Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

only customers who have purchased the product are allowed to submit a review


canonmusic

Recommended Posts

I have read the contribution "Product_Reviews_Write_Check"on osc contribution.

It add some code in original product_reviews_write.php

 

I used it,

but no matter I bought or not that product,

system always said

"You have not ordered this product"

so I can't write reviews.

 

Would you please resolve the problem for me?thx a lot!

 

<?php
/*
 $Id: product_reviews_write.php,v 1.55 2003/06/20 14:25:58 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

 if (!tep_session_is_registered('customer_id')) {
$navigation->set_snapshot();
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

 $product_info_query = tep_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "'");
 if (!tep_db_num_rows($product_info_query)) {
tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
 } else {
$product_info = tep_db_fetch_array($product_info_query);
 }

 $customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
 $customer = tep_db_fetch_array($customer_query);

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);
$review = tep_db_prepare_input($HTTP_POST_VARS['review']);

$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_TEXT);
}

if (($rating < 1) || ($rating > 5)) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_RATING);
}

// ##### Start: Products Review Write Check
// @[email protected]
	// see if this person has left a review
	$query = "SELECT reviews_id FROM reviews WHERE products_id='$products_id' AND customers_id='$customer_id'";
	$result = mysql_query($query);
	if (mysql_num_rows($result) > 0)
	{
	$error = true;
	$messageStack->add('review', "You have already left a review for this product");
}

	// see if this customer purchased the product
	// only if not test account then we check this
	$b_bought_product = false;
	// grab all orders by this customer
	$query = "SELECT orders_id FROM orders WHERE customers_id='$customer_id'";
	$result = mysql_query($query);

	// check all orders from this customer
	if (mysql_num_rows($result) > 0)
	{
		// if they have, check orders
		while ($arr_order_ids = mysql_fetch_array($result))
		{
			$order_id_curr = $arr_order_ids['orders_id'];
			// for this order_id, iterate through products and compare products_ids the one being reviewed
			$products_id_of_order_query = "SELECT products_id FROM orders_products WHERE orders_id='$order_id_curr'";
			$result_product_ids = mysql_query($products_id_of_order_query);
			while ($arr_product_ids = mysql_fetch_array($result_product_ids))
			{
				$products_id_curr = $arr_product_ids['products_id'];
				if ($products_id_curr == $products_id)
				{
					$b_bought_product = true;
				}
			}
		}
	}

	if (!$b_bought_product)
	{
		$error = true;
	$messageStack->add('review', "You have not ordered this product");
	}
	// ##### END: Product Reviews Write Check

if ($error == false) {
  tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int)$HTTP_GET_VARS['products_id'] . "', '" . (int)$customer_id . "', '" . tep_db_input($customer['customers_firstname']) . ' ' . tep_db_input($customer['customers_lastname']) . "', '" . tep_db_input($rating) . "', now())");
  $insert_id = tep_db_insert_id();

  tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($review) . "')");

  tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
}
 }

 if ($new_price = tep_get_products_special_price($product_info['products_id'])) {
$products_price = '<s>' . $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])) . '</s> <span class="productSpecialPrice">' . $currencies->display_price($new_price, tep_get_tax_rate($product_info['products_tax_class_id'])) . '</span>';
 } else {
$products_price = $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id']));
 }

 if (tep_not_null($product_info['products_model'])) {
$products_name = $product_info['products_name'] . '<br><span class="smallText">[' . $product_info['products_model'] . ']</span>';
 } else {
$products_name = $product_info['products_name'];
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PRODUCT_REVIEWS_WRITE);

 $breadcrumb->add(NAvb script:popupWindow(\\\'' . tep_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $product_info['products_id']) . '\\\')">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], addslashes($product_info['products_name']), SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>');
//--></script>
<noscript>
<?php echo '<a href="' . tep_href_link(DIR_WS_IMAGES . $product_info['products_image']) . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], $product_info['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>
</noscript>
<?php
 }

 echo '<p><a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now') . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a></p>';
?>
			</td>
		  </tr>
		</table>
	  </td>
	</table></td>
  </tr>
</table></form></td>
<!-- body_text_eof //-->
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
</table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Edited by canonmusic
Link to comment
Share on other sites

  • 5 months later...

I have exactly the same problem. I wonder if you succeeded at finding the solution and if so if you would let me know.

 

Thanks!

 

I have read the contribution "Product_Reviews_Write_Check"on osc contribution.

It add some code in original product_reviews_write.php

 

I used it,

but no matter I bought or not that product,

system always said

"You have not ordered this product"

so I can't write reviews.

