Jump to content
canonmusic

only customers who have purchased the product are allowed to submit a review

Recommended Posts

I have read the contribution "Product_Reviews_Write_Check"on osc contribution.

It add some code in original product_reviews_write.php

 

I used it,

but no matter I bought or not that product,

system always said

"You have not ordered this product"

so I can't write reviews.

 

Would you please resolve the problem for me?thx a lot!

 

<?php
/*
 $Id: product_reviews_write.php,v 1.55 2003/06/20 14:25:58 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

 if (!tep_session_is_registered('customer_id')) {
$navigation->set_snapshot();
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

 $product_info_query = tep_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "'");
 if (!tep_db_num_rows($product_info_query)) {
tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
 } else {
$product_info = tep_db_fetch_array($product_info_query);
 }

 $customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
 $customer = tep_db_fetch_array($customer_query);

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);
$review = tep_db_prepare_input($HTTP_POST_VARS['review']);

$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_TEXT);
}

if (($rating < 1) || ($rating > 5)) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_RATING);
}

// ##### Start: Products Review Write Check
// @mark.duc.tran@gmail.com
	// see if this person has left a review
	$query = "SELECT reviews_id FROM reviews WHERE products_id='$products_id' AND customers_id='$customer_id'";
	$result = mysql_query($query);
	if (mysql_num_rows($result) > 0)
	{
	$error = true;
	$messageStack->add('review', "You have already left a review for this product");
}

	// see if this customer purchased the product
	// only if not test account then we check this
	$b_bought_product = false;
	// grab all orders by this customer
	$query = "SELECT orders_id FROM orders WHERE customers_id='$customer_id'";
	$result = mysql_query($query);

	// check all orders from this customer
	if (mysql_num_rows($result) > 0)
	{
		// if they have, check orders
		while ($arr_order_ids = mysql_fetch_array($result))
		{
			$order_id_curr = $arr_order_ids['orders_id'];
			// for this order_id, iterate through products and compare products_ids the one being reviewed
			$products_id_of_order_query = "SELECT products_id FROM orders_products WHERE orders_id='$order_id_curr'";
			$result_product_ids = mysql_query($products_id_of_order_query);
			while ($arr_product_ids = mysql_fetch_array($result_product_ids))
			{
				$products_id_curr = $arr_product_ids['products_id'];
				if ($products_id_curr == $products_id)
				{
					$b_bought_product = true;
				}
			}
		}
	}

	if (!$b_bought_product)
	{
		$error = true;
	$messageStack->add('review', "You have not ordered this product");
	}
	// ##### END: Product Reviews Write Check

if ($error == false) {
  tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int)$HTTP_GET_VARS['products_id'] . "', '" . (int)$customer_id . "', '" . tep_db_input($customer['customers_firstname']) . ' ' . tep_db_input($customer['customers_lastname']) . "', '" . tep_db_input($rating) . "', now())");
  $insert_id = tep_db_insert_id();

  tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($review) . "')");

  tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
}
 }

 if ($new_price = tep_get_products_special_price($product_info['products_id'])) {
$products_price = '<s>' . $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])) . '</s> <span class="productSpecialPrice">' . $currencies->display_price($new_price, tep_get_tax_rate($product_info['products_tax_class_id'])) . '</span>';
 } else {
$products_price = $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id']));
 }

 if (tep_not_null($product_info['products_model'])) {
$products_name = $product_info['products_name'] . '<br><span class="smallText">[' . $product_info['products_model'] . ']</span>';
 } else {
$products_name = $product_info['products_name'];
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PRODUCT_REVIEWS_WRITE);

 $breadcrumb->add(NAvb script:popupWindow(\\\'' . tep_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $product_info['products_id']) . '\\\')">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], addslashes($product_info['products_name']), SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>');
//--></script>
<noscript>
<?php echo '<a href="' . tep_href_link(DIR_WS_IMAGES . $product_info['products_image']) . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], $product_info['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>
</noscript>
<?php
 }

 echo '<p><a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now') . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a></p>';
?>
			</td>
		  </tr>
		</table>
	  </td>
	</table></td>
  </tr>
</table></form></td>
<!-- body_text_eof //-->
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
</table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Edited by canonmusic

Share this post


Link to post
Share on other sites

I have exactly the same problem. I wonder if you succeeded at finding the solution and if so if you would let me know.

 

Thanks!

 

I have read the contribution "Product_Reviews_Write_Check"on osc contribution.

It add some code in original product_reviews_write.php

 

I used it,

but no matter I bought or not that product,

system always said

"You have not ordered this product"

so I can't write reviews.

 

Would you please resolve the problem for me?thx a lot!

