web-dev-qa-db-fra.com

Aide de base de données MySql pour un plugin

J'utilise un plugin WordPress appelé MyReview mais je souhaite y apporter quelques modifications.

Ce plugin a une fonctionnalité permettant de passer en revue les publications, où les utilisateurs viennent attribuer un classement par étoiles à la publication en fonction de la catégorie, ce que je veux, c’est qu’un utilisateur puisse attribuer une note à un message une seule fois. Pour ce faire, j’ai eu des mots avec l’auteur du plugin, qui m’a suggéré quelque chose comme ça,

Interrogez le tableau des commentaires pour connaître les commentaires du même identifiant de messagerie, vérifiez si des évaluations sont attachées. Si elles existent, n'acceptez pas les évaluations. Tous ces changements iraient dans myrp-save.php. Si vous connaissez PHP et êtes à l'aise avec phpMyAdmin pour comprendre les tables de la base de données, ce ne sera pas difficile à faire.

SELECT id FROM myrp_ratings as rat, wp_comments as com WHERE com.comment_ID=rat.comment_id AND com.comment_author_email='[email protected]' AND rat.value!='0' AND rat.value!='1' LIMIT 1

Comment puis-je mettre cette ligne dans ce fichier de plugin qui est myrp-save.php? Je pense que le code devrait être inséré après cette ligne ou avant cette ligne:

$wpdb->query("INSERT INTO `" . $wpdb->myrp_ratings . "`(`ID`, `category_id`, `post_id`, `comment_id`, `value`, `outof`, `weighted`) VALUES('', '{$name}', '{$postID}', '-1', '{$value}', '{$outof}', '" . ($value/$outof) . "')");

Comment cela peut-il être fait?

<?php

    function myrp_save_comment_fields($commentID)
    {
        global $wpdb;

        $fields = $wpdb->get_results("SELECT * FROM " .$wpdb->myrp_comment_fields." ORDER BY `order`");

        $rq = get_option("myrp_comment_fields_required");
        foreach($fields as $f)
        {
            $puniqid = str_replace(".", "_", $f->uniqid);
            if(!isset($_POST[$puniqid])) continue;
            $postdata = $_POST[$puniqid];

            switch($f->type)
            {
                case "date":
                    if(strlen($postdata) > 2)
                    {
                        $date = strtotime($postdata);
                        if($date > strtotime($f->minimum))
                        {
                            add_comment_meta($commentID, $f->uniqid, $date, true)
                                or
                            update_comment_meta($commentID, $f->uniqid, $date);
                        } else {
                            if($rq)
                            {
                                wp_die(__("Field {$f->name} is required and must be after {$f->minimum}!", "myrp") . " <a href='javascript:history.back(1);'>Click here to continue...</a>");
                            } else {
                                continue;
                            }
                        }
                    }
                break;


                case "short": case "long":
                    if(strlen($postdata) > 0)
                    {
                        $text = ($postdata);
                        if(strlen($text) > intval($f->minimum) && strlen($text) < $f->maximum)
                        {
                            add_comment_meta($commentID, $f->uniqid, $text, true)
                                or
                            update_comment_meta($commentID, $f->uniqid, $text);
                        } else {
                            if($rq)
                            {
                                wp_die(__("Field {$f->name} is required and must be between {$f->minimum} and {$f->maximum} characters!", "myrp") . " <a href='javascript:history.back(1);'>Click here to continue...</a>");
                            } else {
                                continue;
                            }
                        }
                    }
                break;

                case "number":
                    if(strlen($postdata) > 0)
                    {
                        $text = intval($postdata);
                        if(($text) > intval($f->minimum) && strlen($text) < $f->maximum)
                        {
                            add_comment_meta($commentID, $f->uniqid, $text, true)
                                or
                            update_comment_meta($commentID, $f->uniqid, $text);
                        } else {
                            if($rq)
                            {
                                wp_die(__("Field {$f->name} is required and must be between {$f->minimum} and {$f->maximum}!", "myrp") . " <a href='javascript:history.back(1);'>Click here to continue...</a>");
                            } else {
                                continue;
                            }
                        }
                    }
                break;

                case "select": case "radio": case "check":
                    if(strlen($postdata) > 0)
                    {
                            add_comment_meta($commentID, $f->uniqid, $postdata, true)
                                or
                            update_comment_meta($commentID, $f->uniqid, $postdata);
                    }
                break;
            }
        }
    }