 

Would you please resolve the problem for me?thx a lot!

 

<?php
/*
 $Id: product_reviews_write.php,v 1.55 2003/06/20 14:25:58 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

 if (!tep_session_is_registered('customer_id')) {
$navigation->set_snapshot();
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

 $product_info_query = tep_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "'");
 if (!tep_db_num_rows($product_info_query)) {
tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
 } else {
$product_info = tep_db_fetch_array($product_info_query);
 }

 $customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
 $customer = tep_db_fetch_array($customer_query);

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);
$review = tep_db_prepare_input($HTTP_POST_VARS['review']);

$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_TEXT);
}

if (($rating < 1) || ($rating > 5)) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_RATING);
}

// ##### Start: Products Review Write Check
// @[email protected]
	// see if this person has left a review
	$query = "SELECT reviews_id FROM reviews WHERE products_id='$products_id' AND customers_id='$customer_id'";
	$result = mysql_query($query);
	if (mysql_num_rows($result) > 0)
	{
	$error = true;
	$messageStack->add('review', "You have already left a review for this product");
}

	// see if this customer purchased the product
	// only if not test account then we check this
	$b_bought_product = false;
	// grab all orders by this customer
	$query = "SELECT orders_id FROM orders WHERE customers_id='$customer_id'";
	$result = mysql_query($query);

	// check all orders from this customer
	if (mysql_num_rows($result) > 0)
	{
		// if they have, check orders
		while ($arr_order_ids = mysql_fetch_array($result))
		{
			$order_id_curr = $arr_order_ids['orders_id'];
			// for this order_id, iterate through products and compare products_ids the one being reviewed
			$products_id_of_order_query = "SELECT products_id FROM orders_products WHERE orders_id='$order_id_curr'";
			$result_product_ids = mysql_query($products_id_of_order_query);
			while ($arr_product_ids = mysql_fetch_array($result_product_ids))
			{
				$products_id_curr = $arr_product_ids['products_id'];
				if ($products_id_curr == $products_id)
				{
					$b_bought_product = true;
				}
			}
		}
	}

	if (!$b_bought_product)
	{
		$error = true;
	$messageStack->add('review', "You have not ordered this product");
	}
	// ##### END: Product Reviews Write Check

if ($error == false) {
  tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int)$HTTP_GET_VARS['products_id'] . "', '" . (int)$customer_id . "', '" . tep_db_input($customer['customers_firstname']) . ' ' . tep_db_input($customer['customers_lastname']) . "', '" . tep_db_input($rating) . "', now())");
  $insert_id = tep_db_insert_id();

  tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($review) . "')");

  tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
}
 }

 if ($new_price = tep_get_products_special_price($product_info['products_id'])) {
$products_price = '<s>' . $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])) . '</s> <span class="productSpecialPrice">' . $currencies->display_price($new_price, tep_get_tax_rate($product_info['products_tax_class_id'])) . '</span>';
 } else {
$products_price = $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id']));
 }

 if (tep_not_null($product_info['products_model'])) {
$products_name = $product_info['products_name'] . '<br><span class="smallText">[' . $product_info['products_model'] . ']</span>';
 } else {
$products_name = $product_info['products_name'];
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PRODUCT_REVIEWS_WRITE);

 $breadcrumb->add(NAvb script:popupWindow(\\\'' . tep_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $product_info['products_id']) . '\\\')">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], addslashes($product_info['products_name']), SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>');
//--></script>
<noscript>
<?php echo '<a href="' . tep_href_link(DIR_WS_IMAGES . $product_info['products_image']) . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], $product_info['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>
</noscript>
<?php
 }

 echo '<p><a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now') . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a></p>';
?>
			</td>
		  </tr>
		</table>
	  </td>
	</table></td>
  </tr>
</table></form></td>
<!-- body_text_eof //-->
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
</table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Link to comment
Share on other sites

I have exactly the same problem. I wonder if you succeeded at finding the solution and if so if you would let me know.

 

Thanks!

 

I have read the contribution "Product_Reviews_Write_Check"on osc contribution.

It add some code in original product_reviews_write.php

 

I used it,

but no matter I bought or not that product,

system always said

"You have not ordered this product"

so I can't write reviews.

 

Would you please resolve the problem for me?thx a lot!

