEWS.' in category '.$row["name"].'</b><br>';
    switch ($field) {

   case "reviewer":
   $result = $db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE category=".intval($id)." $querylang ORDER by reviewer $order");
   break;
/*
   case "score":
   $result = $db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE category=".intval($id)." $querylang ORDER by score $order");
   break;
*/
   case "rating":
   $result = $db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE category=".intval($id)." $querylang ORDER by rating $order");
   break;

   case "hits":
   $result = $db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE category=".intval($id)." $querylang ORDER by hits $order");
   break;

   default:
   $result = $db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE category=".intval($id)." $querylang ORDER by title $order");
   break;

    }
    $numresults = $db->sql_numrows($result);
    if ($numresults == 0) {
   echo '<i><b>'._NOREVIEWS.'</b></i><br>';
    } elseif ($numresults > 0) {
   echo '<table border="0" width="100%" cellpadding="2" cellspacing="4">
      <tr>
      <td width="50%" bgcolor="'.$bgcolor4.'">
      <p align="left"><a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($id).'&amp;field=title&amp;order=ASC"><img src="images/up.gif" border="0" width="15" height="9" alt="'._SORTASC.'"></a><b>'._PRODUCTTITLE.'</b><a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($id).'&amp;field=title&amp;order=DESC"><img src="images/down.gif" border="0" width="15" height="9" alt="'._SORTDESC.'"></a>
      </td>
      <td width="18%" bgcolor="'.$bgcolor4.'">
      <p align="center"><a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($id).'&amp;field=reviewer&amp;order=ASC"><img src="images/up.gif" border="0" width="15" height="9" alt="'._SORTASC.'"></a><b>'._REVIEWER.'</b><a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($id).'&amp;field=reviewer&amp;order=desc"><img src="images/down.gif" border="0" width="15" height="9" alt="'._SORTDESC.'"></a>
      </td>
      <td width="22%" bgcolor="'.$bgcolor4.'">
      <p align="center"><a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($id).'&amp;field=rating&amp;order=ASC"><img src="images/up.gif" border="0" width="15" height="9" alt="'._SORTASC.'"></a><b>'._SCORE.'</b><a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($id).'&amp;field=rating&amp;order=DESC"><img src="images/down.gif" border="0" width="15" height="9" alt="'._SORTDESC.'"></a>
      </td>
      <td width="10%" bgcolor="'.$bgcolor4.'">
      <p align="center"><a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($id).'&amp;field=hits&amp;order=ASC"><img src="images/up.gif" border="0" width="15" height="9" alt="'._SORTASC.'"></a><b>'._HITS.'</b><a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.intval($id).'&amp;field=hits&amp;order=DESC"><img src="images/down.gif" border="0" width="15" height="9" alt="'._SORTDESC.'"></a>
      </td>
      </tr>';
   while($myrow = $db->sql_fetchrow($result)) {
       $title = stripslashes(check_html($myrow["title"], "nohtml"));
       $id = intval($myrow['id']);
        $reviewer = stripslashes($myrow['reviewer']);
        $email = stripslashes($myrow['email']);
       $score = intval($myrow['score']);
       $hits = intval($myrow['hits']);
       $rating = floatval($myrow['rating']);
       $time = $myrow["date"];
       echo '<tr>
          <td width="50%" bgcolor="#EEEEEE"><a href="modules.php?name='.$module_name.'&amp;rop=showcontent&amp;id='.$id.'">'.$title.'</a>';
          newreviewgraphic($time);
          echo '</td>
          <td width="18%" bgcolor="#EEEEEE">';
       if ($reviewer != "")
      echo '<center>'.$reviewer.'</center>';
       echo '</td><td width="22%" bgcolor="#EEEEEE"><center>';
       //display_score($score);
       echo '<b>'.$rating.'</b>';
       echo '</center></td><td width="10%" bgcolor="#EEEEEE"><center>'.$hits.'</center></td>
        </tr>';
   }
   echo '</table>
   <br>'.$numresults._TOTALREVIEWS.'<br><br>';
    }
    CloseTable();
}