// myrp_require_rating_comment, myrp_require_all_rating_comment
    function myrp_save_ratings($commentID) 
    {
        global $wpdb; global $myrp_type_outof;
        $post_id = $_POST['comment_post_ID'];
        $rating_categories = get_post_meta($post_id, "_myrp_rating_categories", true);

        if(is_array($rating_categories) && count($rating_categories) > 0)
        {
            $submit_count = 0;
            foreach($rating_categories as $rc)
            {
                $type = $wpdb->get_var("SELECT `type` FROM `" . $wpdb->myrp_categories . "` WHERE `ID`='{$rc}' LIMIT 1");
                $outof = $myrp_type_outof[$type];

                if(isset($_POST[$rc . "_input"]) && $_POST[$rc."_input"] != "")
                {
                    $submit_count++;
                    $value = $_POST[$rc . "_input"];


                        if(!empty($value))
                        {
                            if($value < 1) $value = 1;
                            if($value > $outof) $value = $outof;
                            $value = round($value*2)/2;
                        } else {
                            $value = 0;
                        }

                    $sql =<<< SQL
SELECT
  id
FROM
  myrp_ratings AS rat,
  wp_comments AS com
WHERE 1=1
  AND com.comment_ID = rat.comment_id
  AND com.comment_author_email = '%s'
  AND rat.value != '0'
  AND rat.value != '1'
LIMIT
 1
SQL;
$sql = $wpdb->prepare($sql,'[email protected]');
$id = $wpdb->get_var($sql);
                    if (is_null($id)) {
  $wpdb->query("INSERT INTO `" . $wpdb->myrp_ratings . "`(`ID`, `category_id`, `post_id`, `comment_id`, `value`, `outof`, `weighted`) VALUES('', '{$name}', '{$postID}', '-1', '{$value}', '{$outof}', '" . ($value/$outof) . "')");    
}
                }
            }


            if(
                (
                    get_post_meta($post_id, "_myrp_no_allow_comments_without_ratings", true) == 1 && $submit_count == 0
                )
                    ||
                (
                    (
                        (get_option("myrp_require_rating_comment") == 1 && $submit_count == 0)
                            ||
                        (get_option("myrp_require_all_rating_comment") == 1 && $submit_count != count($rating_categories))
                    )
                        &&
                    (
                        get_post_meta($post_id, "_myrp_allow_comments_without_ratings", true) != 1
                    )
                )
            ) {
                //$wpdb->query("DELETE FROM `".$wpdb->myrp_ratings."` WHERE `comment_id`='{$commentID}' LIMIT {$submit_count}");
                wp_delete_comment($commentID);  // should clean up ratings on its own.
                wp_die(__("Ratings are required! Please select star ratings for this review.", "myrp") . " <a href='javascript:history.back(1);'>Click here to continue...</a>");
            }

        }
        if(get_post_meta($post_id, "_myrp_automatically_approve_comments", true) == 1) $wpdb->query("UPDATE `" . $wpdb->comments . "` SET `comment_approved`=1 WHERE comment_ID='{$commentID}' AND `comment_approved`=0");
        wp_update_comment_count($post_id);
        do_action("myrp-savingratings");
        update_option("myrp_notChanged",0);

        return true;
    }

    function myrp_save_post($postID) 
    {
        global $wpdb;
        global $myrp_type_outof;

        myrp_save_hides($postID);
        if(isset($_POST['myrp_affiliate_link'])) {
            $affiliate_link = trim($_POST['myrp_affiliate_link']);
            if(!empty($affiliate_link))
            {
                $link = parse_url($affiliate_link);
                $scheme = $link['scheme'];
                if($scheme == "")  $affiliate_link = "http://" . $affiliate_link;
            }

            add_post_meta($postID, "_myrp_affiliate_link", $affiliate_link, true)
                or 
            update_post_meta($postID, "_myrp_affiliate_link",$affiliate_link);
        }

        if(isset($_POST['myrp_icon_image'])) {
            $icon_image = $_POST['myrp_icon_image'];
            if(!empty($icon_image))
            {
                $link = parse_url($icon_image);
                $scheme = $link['scheme'];
                if($scheme == "")  $icon_image = "http://" . $icon_image;
            }

            add_post_meta($postID, "_myrp_icon_image",$icon_image, true)
                or 
            update_post_meta($postID, "_myrp_icon_image", $icon_image);
        }

        $checked = array();
        $rating_categories = array();
        if(isset($_POST['myrp_save_categories_please']))
        {
            if(count($_POST['myrp_checked_categories']) > 0)
            {
                foreach($_POST['myrp_checked_categories'] as $cid)
                {
                    if(@$_POST["myrp_value_" . $cid] != "")
                    {
                        $rating = (@$_POST["myrp_value_" . $cid]);
                    }
                    else
                    {
                        $rating = "";
                    }


                    $checked[] = array($cid, $rating);
                    $rating_categories[] = $cid;
                }
            }
            add_post_meta($postID, "_myrp_rating_categories", $rating_categories, true)
                or
            update_post_meta($postID, "_myrp_rating_categories", $rating_categories);


            if(count($rating_categories) > 0)
            {
                update_option("myrp_previously_checked", $rating_categories);
            } else {
                update_option("myrp_previously_checked", array());
            }