 

<?php
/*
 $Id: product_reviews_write.php,v 1.55 2003/06/20 14:25:58 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

 if (!tep_session_is_registered('customer_id')) {
$navigation->set_snapshot();
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

 $product_info_query = tep_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "'");
 if (!tep_db_num_rows($product_info_query)) {
tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
 } else {
$product_info = tep_db_fetch_array($product_info_query);
 }

 $customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
 $customer = tep_db_fetch_array($customer_query);

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);
$review = tep_db_prepare_input($HTTP_POST_VARS['review']);

$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_TEXT);
}

if (($rating < 1) || ($rating > 5)) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_RATING);
}

// ##### Start: Products Review Write Check
// @[email protected]
	// see if this person has left a review
	$query = "SELECT reviews_id FROM reviews WHERE products_id='$products_id' AND customers_id='$customer_id'";
	$result = mysql_query($query);
	if (mysql_num_rows($result) > 0)
	{
	$error = true;
	$messageStack->add('review', "You have already left a review for this product");
}

	// see if this customer purchased the product
	// only if not test account then we check this
	$b_bought_product = false;
	// grab all orders by this customer
	$query = "SELECT orders_id FROM orders WHERE customers_id='$customer_id'";
	$result = mysql_query($query);

	// check all orders from this customer
	if (mysql_num_rows($result) > 0)
	{
		// if they have, check orders
		while ($arr_order_ids = mysql_fetch_array($result))
		{
			$order_id_curr = $arr_order_ids['orders_id'];
			// for this order_id, iterate through products and compare products_ids the one being reviewed
			$products_id_of_order_query = "SELECT products_id FROM orders_products WHERE orders_id='$order_id_curr'";
			$result_product_ids = mysql_query($products_id_of_order_query);
			while ($arr_product_ids = mysql_fetch_array($result_product_ids))
			{
				$products_id_curr = $arr_product_ids['products_id'];
				if ($products_id_curr == $products_id)
				{
					$b_bought_product = true;
				}
			}
		}
	}

	if (!$b_bought_product)
	{
		$error = true;
	$messageStack->add('review', "You have not ordered this product");
	}
	// ##### END: Product Reviews Write Check

if ($error == false) {
  tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int)$HTTP_GET_VARS['products_id'] . "', '" . (int)$customer_id . "', '" . tep_db_input($customer['customers_firstname']) . ' ' . tep_db_input($customer['customers_lastname']) . "', '" . tep_db_input($rating) . "', now())");
  $insert_id = tep_db_insert_id();

  tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($review) . "')");

  tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
}
 }

 if ($new_price = tep_get_products_special_price($product_info['products_id'])) {
$products_price = '<s>' . $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])) . '</s> <span class="productSpecialPrice">' . $currencies->display_price($new_price, tep_get_tax_rate($product_info['products_tax_class_id'])) . '</span>';
 } else {
$products_price = $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id']));
 }

 if (tep_not_null($product_info['products_model'])) {
$products_name = $product_info['products_name'] . '<br><span class="smallText">[' . $product_info['products_model'] . ']</span>';
 } else {
$products_name = $product_info['products_name'];
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PRODUCT_REVIEWS_WRITE);

 $breadcrumb->add(NAvb script:popupWindow(\\\'' . tep_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $product_info['products_id']) . '\\\')">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], addslashes($product_info['products_name']), SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>');
//--></script>
<noscript>
<?php echo '<a href="' . tep_href_link(DIR_WS_IMAGES . $product_info['products_image']) . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], $product_info['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>
</noscript>
<?php
 }

 echo '<p><a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now') . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a></p>';
?>
			</td>
		  </tr>
		</table>
	  </td>
	</table></td>
  </tr>
</table></form></td>
<!-- body_text_eof //-->
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
</table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Link to comment
Share on other sites

I have exactly the same problem. I wonder if you succeeded at finding the solution and if so if you would let me know.

 

Thanks!

I don't see how the script has any effect. Where is b_bought_product defined?

Link to comment
Share on other sites

  • 10 years later...

I know that this is an old thread, however, because I recently solved this problem, I will share it here for anyone who is looking for the solution.

The problem is that the variable $products_id is not defined.

So,.... find this code at the top of product_reviews_write.php page, around line 31:

  if (!tep_db_num_rows($product_info_query)) {
      tep_redirect(tep_href_link('product_reviews.php', tep_get_all_get_params(array('action'))));
  } else {
      $product_info = tep_db_fetch_array($product_info_query);
  }

and replace it with this:

  if (!tep_db_num_rows($product_info_query)) {
      tep_redirect(tep_href_link('product_reviews.php', tep_get_all_get_params(array('action'))));
  } else {
      $product_info = tep_db_fetch_array($product_info_query);
      $products_id = $product_info['products_id'];
  }

 

This should make the error validation work properly. It did for me.

 

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Link to comment
Share on other sites

Link to comment
Share on other sites

  • 3 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...