Jump to content
Sign in to follow this  
delaen

[Contrib] Allow users to edit their own product reviews

Recommended Posts

I have to warn you, my store is heavily modified, and you most likely will have to tinker with this somewhat to get it to work. I'd say it's probably a definite. If someone wanted to modify this so it works with a default install, that would be excellent.

 

Anyway, I hope this will help someone out.

 

This will allow a user, that is logged in, to edit their own product reviews.

 

First thing:

 

Add to following to application_top.php

 

  define('FILENAME_PRODUCT_REVIEWS_EDIT', 'product_reviews_edit.php');

 

Then, in product_reviews_info.php add the following few lines where you want the "Edit your review" message to display.

 

<?php 

           //if it is the users review, show link to edit it

           if ($customer_id == $reviews_values['customers_id']) {

           echo '- <b><a href="' . tep_href_link(FILENAME_PRODUCT_REVIEWS_EDIT, 'reviews_id=' . $reviews_values['reviews_id'], 'NONSSL') . '">Edit your review</a></b>';

        	 }

         ?>

 

 

Then create a file called "product_reviews_edit.php" and save it in the catalog folder. I have a "subject" field on my store for reviews, so this is modified to include that. I went through and tried to delete everything that references it, but I may have missed something. Let me know.

 

<?php

/*

 $Id: product_reviews_write.php,v 1.1.1.1 2002/11/28 23:21:31 wilt Exp $



 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com



 Copyright (c) 2002 osCommerce



 Released under the GNU General Public License

*/



 require('includes/application_top.php');



 // is user is not logged in, redirect to the log in page

 if (!tep_session_is_registered('customer_id')) {

   $navigation->set_snapshot();

   tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 }



//if reviews_id is sent through the form, get the proper reviews_id

if (!$HTTP_GET_VARS['reviews_id']) {

 $HTTP_GET_VARS['reviews_id'] = $HTTP_POST_VARS['reviews_id'];

} 

 

// get review to edit from the database.  Make sure it is the correct user as well.

 if ($HTTP_GET_VARS['reviews_id']) {

  $review = tep_db_query("select rd.reviews_text, r.reviews_rating, r.reviews_id, r.products_id, r.date_added, r.last_modified, r.customers_id, r.reviews_read, c.customers_name from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd left join " . TABLE_CUSTOMERS . " c on r.customers_id = c.customers_id where r.reviews_id = '" . $HTTP_GET_VARS['reviews_id'] . "' and r.reviews_id = rd.reviews_id");

   $review_values = tep_db_fetch_array($review);

 

 

 if (!tep_db_num_rows($review)) {

 // if review is not found, set variable

	 $reviewFound = false;

 $message = "You are trying to edit a review that does not exist.  Please hit the back button on your browser";



 } else {

	 $reviewFound = true;

   // validate if correct user

	 if ($customer_id == $review_values['customers_id']) {

      $correctUser = true;

	 

   //set values to display initially

   $viewReview = stripslashes($review_values['reviews_text']);

   $viewSubject = stripslashes($review_values['reviews_subject']);

 

 

 

      if (@$HTTP_POST_VARS['action'] == 'process') {

       // reset these two values to display if there is an error

      	 $viewReview = stripslashes($HTTP_POST_VARS['review']);

       $viewSubject = stripslashes($HTTP_POST_VARS['subject']);

      

          $date_now = date('Ymd');

    	 if (($HTTP_POST_VARS['rating'] == 0) || (strlen($HTTP_POST_VARS['subject']) < 5) || (strlen($HTTP_POST_VARS['review']) < REVIEW_TEXT_MIN_LENGTH)) {

       

       $error_message = '<b>There is a problem with your review.</b><p>';

       if ($HTTP_POST_VARS['rating'] == 0) {

      	 $error_message .= 'Please select a rating for your review<br>';

       }

       if (strlen($HTTP_POST_VARS['subject']) < 5) {

      	 $error_message .= 'The subject must be atleast 5 characters long<br>';

       }

       if (strlen($HTTP_POST_VARS['review']) < REVIEW_TEXT_MIN_LENGTH) {

      	 $error_message .= 'The length of the review must be atleast ' . REVIEW_TEXT_MIN_LENGTH . ' characters long<br>';