 

<?php
/*
 $Id: product_reviews_write.php,v 1.55 2003/06/20 14:25:58 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

 if (!tep_session_is_registered('customer_id')) {
$navigation->set_snapshot();
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

 $product_info_query = tep_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "'");
 if (!tep_db_num_rows($product_info_query)) {
tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
 } else {
$product_info = tep_db_fetch_array($product_info_query);
 }

 $customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
 $customer = tep_db_fetch_array($customer_query);

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);
$review = tep_db_prepare_input($HTTP_POST_VARS['review']);

$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_TEXT);
}

if (($rating < 1) || ($rating > 5)) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_RATING);
}

// ##### Start: Products Review Write Check
// @mark.duc.tran@gmail.com
	// see if this person has left a review
	$query = "SELECT reviews_id FROM reviews WHERE products_id='$products_id' AND customers_id='$customer_id'";
	$result = mysql_query($query);
	if (mysql_num_rows($result) > 0)
	{
	$error = true;
	$messageStack->add('review', "You have already left a review for this product");
}

	// see if this customer purchased the product
	// only if not test account then we check this
	$b_bought_product = false;
	// grab all orders by this customer
	$query = "SELECT orders_id FROM orders WHERE customers_id='$customer_id'";
	$result = mysql_query($query);

	// check all orders from this customer
	if (mysql_num_rows($result) > 0)
	{
		// if they have, check orders
		while ($arr_order_ids = mysql_fetch_array($result))
		{
			$order_id_curr = $arr_order_ids['orders_id'];
			// for this order_id, iterate through products and compare products_ids the one being reviewed
			$products_id_of_order_query = "SELECT products_id FROM orders_products WHERE orders_id='$order_id_curr'";
			$result_product_ids = mysql_query($products_id_of_order_query);
			while ($arr_product_ids = mysql_fetch_array($result_product_ids))
			{
				$products_id_curr = $arr_product_ids['products_id'];
				if ($products_id_curr == $products_id)
				{
					$b_bought_product = true;
				}
			}
		}
	}

	if (!$b_bought_product)
	{
		$error = true;
	$messageStack->add('review', "You have not ordered this product");
	}
	// ##### END: Product Reviews Write Check

if ($error == false) {
  tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int)$HTTP_GET_VARS['products_id'] . "', '" . (int)$customer_id . "', '" . tep_db_input($customer['customers_firstname']) . ' ' . tep_db_input($customer['customers_lastname']) . "', '" . tep_db_input($rating) . "', now())");
  $insert_id = tep_db_insert_id();

  tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($review) . "')");

  tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
}
 }

 if ($new_price = tep_get_products_special_price($product_info['products_id'])) {
$products_price = '<s>' . $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])) . '</s> <span class="productSpecialPrice">' . $currencies->display_price($new_price, tep_get_tax_rate($product_info['products_tax_class_id'])) . '</span>';
 } else {
$products_price = $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id']));
 }

 if (tep_not_null($product_info['products_model'])) {
$products_name = $product_info['products_name'] . '<br><span class="smallText">[' . $product_info['products_model'] . ']</span>';
 } else {
$products_name = $product_info['products_name'];
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PRODUCT_REVIEWS_WRITE);

 $breadcrumb->add(NAvb script:popupWindow(\\\'' . tep_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $product_info['products_id']) . '\\\')">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], addslashes($product_info['products_name']), SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>');
//--></script>
<noscript>
<?php echo '<a href="' . tep_href_link(DIR_WS_IMAGES . $product_info['products_image']) . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], $product_info['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>
</noscript>
<?php
 }

 echo '<p><a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now') . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a></p>';
?>
			</td>
		  </tr>
		</table>
	  </td>
	</table></td>
  </tr>
</table></form></td>
<!-- body_text_eof //-->
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
</table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Share this post


Link to post
Share on other sites

I have exactly the same problem. I wonder if you succeeded at finding the solution and if so if you would let me know.

 

Thanks!

 

I have read the contribution "Product_Reviews_Write_Check"on osc contribution.

It add some code in original product_reviews_write.php

 

I used it,

but no matter I bought or not that product,

system always said

"You have not ordered this product"

so I can't write reviews.

 

Would you please resolve the problem for me?thx a lot!