            $wpdb->query("DELETE FROM `" . $wpdb->myrp_ratings . "` WHERE `post_id`='{$postID}' AND `comment_id`='-1'");

            foreach($checked as $rating) 
            {
                $name = $rating[0];
                $value = $rating[1];

                $type = $wpdb->get_var("SELECT `type` FROM `" . $wpdb->myrp_categories . "` WHERE `ID`='{$name}' LIMIT 1");
                $outof = $myrp_type_outof[$type];

                if($outof == 1)
                {
                    if($value == "Yes") $value = 1;
                    if($value == "No") $value = 0;
                }

                if($outof == 40)
                {

                    $value = myrp_translate_letter_to_number($value);

                }
                $value = floatval($value);

                $wpdb->query("INSERT INTO `" . $wpdb->myrp_ratings . "`(`ID`, `category_id`, `post_id`, `comment_id`, `value`, `outof`, `weighted`) VALUES('', '{$name}', '{$postID}', '-1', '{$value}', '{$outof}', '" . ($value/$outof) . "')");
            }
        }


        update_option("myrp_notChanged",0);

    }

    function myrp_save_hides($postID)
    {

        if(isset($_POST['_myrp_hide_set']))
        {
            add_post_meta($postID, "_myrp_hide_float_left", $_POST['_myrp_hide_float_left'], true)
                or
            update_post_meta($postID, "_myrp_hide_float_left",$_POST['_myrp_hide_float_left']);

            add_post_meta($postID, "_myrp_hide_float_right", $_POST['_myrp_hide_float_right'], true)
                or
            update_post_meta($postID, "_myrp_hide_float_right",$_POST['_myrp_hide_float_right']);

            add_post_meta($postID, "_myrp_disable_traffic_tracking", $_POST['_myrp_disable_traffic_tracking'], true)
                or
            update_post_meta($postID, "_myrp_disable_traffic_tracking",$_POST['_myrp_disable_traffic_tracking']);

            add_post_meta($postID, "_myrp_disable_advanced_excerpts", $_POST['_myrp_disable_advanced_excerpts'], true)
                or
            update_post_meta($postID, "_myrp_disable_advanced_excerpts",$_POST['_myrp_disable_advanced_excerpts']);

            add_post_meta($postID, "_myrp_hide_microformats", $_POST['_myrp_hide_microformats'], true)
                or
            update_post_meta($postID, "_myrp_hide_microformats",$_POST['_myrp_hide_microformats']);

            add_post_meta($postID, "_myrp_allow_comments_without_ratings", $_POST['_myrp_allow_comments_without_ratings'], true)
                or
            update_post_meta($postID, "_myrp_allow_comments_without_ratings",$_POST['_myrp_allow_comments_without_ratings']);

            add_post_meta($postID, "_myrp_automatically_approve_comments", $_POST['_myrp_automatically_approve_comments'], true)
                or
            update_post_meta($postID, "_myrp_automatically_approve_comments",$_POST['_myrp_automatically_approve_comments']);
        }
    }
?>
1
Niraj Chauhan

Bonjour @ ntechi:

Je pense que c'est ce que vous recherchez:

$sql =<<< SQL
SELECT
  id
FROM
  myrp_ratings AS rat,
  INNER JOIN wp_comments AS com ON com.comment_ID = rat.comment_id
WHERE 1=1
  AND com.comment_author_email = '%s'
  AND rat.value != '0'
  AND rat.value != '1'
LIMIT
 1
SQL;
$sql = $wpdb->prepare($sql,'[email protected]');
$id = $wpdb->get_var($sql);
if (is_null($id)) {
  $wpdb->query("INSERT INTO `" . $wpdb->myrp_ratings . "`(`ID`, `category_id`, `post_id`, `comment_id`, `value`, `outof`, `weighted`) VALUES('', '{$name}', '{$postID}', '-1', '{$value}', '{$outof}', '" . ($value/$outof) . "')");    
}

Notez comment j'ai formaté le code SQL afin que vous puissiez le lire? (même si je dois avouer que je ne suis pas allé à l'effort avec la variable INSERT.) Notez également comment j'ai utilisé $wpdb->prepare() pour m'assurer qu'aucune attaque par injection SQL n'a été utilisée à partir d'adresses électroniques non valides? (Votre développeur de plugin n'a malheureusement pas fait la même chose.)

Faites également attention en modifiant les plugins; si vous avez besoin de changer le numéro de version en quelque chose d'énorme, comme 999, pour vous assurer, à vous ou à un autre utilisateur, de ne pas écraser par inadvertance vos modifications lorsque le fournisseur mettra à jour son plug-in. Il est préférable, si possible, de les amener à intégrer vos modifications dans la prochaine version de leur plugin.

2
MikeSchinkel