function postcomment($id, $title) {
    global $db, $prefix, $user, $cookie, $AllowableHTML, $anonymous, $module_name, $sitename;
    cookiedecode($user);
    $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_config"));
    $anonpost=intval($row["anonpost"]);
    if (is_user($user) || $anonpost==1) {
    $title = stripslashes(FixQuotes(check_html($title, nohtml)));
    $title = htmlspecialchars(urldecode($title));
    OpenTable();
    echo "<center><font class=option><b>"._REVIEWCOMMENT." $title</b><br><br></font></center>"
   ."<form action=modules.php?name=$module_name method=post>";
    if (!is_user($user)) {
   echo "<b>"._YOURNICK."</b> $anonymous [ "._RCREATEACCOUNT." ]<br><br>";
   $uname = $anonymous;
    } else {
   echo "<b>"._YOURNICK."</b> $cookie[1]<br>
   <input type=checkbox name=xanonpost> "._POSTANON."<br><br>";
   $uname = $cookie[1];
    }
    echo "
    <input type=hidden name=uname value=$uname>
    <input type=hidden name=id value=$id>
    <b>"._SELECTSCORE."</b>
    <select name=score>
    <option name=score value=10>10</option>
    <option name=score value=9>9</option>
    <option name=score value=8>8</option>
    <option name=score value=7>7</option>
    <option name=score value=6>6</option>
    <option name=score value=5>5</option>
    <option name=score value=4>4</option>
    <option name=score value=3>3</option>
    <option name=score value=2>2</option>
    <option name=score value=1>1</option>
    </select><br><br>
    <b>"._YOURCOMMENT."</b><br>
    <textarea name=comments rows=10 cols=70></textarea><br>
    "._ALLOWEDHTML."<br>";
    while (list($key,)= each($AllowableHTML)) echo " &lt;".$key."&gt;";
    echo "<br><br>
    <input type=hidden name=rop value=savecomment>
    <input type=submit value=Submit>
    </form>
    ";
    CloseTable();
    } else {         
      $pagetitle = "- "._ACCESSDENIED."";
      title("$sitename: "._ACCESSDENIED."");
      OpenTable();
      echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
          .""._MODULEUSERS."";            
      echo "<br><br>"._GOBACK."";
      CloseTable();
   }
}

function update_rating($id, $score) {
global $db, $prefix;
$row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE id='".$id."'"));
$numcomm = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_jreviews_comments WHERE rid='".$id."'"));
$sum=$row["score"]+$score;
$sql = "SELECT * FROM ".$prefix."_jreviews_comments WHERE rid='".$id."'";
$result = $db->sql_query($sql);
while ($row1 = $db->sql_fetchrow($result)) {
   $sum=$sum+$row1["score"];
}
$newrating = $sum/($numcomm+2);
$newrating=round($newrating, 3);
$db->sql_query("UPDATE ".$prefix."_jreviews SET rating = '".$newrating."' WHERE id='".$id."'");
$db->sql_query("UPDATE ".$prefix."_jreviews SET totalvotes=totalvotes+1 WHERE id='".$id."'");
}

function savecomment($xanonpost, $uname, $id, $score, $comments) {
    global $anonymous, $user, $cookie, $prefix, $db, $module_name;
    if ($xanonpost) {
   $uname = $anonymous;
    }
    $comments = stripslashes(FixQuotes(check_html($comments)));
    $id = intval($id);
    $score = intval($score);
    update_rating($id, $score);
    $db->sql_query("insert into ".$prefix."_jreviews_comments values (NULL, '$id', '$uname', now(), '$comments', '$score')");
    update_points(12);
    Header("Location: modules.php?name=$module_name&rop=showcontent&id=$id");
}