 

<?php
/*
 $Id: product_reviews_write.php,v 1.55 2003/06/20 14:25:58 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

 if (!tep_session_is_registered('customer_id')) {
$navigation->set_snapshot();
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

 $product_info_query = tep_db_query("select p.products_id, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "'");
 if (!tep_db_num_rows($product_info_query)) {
tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
 } else {
$product_info = tep_db_fetch_array($product_info_query);
 }

 $customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
 $customer = tep_db_fetch_array($customer_query);

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);
$review = tep_db_prepare_input($HTTP_POST_VARS['review']);

$error = false;
if (strlen($review) < REVIEW_TEXT_MIN_LENGTH) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_TEXT);
}

if (($rating < 1) || ($rating > 5)) {
  $error = true;

  $messageStack->add('review', JS_REVIEW_RATING);
}

// ##### Start: Products Review Write Check
// @mark.duc.tran@gmail.com
	// see if this person has left a review
	$query = "SELECT reviews_id FROM reviews WHERE products_id='$products_id' AND customers_id='$customer_id'";
	$result = mysql_query($query);
	if (mysql_num_rows($result) > 0)
	{
	$error = true;
	$messageStack->add('review', "You have already left a review for this product");
}

	// see if this customer purchased the product
	// only if not test account then we check this
	$b_bought_product = false;
	// grab all orders by this customer
	$query = "SELECT orders_id FROM orders WHERE customers_id='$customer_id'";
	$result = mysql_query($query);

	// check all orders from this customer
	if (mysql_num_rows($result) > 0)
	{
		// if they have, check orders
		while ($arr_order_ids = mysql_fetch_array($result))
		{
			$order_id_curr = $arr_order_ids['orders_id'];
			// for this order_id, iterate through products and compare products_ids the one being reviewed
			$products_id_of_order_query = "SELECT products_id FROM orders_products WHERE orders_id='$order_id_curr'";
			$result_product_ids = mysql_query($products_id_of_order_query);
			while ($arr_product_ids = mysql_fetch_array($result_product_ids))
			{
				$products_id_curr = $arr_product_ids['products_id'];
				if ($products_id_curr == $products_id)
				{
					$b_bought_product = true;
				}
			}
		}
	}

	if (!$b_bought_product)
	{
		$error = true;
	$messageStack->add('review', "You have not ordered this product");
	}
	// ##### END: Product Reviews Write Check

if ($error == false) {
  tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . (int)$HTTP_GET_VARS['products_id'] . "', '" . (int)$customer_id . "', '" . tep_db_input($customer['customers_firstname']) . ' ' . tep_db_input($customer['customers_lastname']) . "', '" . tep_db_input($rating) . "', now())");
  $insert_id = tep_db_insert_id();

  tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($review) . "')");

  tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params(array('action'))));
}
 }

 if ($new_price = tep_get_products_special_price($product_info['products_id'])) {
$products_price = '<s>' . $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])) . '</s> <span class="productSpecialPrice">' . $currencies->display_price($new_price, tep_get_tax_rate($product_info['products_tax_class_id'])) . '</span>';
 } else {
$products_price = $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id']));
 }

 if (tep_not_null($product_info['products_model'])) {
$products_name = $product_info['products_name'] . '<br><span class="smallText">[' . $product_info['products_model'] . ']</span>';
 } else {
$products_name = $product_info['products_name'];
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PRODUCT_REVIEWS_WRITE);

 $breadcrumb->add(NAvb script:popupWindow(\\\'' . tep_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $product_info['products_id']) . '\\\')">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], addslashes($product_info['products_name']), SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>');
//--></script>
<noscript>
<?php echo '<a href="' . tep_href_link(DIR_WS_IMAGES . $product_info['products_image']) . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], $product_info['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>
</noscript>
<?php
 }

 echo '<p><a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now') . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a></p>';
?>
			</td>
		  </tr>
		</table>
	  </td>
	</table></td>
  </tr>
</table></form></td>
<!-- body_text_eof //-->
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
</table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Share this post


Link to post
Share on other sites
I have exactly the same problem. I wonder if you succeeded at finding the solution and if so if you would let me know.

 

Thanks!

I don't see how the script has any effect. Where is b_bought_product defined?


The Coopco Underwear Shop

 

If you live to be 100 years of age, that means you have lived for 36,525 days. Don't waste another, there aren't many left.

Share this post


Link to post
Share on other sites

I know that this is an old thread, however, because I recently solved this problem, I will share it here for anyone who is looking for the solution.

The problem is that the variable $products_id is not defined.

So,.... find this code at the top of product_reviews_write.php page, around line 31:

  if (!tep_db_num_rows($product_info_query)) {
      tep_redirect(tep_href_link('product_reviews.php', tep_get_all_get_params(array('action'))));
  } else {
      $product_info = tep_db_fetch_array($product_info_query);
  }

and replace it with this:

  if (!tep_db_num_rows($product_info_query)) {
      tep_redirect(tep_href_link('product_reviews.php', tep_get_all_get_params(array('action'))));
  } else {
      $product_info = tep_db_fetch_array($product_info_query);
      $products_id = $product_info['products_id'];
  }

 

This should make the error validation work properly. It did for me.

 


osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×