PageRenderTime 33ms CodeModel.GetById 8ms RepoModel.GetById 0ms app.codeStats 0ms

/inc/amfphp/Amfphp/Services/ec_admin_reviews.php

https://github.com/EmranAhmed/wp-easycart
PHP | 131 lines | 71 code | 22 blank | 38 comment | 17 complexity | d54cb89428209d786d1440e9c61a01d9 MD5 | raw file
    

  1. <?php
    2. 

  2. /*
    3. 

  3. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    4. 

  4. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    5. 

  5. //All Code and Design is copyrighted by Level Four Development, llc
    6. 

  6. //
    7. 

  7. //Level Four Development, LLC provides this code "as is" without warranty of any kind, either express or implied,     
    8. 

  8. //including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.         
    9. 

  9. //
    10. 

  10. //Only licnesed users may use this code and storfront for live purposes. All other use is prohibited and may be 
    11. 

  11. //subject to copyright violation laws. If you have any questions regarding proper use of this code, please
    12. 

  12. //contact Level Four Development, llc and EasyCart prior to use.
    13. 

  13. //
    14. 

  14. //All use of this storefront is subject to our terms of agreement found on Level Four Development, llc's  website.
    15. 

  15. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    16. 

  16. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    17. 

  17. */
    18. 

  18. 

  19. 

  20. class ec_admin_reviews
    21. 

  21. 	{		
    22. 

  22. 	
    23. 

  23. 		function ec_admin_reviews() {
    24. 

  24. 			/*load our connection settings
    25. 

  25. 			if( file_exists( '../../../../wp-easycart-data/connection/ec_conn.php' ) ) {
    26. 

  26. 				require_once('../../../../wp-easycart-data/connection/ec_conn.php');
    27. 

  27. 			} else {
    28. 

  28. 				require_once('../../../connection/ec_conn.php');
    29. 

  29. 			};*/
    30. 

  30. 		
    31. 

  31. 			//set our connection variables
    32. 

  32. 			$dbhost = DB_HOST;
    33. 

  33. 			$dbname = DB_NAME;
    34. 

  34. 			$dbuser = DB_USER;
    35. 

  35. 			$dbpass = DB_PASSWORD;
    36. 

  36. 			global $wpdb;
    37. 

  37. 			define ('WP_PREFIX', $wpdb->prefix);
    38. 

  38. 

  39. 			//make a connection to our database
    40. 

  40. 			$this->conn = mysql_connect($dbhost, $dbuser, $dbpass);
    41. 

  41. 			mysql_select_db ($dbname);	
    42. 

  42. 			mysql_query("SET CHARACTER SET utf8", $this->conn); 
    43. 

  43. 			mysql_query("SET NAMES 'utf8'", $this->conn); 
    44. 

  44. 

  45. 		}	
    46. 

  46. 		
    47. 

  47. 		//secure all of the services for logged in authenticated users only	
    48. 

  48. 		public function _getMethodRoles($methodName){
    49. 

  49. 		   if ($methodName == 'getreviews') return array('admin');
    50. 

  50. 		   else if($methodName == 'deletereview') return array('admin');
    51. 

  51. 		   else if($methodName == 'updatereview') return array('admin');
    52. 

  52. 		   else  return null;
    53. 

  53. 		}
    54. 

  54. 			
    55. 

  55. 		
    56. 

  56. 		//HELPER - used to escape out SQL calls
    57. 

  57. 		function escape($sql) 
    58. 

  58. 		{ 
    59. 

  59. 			  $args = func_get_args(); 
    60. 

  60. 				foreach($args as $key => $val) 
    61. 

  61. 				{ 
    62. 

  62. 					$args[$key] = mysql_real_escape_string($val); 
    63. 

  63. 				} 
    64. 

  64. 				 
    65. 

  65. 				$args[0] = $sql; 
    66. 

  66. 				return call_user_func_array('sprintf', $args); 
    67. 

  67. 		} 
    68. 

  68. 		
    69. 

  69. 

