Systeme de note produit

Started by noya_m,,

30 posts in this topic

Posted · Report post

Bonjour,

ci joint la table :

CREATE TABLE `ratings2` (

`id` varchar(11) collate utf8_unicode_ci NOT NULL default '',

`total_votes` int(11) NOT NULL default '0',

`total_value` int(11) NOT NULL default '0',

`used_ips` longtext collate utf8_unicode_ci NOT NULL

) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

****************************

page config-rating.php

exemple:

$rating_dbhost = 'localhost';

$rating_dbuser = 'root';

$rating_dbpass = '';

$rating_dbname = 'produits_bretons';

$rating_tableName = 'ratings2';

$rating_path_db = 'http://localhost/00_produitbreton/achat/modeles/';

$rating_path_rpc = 'http://localhost/00_produitbreton/achat/modeles/';

****************************

voir en bas de cette page

<?php

function rating_bar($id,$units='',$static='') {

require('_config-rating.php'); // get the db connection info

//set some variables

$ip = $_SERVER['REMOTE_ADDR'];

if (!$units) {$units = 10;}

if (!$static) {$static = FALSE;}

// get votes, values, ips for the current rating bar

$query=mysql_query("SELECT total_votes, total_value, used_ips FROM $rating_dbname.$rating_tableName WHERE id='$id' ")or die(" Error: ".mysql_error());

// insert the id in the DB if it doesn't exist already

// see: http://www.masugadesign.com/the-lab/script...ar/#comment-121

if (mysql_num_rows($query) == 0) {

$sql = "INSERT INTO $rating_dbname.$rating_tableName (`id`,`total_votes`, `total_value`, `used_ips`) VALUES ('$id', '0', '0', '')";

$result = mysql_query($sql);

}

$numbers=mysql_fetch_assoc($query);

if ($numbers['total_votes'] < 1) {

$count = 0;

} else {

$count=$numbers['total_votes']; //how many votes total

}

$current_rating=$numbers['total_value']; //total number of rating added together and stored

$tense=($count==1) ? "vote" : "votes"; //plural form votes/vote

// determine whether the user has voted, so we know how to draw the ul/li

$voted=mysql_num_rows(mysql_query("SELECT used_ips FROM $rating_dbname.$rating_tableName WHERE used_ips LIKE '%".$ip."%' AND id='".$id."' "));

// now draw the rating bar

$rating_width = @number_format($current_rating/$count,2)*$rating_unitwidth;

$rating1 = @number_format($current_rating/$count,1);

$rating2 = @number_format($current_rating/$count,2);

if ($static == 'static') {

$static_rater = array();

$static_rater[] .= "\n".'<div class="ratingblock">';

$static_rater[] .= '<div id="unit_long'.$id.'">';

$static_rater[] .= '<ul id="unit_ul'.$id.'" class="unit-rating" style="width:'.$rating_unitwidth*$units.'px;">';

$static_rater[] .= '<li class="current-rating" style="width:'.$rating_width.'px;">Currently '.$rating2.'/'.$units.'</li>';

$static_rater[] .= '</ul>';

$static_rater[] .= '<p class="static">'.$id.'. Rating: <strong> '.$rating1.'</strong>/'.$units.' ('.$count.' '.$tense.' cast) <em>This is \'static\'.</em></p>';

$static_rater[] .= '</div>';

$static_rater[] .= '</div>'."\n\n";

return join("\n", $static_rater);

} else {

$rater ='';

$rater.='<div class="ratingblock">';

// $rater.=($count==1) ? "Soyez le 1 er a mettre une note a ce produit" : "Votez"; //plural form votes/vote

$rater.='<div id="unit_long'.$id.'">';

$rater.=' <ul id="unit_ul'.$id.'" class="unit-rating" style="width:'.$rating_unitwidth*$units.'px;">';

$rater.=' <li class="current-rating" style="width:'.$rating_width.'px;">Currently '.$rating2.'/'.$units.'</li>';

for ($ncount = 1; $ncount <= $units; $ncount++) { // loop from 1 to the number of units

if(!$voted) { // if the user hasn't yet voted, draw the voting stars

$rater.='<li><a href="http://localhost/00_produitbreton/achat/modeles/db.php?j='.$ncount.'&q='.$id.'&t='.$ip.'&c='.$units.'" title="'.$ncount.' out of '.$units.'" class="r'.$ncount.'-unit rater" rel="nofollow">'.$ncount.'</a></li>';

}

}

$ncount=0; // resets the count

$rater.=' </ul>';

$rater.=' <p';

if($voted){ $rater.=' class="voted"'; }

$rater.='> Résultat : <strong> '.$rating1.'</strong>/'.$units.' ('.$count.' '.$tense.' )';

$rater.=' </p>';

$rater.='</div>';

$rater.='</div>';

return $rater;

}

}

?>

voila

Je trouve cette fonction tres utile mais au niveau sécurité c'est faible.

Avez-vous pensé au nombre d'attaques de hackers qu'on puisse avoir dans du php ?

Attention a ne pas trop transformer le code que patrice met en place.

Il ne va pas repondre a vos problemes ensuite.

Restez pro et commencez ne pas trop toucher à vos codes sans reflechir au probleme de sécurité.

Cordialement,

VRF

Share this post

: post
Share on other sites

Posted · Report post

Je me suis posé aussi cette question lorsque j'avais enfin réussi à le faire marché en local ... donc finalement je ne l'ai pas installé ...

Quelqu'un pourrai t-il nous dire si c'est risqué de l'installer ce script ?

Share this post

: post
Share on other sites

Posted · Report post

Effectivement cela est intéressant (trés) mais effectivement y a t-il un véritable risque ?

Share this post

: post
Share on other sites

Posted · Report post

Effectivement cela est intéressant (trés) mais effectivement y a t-il un véritable risque ?

C'est a dire un veritable risque et ou

Merci

Share this post

: post
Share on other sites

Posted · Report post

C'est a dire un veritable risque et ou

Merci

up !

Share this post

: post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Go To Topic Listing Module PEEL Premium pour PEEL SHOPPING

Twitter Advisto ecommerce

Facebook PEEL Shopping