function r_comments($id, $title) {
    global $admin, $prefix, $db, $module_name;
    $id = intval($id);
    $result = $db->sql_query("SELECT cid, userid, date, comments, score from ".$prefix."_jreviews_comments where rid='$id' ORDER BY date DESC");
    while ($row = $db->sql_fetchrow($result)) {
   $cid = intval($row['cid']);
   $uname = stripslashes($row['userid']);
   $date = $row['date'];
   $comments = stripslashes($row['comments']);
   $score = intval($row['score']);
   OpenTable();
   $title = htmlspecialchars(urldecode(check_html($title, "nohtml")));
   echo "
   <b>$title</b><br>";
   if ($uname == "Anonymous") {
       echo ""._POSTEDBY." $uname "._ON." $date<br>";
   } else {
       echo ""._POSTEDBY." <a href=\"modules.php?name=Your_Account&amp;op=userinfo&amp;username=$uname\">$uname</a> "._ON." $date<br>";
   }
   echo ""._MYSCORE." ";
   display_score($score);
   if (is_admin($admin)) {
       echo "<br><b>"._ADMIN."</b> [ <a href=\"modules.php?name=$module_name&rop=del_comment&amp;cid=$cid&amp;id=$id\">"._DELETE."</a> ]</font><hr noshade size=1><br><br>";
   } else {
       echo "</font><hr noshade size=1><br><br>";
   }
   $comments = FixQuotes(nl2br(filter_text($comments)));
   echo "
   $comments
   ";
   CloseTable();
   echo "<br>";
    }
}