  70. 

  71. 		//review functions
    72. 

  72. 		function getreviews($startrecord, $limit, $orderby, $ordertype, $filter) {
    73. 

  73. 			  //Create SQL Query
    74. 

  74. 			  $query= mysql_query("SELECT SQL_CALC_FOUND_ROWS  ec_review.*, UNIX_TIMESTAMP(ec_review.date_submitted) AS date_submitted, ec_product.model_number, ec_product.title as product_title, ec_product.activate_in_store, ec_product.image1, ec_product.price  FROM ec_review LEFT JOIN ec_product ON ec_product.product_id = ec_review.product_id WHERE ec_review.review_id != '' ".$filter." ORDER BY ".  $orderby ." ".  $ordertype . " LIMIT ".  $startrecord .", ".  $limit."");
    75. 

  75. 			  $totalquery=mysql_query("SELECT FOUND_ROWS()");
    76. 

  76. 			  $totalrows = mysql_fetch_object($totalquery);
    77. 

  77. 			  
    78. 

  78. 			  //if results, convert to an array for use in flash
    79. 

  79. 			  if(mysql_num_rows($query) > 0) {
    80. 

  80. 				  while ($row=mysql_fetch_object($query)) {
    81. 

  81. 					  $row->totalrows=$totalrows;
    82. 

  82. 					  $returnArray[] = $row;
    83. 

  83. 				  }
    84. 

  84. 				  return($returnArray); //return array results if there are some
    85. 

  85. 			  } else {
    86. 

  86. 				  $returnArray[] = "noresults";
    87. 

  87. 				  return $returnArray; //return noresults if there are no results
    88. 

  88. 			  }
    89. 

  89. 		}
    90. 

  90. 		function deletereview($reviewid) {
    91. 

  91. 			  //Create SQL Query	
    92. 

  92. 			  $deletesql = $this->escape("DELETE FROM ec_review WHERE ec_review.review_id = '%s'", $reviewid);
    93. 

  93. 			  //Run query on database;
    94. 

  94. 			  mysql_query($deletesql);
    95. 

  95. 			  
    96. 

  96. 			  //if no errors, return their current Client ID
    97. 

  97. 			  //if results, convert to an array for use in flash
    98. 

  98. 			  if(!mysql_error()) {
    99. 

  99. 				  $returnArray[] ="success";
    100. 

  100. 				  return($returnArray); //return array results if there are some
    101. 

  101. 			  } else {
    102. 

  102. 				  $returnArray[] = "error";
    103. 

  103. 				  return $returnArray; //return noresults if there are no results
    104. 

  104. 			  }
    105. 

  105. 		}
    106. 

  106. 		function updatereview($reviewid, $review) {
    107. 

  107. 			  //convert object to array
    108. 

  108. 			  $review = (array)$review;
    109. 

  109. 			  
    110. 

  110. 			  
    111. 

  111. 			  //Create SQL Query
    112. 

  112. 			   $sql = $this->escape("UPDATE ec_review SET ec_review.approved='%s', ec_review.title='%s', ec_review.description='%s', ec_review.rating='%s' WHERE ec_review.review_id = '%s'", $review['approved'], $review['reviewtitle'],$review['reviewdescription'],$review['rating'],$reviewid);
    113. 

  113. 

  114. 			//Run query on database;
    115. 

  115. 			mysql_query($sql);
    116. 

  116. 			//if no errors, return their current Client ID
    117. 

  117. 			//if results, convert to an array for use in flash
    118. 

  118. 			if(!mysql_error()) {
    119. 

  119. 				$returnArray[] ="success";
    120. 

  120. 				return($returnArray); //return array results if there are some
    121. 

  121. 			} else {
    122. 

  122. 				$returnArray[] = "error";
    123. 

  123. 				return $returnArray; //return noresults if there are no results
    124. 

  124. 			}
    125. 

  125. 		}
    126. 

  126. 

  127. 

  128. 

  129. 

  130. 	}//close class
    131. 

  131. ?>
    132.