       }

       

    	 } else {	

       $stripped_subject = addslashes($HTTP_POST_VARS['subject']);

       $stripped_review = addslashes($HTTP_POST_VARS['review']);

    	 

       tep_db_query("UPDATE " . TABLE_REVIEWS . " SET reviews_rating = '" . $HTTP_POST_VARS['rating'] . "' WHERE reviews_id = '" . $review_values['reviews_id'] . "'");

          $insert_id = tep_db_insert_id();

          tep_db_query("UPDATE " . TABLE_REVIEWS_DESCRIPTION . " SET reviews_text = '" . $stripped_review . "' WHERE reviews_id = '" . $review_values['reviews_id'] . "'");

          tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS_INFO, 'reviews_id=' . $review_values['reviews_id'], 'NONSSL'));

    	 }

     }

	 

   } else {

  	 $correctUser = false;

   $messageUser = "You did not write this review.  You may only edit your own reviews.";

   }	

   

   

    

 

 

 

 

 

 

 

 

 

 

 

 

 }

 

 

 

 

 }









// lets retrieve all $HTTP_GET_VARS keys and values..

 $get_params = tep_get_all_get_params();

 $get_params_back = tep_get_all_get_params(array('reviews_id')); // for back button

 $get_params = substr($get_params, 0, -1); //remove trailing &

 if ($get_params_back != '') {

   $get_params_back = substr($get_params_back, 0, -1); //remove trailing &

 } else {

   $get_params_back = $get_params;

 }



 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PRODUCT_REVIEWS_WRITE);



 $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_PRODUCT_REVIEWS, $get_params, 'NONSSL'));



 $product = tep_db_query("select pd.products_name, p.products_image from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . $HTTP_GET_VARS['products_id'] . "' and pd.products_id = p.products_id and pd.language_id = '" . $languages_id . "'");

 $product_info_values = tep_db_fetch_array($product);



?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<?php

// BOF: WebMakers.com Changed: Header Tag Controller v1.0

// Replaced by header_tags.php

if ( file_exists(DIR_WS_INCLUDES . 'header_tags.php') ) {

 require(DIR_WS_INCLUDES . 'header_tags.php');

} else {

?> 

 <title><?php echo TITLE ?></title>

<?php

}

// EOF: WebMakers.com Changed: Header Tag Controller v1.0

?>

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="<? echo THEMA_STYLE;?>">

<script language="javascript"><!--

function checkForm() {

 var error = 0;

 var error_message = "<?php echo JS_ERROR; ?>";



 var review = document.product_reviews_write.review.value;

   

 if (review.length < <?php echo REVIEW_TEXT_MIN_LENGTH; ?>) {

   error_message = error_message + "<?php echo JS_REVIEW_TEXT; ?>";

   error = 1;

 }



 if ((document.product_reviews_write.rating[0].checked) || (document.product_reviews_write.rating[1].checked) || (document.product_reviews_write.rating[2].checked) || (document.product_reviews_write.rating[3].checked) || (document.product_reviews_write.rating[4].checked)) {

 } else {

   error_message = error_message + "<?php echo JS_REVIEW_RATING; ?>";

   error = 1;

 }



 if (error == 1) {

   alert(error_message);

   return false;

 } else {

   return true;

 }

}

//--></script>

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->



<!-- body //-->

<table border="0" width="100%" cellspacing="5" cellpadding="0">

 <tr>

   <td width="<?php echo BOX_WIDTH; ?>" valign="top" class="leftcolumn"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="0">

<!-- left_navigation //-->

<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>

<!-- left_navigation_eof //-->

   </table></td>

<!-- body_text //-->

   <td width="100%" valign="top">

<?php 

if (!$reviewFound) {

echo $message;



} elseif (!$correctUser) {

echo $messageUser;



} else {	



?>	





<form name="product_reviews_write" method="post" action="<?php echo tep_href_link(FILENAME_PRODUCT_REVIEWS_EDIT, '', 'NONSSL'); ?>" onSubmit="return checkForm();"><table border="0" width="100%" cellspacing="0" cellpadding="0">

     <tr>

       <td>



 