function showcontent($id, $page) {
    global $admin, $uimages, $prefix, $db, $module_name;
    $id = intval($id);
    $page = intval($page);
    OpenTable();
    if (($page == 1) OR ($page == "")) {
   $db->sql_query("UPDATE ".$prefix."_jreviews SET hits=hits+1 WHERE id='$id'");
    }
    $result = $db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE id='$id'");
    $myrow = $db->sql_fetchrow($result);
    $id = intval($myrow['id']);
    $date = $myrow['date'];
    $year = substr($date,0,4);
    $month = substr($date,5,2);
    $day = substr($date,8,2);
    $fdate = date("F jS Y",mktime (0,0,0,$month,$day,$year));
    $title = $myrow['title'];
    $title = stripslashes(FixQuotes(check_html($title, nohtml)));
    $text = $myrow['text'];
    $category = $myrow["category"];
    $cover = $myrow['cover'];
    $reviewer = $myrow['reviewer'];
    $email = $myrow['email'];
    $hits = intval($myrow['hits']);
    $url = $myrow['url'];
    $url_title = $myrow['url_title'];
    $score = intval($myrow['score']);
    $rating = $myrow["rating"];
    $rlanguage = $myrow['rlanguage'];
   $rating = $myrow["rating"];   
   $totalvotes = intval($myrow["totalvotes"]);
   if ($totalvotes == 1) {
      $votestring = _VOTE;
   } else {
      $votestring = _VOTES;
   }
    $contentpages = explode( "<!--pagebreak-->", $text );
    $pageno = count($contentpages);
    if ( $page=="" || $page < 1 )
   $page = 1;
    if ( $page > $pageno )
   $page = $pageno;
    $arrayelement = (int)$page;
    $arrayelement --;
    echo "<p><i><b><font class=\"title\">$title</b></i></font><br>";
    echo "<BLOCKQUOTE><p align=justify>";
    if ($cover != "")
    echo "<img src=\"images/reviews/$cover\" align=right border=1 vspace=2 alt=\"\">";
    echo "$contentpages[$arrayelement]
    </BLOCKQUOTE><p>";
    if (is_admin($admin))
      echo "<b>"._ADMIN."</b> [ <a href=\"modules.php?name=$module_name&rop=mod_review&amp;id=$id\">"._EDIT."</a> | <a href=modules.php?name=$module_name&rop=del_review&amp;id_del=$id>"._DELETE."</a> ]<br>";
    echo "<b>"._ADDED."</b> $fdate<br>";
   $row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_jreviews_categories WHERE id='".intval($category)."'"));   
   echo '<b>Category:</b> <a href="modules.php?name='.$module_name.'&amp;rop=categ&amp;id='.$row["id"].'">'.$row["name"].'</a><br>';
    if ($reviewer != "")
   echo "<b>"._REVIEWER."</b> <a href=mailto:$email>$reviewer</a><br>";
   echo "<b>"._SCORE."</b> ";
    display_score($score);
   echo '<br /><b>'._ALLSCORE.'</b>: '.$rating.' ('.$totalvotes.' '.$votestring.')';   
    if ($url != "")
      echo "<br><b>"._RELATEDLINK.":</b> <a href=\"$url\" target=new>$url_title</a>";
   echo '<br />';
    if ($radminsuper == 1) {
       echo '<a href="modules.php?name='.$module_name.'&amp;rop=mod_review&amp;id='.$id.'">'._EDIT.'</a> | ';
    }
    $title = htmlspecialchars(urldecode($title));
   echo '<a href="modules.php?name='.$module_name.'&amp;rop=postcomment&amp;id='.$id.'&amp;title='.$title.'"><b>'._RATECOMMENT.'</b></a>';
    echo "<br><b>"._HITS.":</b> $hits";
    echo "<br><b>"._LANGUAGE.":</b> $rlanguage";
    if ($pageno > 1) {
   echo "<br><b>"._PAGE.":</b> $page/$pageno<br>";
    }
    echo "</font>";
    echo "</CENTER>";
    $title = urlencode($title);
    if($page >= $pageno) {
     $next_page = "";
    } else {
   $next_pagenumber = $page + 1;
   if ($page != 1) {
       $next_page .= "<img src=\"images/blackpixel.gif\" width=\"10\" height=\"2\" border=\"0\" alt=\"\"> &nbsp;&nbsp; ";
   }
   $next_page .= "<a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$next_pagenumber\">"._NEXT." ($next_pagenumber/$pageno)</a> <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$next_pagenumber\"><img src=\"images/right.gif\" border=\"0\" alt=\""._NEXT."\"></a>";
    }
    if($page <= 1) {
   $previous_page = "";
    } else {
   $previous_pagenumber = $page - 1;
   $previous_page = "<a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$previous_pagenumber\"><img src=\"images/left.gif\" border=\"0\" alt=\""._PREVIOUS."\"></a> <a href=\"modules.php?name=$module_name&rop=showcontent&amp;id=$id&amp;page=$previous_pagenumber\">"._PREVIOUS." ($previous_pagenumber/$pageno)</a>";
    }
    echo "<center>"
   ."$previous_page &nbsp;&nbsp; $next_page<br><br>"
   ."[ <a href=\"modules.php?name=$module_name\">"._RBACK."</a> | "
   ."<a href=\"modules.php?name=$module_name&rop=postcomment&amp;id=$id&amp;title=$title\">"._REPLYMAIN."</a> ]";
    CloseTable();
    if (($page == 1) OR ($page == "")) {
   echo "<br>";
   r_comments($id, $title);
    }
}

function mod_review($id) {
   global $admin, $prefix, $db, $module_name;
   $id = intval($id);
   OpenTable();
   if (($id == 0) || (!is_admin($admin)))
       echo "This function must be passed argument id, or you are not admin.";
   else if (($id != 0) && (is_admin($admin)))
   {
    $result = $db->sql_query("SELECT * from ".$prefix."_jreviews where id = '$id'");
    while ($myrow = $db->sql_fetchrow($result)) {
         $id = intval($myrow['id']);
         $date = $myrow['date'];
         $title = $myrow['title'];
            $title = stripslashes(FixQuotes(check_html($title, nohtml)));
            $text = stripslashes($myrow['text']);
            $category = intval($myrow["category"]);
            $cover = stripslashes($myrow['cover']);
            $reviewer = stripslashes($myrow['reviewer']);
            $email = stripslashes($myrow['email']);
            $score = intval($myrow["score"]);
            $hits = intval($myrow['hits']);
            $url = stripslashes($myrow['url']);
            $url_title = stripslashes(check_html($myrow['url_title'], "nohtml"));
         $rlanguage = $myrow['rlanguage'];
      }
      echo "<center><b>"._REVIEWMOD."</b></center><br><br>";
      echo "<form method=POST action=modules.php?name=$module_name&rop=preview_review><input type=hidden name=id value=$id>";
      echo "<TABLE BORDER=0 width=100%>
         <tr>
            <td width=12%><b>"._RDATE."</b></td>
            <td><INPUT TYPE=text NAME=date SIZE=15 VALUE=\"$date\" MAXLENGTH=10></td>
         </tr>
         <tr>
            <td width=12%><b>"._RTITLE."</b></td>
            <td><INPUT TYPE=text NAME=title SIZE=50 MAXLENGTH=150 value=\"$title\"></td>
         </tr>
         <tr>
            <td width=12%><b>Category</b></td>
            <td><select name=\"category\">";
$sql = "SELECT * FROM ".$prefix."_jreviews_categories ORDER BY name ASC";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
   if ($row["id"]==$category) {
      echo '<option value="'.$row["id"].'" selected>'.$row["name"].'</option>';
   } else {
      echo '<option value="'.$row["id"].'">'.$row["name"].'</option>';
   }
}
echo "</select>
            </td>
         </tr>
         <tr>";
      echo "<td width=12%><b>"._LANGUAGE."</b></td>
            <td><select name=\"rlanguage\">";
             $handle=opendir('language');
                while ($file = readdir($handle)) {
               if (preg_match("/^lang\-(.+)\.php/", $file, $matches)) {
                        $langFound = $matches[1];
                        $languageslist .= "$langFound ";
                    }
                }
                closedir($handle);
                $languageslist = explode(" ", $languageslist);
                for ($i=0; $i < sizeof($languageslist); $i++) {
               if($languageslist[$i]!="") {
                   echo "<option value=\"$languageslist[$i]\" ";
                  if($languageslist[$i]==$rlanguage) echo "selected";
                  echo ">$languageslist[$i]</option>\n";
               }
             }

       echo "</select></td></tr>";
      echo "<tr>
            <td width=12%><b>"._RTEXT."</b></td>
            <td><TEXTAREA class=textbox name=text rows=20 wrap=virtual cols=60>$text</TEXTAREA></td>
         </tr>
         <tr>
            <td width=12%><b>"._REVIEWER."</b></td>
            <td><INPUT TYPE=text NAME=reviewer SIZE=41 MAXLENGTH=40 value=\"$reviewer\"></td>
         </tr>
         <tr>
            <td width=12%><b>"._REVEMAIL."</b></td>
            <td><INPUT TYPE=text NAME=email value=\"$email\" SIZE=30 MAXLENGTH=80></td>
         </tr>
         <tr>
            <td width=12%><b>"._SCORE."</b></td>
            <td><INPUT TYPE=text NAME=score value=\"$score\" size=3 maxlength=2></td>
         </tr>
         <tr>
            <td width=12%><b>"._RLINK."</b></td>
            <td><INPUT TYPE=text NAME=url value=\"$url\" size=30 maxlength=100></td>
         </tr>
         <tr>
            <td width=12%><b>"._RLINKTITLE."</b></td>
            <td><INPUT TYPE=text NAME=url_title value=\"$url_title\" size=30 maxlength=50></td>
         </tr>
         <tr>
            <td width=12%><b>"._COVERIMAGE."</b></td>
            <td><INPUT TYPE=text NAME=cover value=\"$cover\" size=30 maxlength=100></td>
         </tr>
         <tr>
            <td width=12%><b>"._HITS.":</b></td>
            <td><INPUT TYPE=text NAME=hits value=\"$hits\" size=5 maxlength=5></td>
         </tr>
      </TABLE>";
      echo "<input type=hidden name=rop value=preview_review><input type=submit value=\""._PREMODS."\">&nbsp;&nbsp;<input type=button onClick=history.go(-1) value="._CANCEL."></form>";
   }
   CloseTable();
}