 <table border="0" width="100%" cellspacing="0" cellpadding="0">

         <tr>

  	 <td class="main" align="center"><?php echo $error_message; ?><p></td>

   </tr>

   <tr>

           <td class="pageHeading">Edit Your Review</td>

         </tr>

       </table>

 

 </td>

     </tr>

     <tr>

       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

     </tr>

     <tr>

       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">

         <tr>

           <td class="main"><b><?php echo SUB_TITLE_FROM; ?></b> <?php echo $review_values['customers_name']; ?></td>

         </tr>

         <tr>

           <td class="main"><br><b><?php echo SUB_TITLE_REVIEW; ?></b></td>

         </tr>

         <tr>

           <td><?php echo tep_draw_textarea_field('review', 'soft', 60, 15, $viewReview);?></td>

         </tr>

         <tr>

           <td class="smallText"><?php echo TEXT_NO_HTML; ?></td>

         </tr>

       </table></td>

     </tr>

     <tr>

       <td class="main"><br><b><?php echo SUB_TITLE_RATING; ?></b> <?php echo TEXT_BAD; ?> <input type="radio" name="rating" value="1"> <input type="radio" name="rating" value="2"> <input type="radio" name="rating" value="3"> <input type="radio" name="rating" value="4"> <input type="radio" name="rating" value="5"> <?php echo TEXT_GOOD; ?></td>

     </tr>

     <tr>

       <td class="main"><br><table border="0" width="100%" cellspacing="0" cellpadding="2">

         <tr>

           <td class="main"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCT_REVIEWS_INFO, $get_params_back, 'NONSSL') . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>

           <td align="right" class="main"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>

         </tr>

       </table></td>

     </tr>

   </table>

<input type="hidden" name="get_params" value="<?php echo $get_params; ?>">

<input type="hidden" name="reviews_id" value="<?php echo $review_values['reviews_id']; ?>">

<input type="hidden" name="action" value="process">

</form>



<?php

}

?>	

 </td>

<!-- body_text_eof //-->



 </tr>

</table>

<!-- body_eof //-->



<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

 

Even on my store I'm not 100% this is bug free, although I haven't been able to find any yet. Be sure to back everything up before doing anything (as always), and remember that you may have to make some minor (I don't think there are any "major" changes, although I could be wrong) changes to get this to work.

Share this post


Link to post
Share on other sites

I just noticed a few subject references I forgot to delete.

 

Get rid of lines 45 and 52.

 

$viewSubject = stripslashes($review_values['reviews_subject']);

 

and

 

$viewSubject = stripslashes($HTTP_POST_VARS['subject']);

Share this post


Link to post
Share on other sites

Whoops.

 

This

$review = tep_db_query("select rd.reviews_text, r.reviews_rating, r.reviews_id, r.products_id, r.date_added, r.last_modified, r.customers_id, r.reviews_read, c.customers_name from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd left join " . TABLE_CUSTOMERS . " c on r.customers_id = c.customers_id where r.reviews_id = '" . $HTTP_GET_VARS['reviews_id'] . "' and r.reviews_id = rd.reviews_id");

 

Should be changed to this

 

$review = tep_db_query("select rd.reviews_text, r.reviews_rating, r.reviews_id, r.products_id, r.date_added, r.last_modified, r.customers_id, r.reviews_read, c.customers_name from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd left join " . TABLE_CUSTOMERS . " c on r.customers_id = c.customers_id where r.reviews_id = '" . $HTTP_GET_VARS['reviews_id'] . "' and r.reviews_id = rd.reviews_id");

 

Does anyone else even have a need for something like this? Should I bother sticking it in the contributions section (being that I'm not 100% sure it works with default anyway. Even though it wouldn't be super difficult to do)?

Share this post


Link to post
Share on other sites

Heh, I just copied and pasted the same code both times there. Here's what it SHOULD be:

 

$review = tep_db_query("select rd.reviews_text, r.reviews_rating, r.reviews_id, r.products_id, r.date_added, r.last_modified, r.customers_id, r.reviews_read, r.customers_name from " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd left join " . TABLE_CUSTOMERS . " c on r.customers_id = c.customers_id where r.reviews_id = '" . $HTTP_GET_VARS['reviews_id'] . "' and r.reviews_id = rd.reviews_id");

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×