function del_review($id_del) {
    global $admin, $prefix, $db, $module_name;
    $id_del = intval($id_del);
    if (is_admin($admin)) {
       $db->sql_query("DELETE FROM ".$prefix."_jreviews WHERE id = '$id_del'");
   $db->sql_query("DELETE FROM ".$prefix."_jreviews_comments WHERE rid='$id_del'");
   Header("Location: modules.php?name=$module_name");
    } else {
       echo "ACCESS DENIED";
    }
}

function fix_rating($id) {
global $db, $prefix;

$row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE id='".$id."'"));
$numcomm = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_jreviews_comments WHERE rid='".$id."'"));
if ($numcomm==0) {
   $newrating = $row["score"];
} else {
   $sum=$row["score"];
   $sql = "SELECT * FROM ".$prefix."_jreviews_comments WHERE rid='".$id."'";
   $result = $db->sql_query($sql);
   while ($row1 = $db->sql_fetchrow($result)) {
      $sum=$sum+$row1["score"];
   }
   $newrating = $sum/($numcomm+1);
   $newrating=round($newrating, 3);
}
$db->sql_query("UPDATE ".$prefix."_jreviews SET rating = '".$newrating."' WHERE id='".$id."'");
$newvotes=$numcomm+1;
$db->sql_query("UPDATE ".$prefix."_jreviews SET totalvotes = '".$newvotes."' WHERE id='".$id."'");
}

function del_comment($cid, $id) {
    global $admin, $prefix, $db, $module_name;
    $cid = intval($cid);
    if (is_admin($admin)) {
        $db->sql_query("delete from ".$prefix."_jreviews_comments where cid='$cid'");
        fix_rating($id);
        Header("Location: modules.php?name=$module_name&rop=showcontent&id=$id");
    } else {
        echo "ACCESS DENIED";
    }
}

function menu() {
    global $module_name, $rop;

    $ThemeSel = get_theme();
    if (file_exists("themes/$ThemeSel/images/jreview-logo.gif")) {
   echo '<br><center><a href="modules.php?name='.$module_name.'"><img src="themes/'.$ThemeSel.'/images/jreview-logo.gif" border="0" alt=""></a><br><br>';
    } else {
   echo '<br><center><a href="modules.php?name='.$module_name.'"><img src="modules/'.$module_name.'/images/jreview-logo.gif" border="0" alt=""></a><br><br>';
    }
    echo '<form action="modules.php?name='.$module_name.'&amp;rop=search&amp;query='.$query.'" method="post">
    <font class="content"><input type="text" size="25" name="query"> <input type="submit" value="'._SEARCH.'"></font>
    </form>';
    echo '<font class="content">[ ';
    if (!isset($rop) || $rop=='categ' || $rop=='search' || $rop=='TopRated' || $rop=='showcontent' || $rop=='preview_review' || $rop=='MostPopular' || $rop=='write_review' || $rop=='NewReviews' || $rop=='NewReviewsDate') {
      echo '<a href="modules.php?name='.$module_name.'">'._REVIEWINDEX.'</a> | ';
    }
    echo '<a href="modules.php?name='.$module_name.'&amp;rop=write_review">'._WRITEREVIEW.'</a>'
   .' | <a href="modules.php?name='.$module_name.'&amp;rop=NewReviews">'._NEW.'</a>'
   .' | <a href="modules.php?name='.$module_name.'&amp;rop=MostPopular">'._POPULAR.'</a>'
   .' | <a href="modules.php?name='.$module_name.'&amp;rop=TopRated">'._TOPRATED.'</a>'
   .' | <a href="modules.php?name='.$module_name.'&amp;rop=RandomReview">'._RANDOM.'</a> ]'
   .'</font></center>';
}

function convertorderbyin($orderby) {
    if ($orderby == "titleA")   $orderby = "title ASC";
    if ($orderby == "dateA")   $orderby = "date ASC";
    if ($orderby == "hitsA")   $orderby = "hits ASC";
    if ($orderby == "ratingA")   $orderby = "rating ASC";
    if ($orderby == "titleD")   $orderby = "title DESC";
    if ($orderby == "dateD")   $orderby = "date DESC";
    if ($orderby == "hitsD")   $orderby = "hits DESC";
    if ($orderby == "ratingD")   $orderby = "rating DESC";
    return $orderby;
}

function convertorderbytrans($orderby) {
    if ($orderby == "hits ASC")         $orderbyTrans = ""._POPULARITY1."";
    if ($orderby == "hits DESC")      $orderbyTrans = ""._POPULARITY2."";
    if ($orderby == "title ASC")      $orderbyTrans = ""._TITLEAZ."";
    if ($orderby == "title DESC")      $orderbyTrans = ""._TITLEZA."";
    if ($orderby == "date ASC")         $orderbyTrans = ""._DATE1."";
    if ($orderby == "date DESC")      $orderbyTrans = ""._DATE2."";
    if ($orderby == "rating ASC")   $orderbyTrans = ""._RATING1."";
    if ($orderby == "rating DESC")   $orderbyTrans = ""._RATING2."";
    return $orderbyTrans;
}

function convertorderbyout($orderby) {
    if ($orderby == "title ASC")      $orderby = "titleA";
    if ($orderby == "date ASC")         $orderby = "dateA";
    if ($orderby == "hits ASC")         $orderby = "hitsA";
    if ($orderby == "rating ASC")   $orderby = "ratingA";
    if ($orderby == "title DESC")      $orderby = "titleD";
    if ($orderby == "date DESC")      $orderby = "dateD";
    if ($orderby == "hits DESC")      $orderby = "hitsD";
    if ($orderby == "rating DESC")   $orderby = "ratingD";
    return $orderby;
}

function search($query, $min, $orderby, $show) {
    global $prefix, $db, $admin, $bgcolor2, $module_name;
//   $admin = base64_decode($admin);
//   $admin = addslashes($admin);
//   $admin = explode(":", $admin);
// $aid = "$admin[0]";

   $aid =     stripslashes(FixQuotes(check_html($admin[0], nohtml)));
   $row = $db->sql_fetchrow($db->sql_query("SELECT radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));
   $radminsuper = intval($row['radminsuper']);
    $reviewsresults = 10;
    if (!isset($min)) $min=0;
    if (!isset($max)) $max=$min+$reviewsresults;
    if(isset($orderby)) {
   $orderby = convertorderbyin($orderby);
    } else {
   $orderby = "title ASC";
    }
    if ($show!="") {
   $reviewsresults = $show;
    } else {
   $show=$reviewsresults;
    }
   $query = check_html($query, "nohtml");
    $query = addslashes($query);
    $result = $db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE title LIKE '%$query%' OR text LIKE '%$query%' ORDER BY $orderby LIMIT $min, $reviewsresults");
    $fullcountresult = $db->sql_query("SELECT * FROM ".$prefix."_jreviews WHERE title LIKE '%$query%' OR text LIKE '%$query%'");
    $totalselectedlinks = $db->sql_numrows($fullcountresult);
    $nrows = $db->sql_numrows($result);
    $x=0;
    $the_query = stripslashes($query);
    $the_query = str_replace("\'", "'", $the_query);
    echo "<br>";
    OpenTable();
    if ($query <> '') {
       if ($nrows>0) {
      echo "<font class=\"option\">"._SEARCHRESULTS4.": <b>$the_query</b></font><br><br>"
          ."<table width=\"100%\" bgcolor=\"$bgcolor2\"><tr><td><font class=\"option\"><b>"._USUBCATEGORIES."</b></font></td></tr></table>";
           $result2 = $db->sql_query("SELECT * FROM ".$prefix."_jreviews_categories where title LIKE '%$query%' ORDER BY name DESC");
           while ($row2 = $db->sql_fetchrow($result2)) {
           $rid = intval($row2['id']);



Back to top Reply with quote
#2   re: module stripping html code - please help
rlgnak
CZ Super Newbie
rlgnak has been a member for over 20 year's 20 Year Member
usa.gif alaska.gif
Occupation: College
Gender: Male
Status: Offline
Joined: Jun 22, 2004
0.01 posts per day
Posts: 62
Points: 3,367
   
that looks coded right i havn't looked threw it all but it does. so im going to ask you to check your config.php look for
$AllowableHTML =


it should look like
$AllowableHTML = array("b"=>1,"i"=>1,"strike"=>1,"div"=>2,"u"=>1,"a"=>2,"em"=>1,"br"=>1,"strong"=>1,"blockquote"=>1,"tt"=>1,"li"=>1,"ol"=>1,"ul"=>1);


if you cant find that line add it before ?>

OR its sentinle stripping them so try posting the check_html function from mainfile.php , it might not be in there but it might



_________________
[ Register or login to view links on this board.]
Back to top Reply with quote
#3   re: module stripping html code - please help
fr34k
CZ Super Newbie
fr34k has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Oct 29, 2004
0.00 posts per day
Posts: 36
Points: 464
   
hi
thanks for the reply.
here is the check_html from inside the mainfile.php:

function check_html ($str, $strip="") {
   /* The core of this code has been lifted from phpslash */
   /* which is licenced under the GPL. */
   include("config.php");
   if ($strip == "nohtml") $AllowableHTML = array('');
   $str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
   // Delete all spaces from html tags .
   // Delete all attribs from Anchor, except an href, double quoted.
   $str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
   // Delete all img tags
   $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
   // Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
   $tmp = "";
   while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
      $i = strpos($str,$reg[0]);
      $l = strlen($reg[0]);
      if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1));
      else $tag = strtolower($reg[1]);
      if ($a = (isset($AllowableHTML[$tag])) ? $AllowableHTML[$tag] : 0)
      if ($reg[1][0] == "/") $tag = "</$tag>";
      elseif (($a == 1) || (empty($reg[2]))) $tag = "<$tag>";
      else {
         # Place here the double quote fix function.
         $attrb_list=delQuotes($reg[2]);
         // A VER
                        $attrb_list = str_replace("&amp;","&",$attrb_list);
         $attrb_list = str_replace("&","&amp;",$attrb_list);
         $tag = "<$tag" . $attrb_list . ">";
      } # Attribs in tag allowed
      else $tag = "";
      $tmp .= substr($str,0,$i) . $tag;
      $str = substr($str,$i+$l);
   }
   $str = $tmp . $str;
   $str = str_replace("<br>", "<br />", $str);
   return $str;
   exit;
   /* Squash PHP tags unconditionally */
   $str = str_replace("<?","",$str);
   return $str;


any help would be greatly apreciated


Back to top Reply with quote
#4   re: module stripping html code - please help
fr34k
CZ Super Newbie
fr34k has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Oct 29, 2004
0.00 posts per day
Posts: 36
Points: 464
   
hi
With RIgnaks help on this module, it now accepts most html such as bold,underline,italic,list and alignment.

The only problem with this module now is the fact that it wont accept the pagebreak code. When writing a review it clearly states:

If you want multiple pages you can write <!--pagebreak--> where you want to cut.



I have done this where i want the page to cut off and all i get is the pagebreak code displayed in the review and no new page.
Any idea's?

thanks



Back to top Reply with quote
#5   
rlgnak
CZ Super Newbie
rlgnak has been a member for over 20 year's 20 Year Member
usa.gif alaska.gif
Occupation: College
Gender: Male
Status: Offline
Joined: Jun 22, 2004
0.01 posts per day
Posts: 62
Points: 3,367
   
we got it all fixed icon_exclaim.gif




_________________
[ Register or login to view links on this board.]
Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum