Only allow customer to write a review once for any product

[Guest]

I thought I'd make a little contribution, considering this has given me quite a headache this afternoon.

 

I found out that writing a review for a product can be done regardless of previously written reviews by the same customer, thus allowing annoying teenagers to submit "this products sux big time don't buy" hundreds of times.

 

With an easy tweak it's a problem of the past:

 

In /catalog/product_reviews_write.php, look for

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {

$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);

$review = tep_db_prepare_input($HTTP_POST_VARS['review']);

 

$error = false;

Below this lines, you can add this:

$Temp1 = (int)$product_info['products_id'];

$Temp2 = (int)$customer_id;

$unique_query = tep_db_query("select customers_id from reviews where products_id = " . $Temp1 . " and customers_id = " . $Temp2);

$Temp3 = tep_db_fetch_array($unique_query);

if ($Temp3[customers_id] == $customer_id )

{

$error = true;

$messageStack->add('review', 'Only one entry allowed.');

}

Simply change 'Only one entry allowed.' to the warning message you want to appear. In my case it's hardcoded but you could of course take the better approach.

 

In anycase this code snippet should no longer allow any customer to make more than one review for any given product.

 

I'd appreciate it if you let me know whether or not you found this useful and if it works for you.

[VegasVik]

This could be handy. However, my product_reviews_write.php file doesn't contain the code listed.

 

The closest I have is the following:

 

  if (@$HTTP_GET_VARS['action'] == 'process') {

   $customer = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'");

   $customer_values = tep_db_fetch_array($customer);

   $date_now = date('Ymd');

   tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . $HTTP_GET_VARS['products_id'] . "', '" . $customer_id . "', '" . addslashes($customer_values['customers_firstname']) . ' ' . addslashes($customer_values['customers_lastname']) . "', '" . $HTTP_POST_VARS['rating'] . "', now())");

   $insert_id = tep_db_insert_id();

   tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . $insert_id . "', '" . $languages_id . "', '" . $HTTP_POST_VARS['review'] . "')");



   tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, $HTTP_POST_VARS['get_params'], 'NONSSL'));

 }

 

 

I have osc 2.2.

[Guest]

I'm afraid you are using a distinctively different version than me. I use 2.2 MS2.

 

However, I think you can still get it to work if you have a little knowledge of PHP and common sense :)

 

Because I don't have your version, I can try to get you started but it is up to you to make necessary changes, if they are necessary. So no guarantees.

 

Your code snippet does the actual submitting of the review. You have to start making changes on the second line (directly after the IF line, before everything else.

 

Add my code snippet. Look for products_id in the entire file, to make sure that you are calling up the actual products_id value (it could be gathered from another variable in your version).

 

When you have done that, you add: 'else {' (without the ' '). Then the existing code that used to be directly after the IF line. Before the existing '}' you add another '}'.

 

There's a good chance this fix will now also work for you. Let me know, I don't have a lot of time but I've noticed it is very hard to get any replies on this forum so I'd be willing to try and help out.

[VegasVik]

Well, that had no effect. It didn't crash it, but I can still keep re-posting. Strange.

 

I'm sure it must be some variable that I'm overlooking. It doesn't fail... It's like it just ignores it.

 

Thanks for your time.

[Guest]

Try using

 

$Temp1 = $HTTP_GET_VARS['products_id'];

 

instead of my

 

$Temp1 = (int)$product_info['products_id'];

 

That might do it, if my code is simply ignored that could mean that one of the variables is 0 and obviously then it wouldn't work.

 

If that doesn't work either, could you perhaps past your entire file from the <?php up until the ?> lines? I'll see if I can work it out for you.

[VegasVik]

That keeps me from re-posting, but I get an error.

 

"Fatal error: Call to a member function on a non-object in /(path)/product_reviews_write.php on line 29"

 

 

This is my line 29:

$messageStack->add('review', 'Only one entry allowed.');

[VegasVik]

Here's that section of code. Forgive my ignorance. I'm very new to php.

 

<?php

/*

 $Id: product_reviews_write.php,v 1.48 2002/07/21 23:38:57 hpdl Exp $



 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com



 Copyright (c) 2002 osCommerce



 Released under the GNU General Public License

*/



 require('includes/application_top.php');



 if (!tep_session_is_registered('customer_id')) {

   $navigation->set_snapshot();

   tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 }



 if (@$HTTP_GET_VARS['action'] == 'process') {

 

$Temp1 = $HTTP_GET_VARS['products_id']; 

$Temp2 = (int)$customer_id; 

$unique_query = tep_db_query("select customers_id from reviews where products_id = " . $Temp1 . " and customers_id = " . $Temp2); 

$Temp3 = tep_db_fetch_array($unique_query); 

if ($Temp3[customers_id] == $customer_id ) 

{

$error = true; 

$messageStack->add('review', 'Only one entry allowed.'); 

}

else {



 

   $customer = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'");

   $customer_values = tep_db_fetch_array($customer);

   $date_now = date('Ymd');

   tep_db_query("insert into " . TABLE_REVIEWS . " (products_id, customers_id, customers_name, reviews_rating, date_added) values ('" . $HTTP_GET_VARS['products_id'] . "', '" . $customer_id . "', '" . addslashes($customer_values['customers_firstname']) . ' ' . addslashes($customer_values['customers_lastname']) . "', '" . $HTTP_POST_VARS['rating'] . "', now())");

   $insert_id = tep_db_insert_id();

   tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . $insert_id . "', '" . $languages_id . "', '" . $HTTP_POST_VARS['review'] . "')");



   tep_redirect(tep_href_link(FILENAME_PRODUCT_REVIEWS, $HTTP_POST_VARS['get_params'], 'NONSSL'));

 }

 }





// lets retrieve all $HTTP_GET_VARS keys and values..

 $get_params = tep_get_all_get_params();

 $get_params_back = tep_get_all_get_params(array('reviews_id')); // for back button

 $get_params = substr($get_params, 0, -1); //remove trailing &

 if ($get_params_back != '') {

   $get_params_back = substr($get_params_back, 0, -1); //remove trailing &

 } else {

   $get_params_back = $get_params;

 }



 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PRODUCT_REVIEWS_WRITE);



 $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_PRODUCT_REVIEWS, $get_params, 'NONSSL'));



 $product = tep_db_query("select pd.products_name, p.products_image from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . $HTTP_GET_VARS['products_id'] . "' and pd.products_id = p.products_id and pd.language_id = '" . $languages_id . "'");

 $product_info_values = tep_db_fetch_array($product);



 $customer = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'");

 $customer_values = tep_db_fetch_array($customer);

?>

[Guest]

Yeah Man this code is GOOD To Go

It works just fine for me. Thanks for the contribution

[Guest]

VegasVik, you are using a very old version of osCommerce. Unless you have an existing shop running with this I would suggest you update immediately to a newer version.

 

The reason for this being that I cannot see what the problem is here... I believe some of the variables I'm calling have not been filled with a value in your version, but since I'm not sure how your version works I can't fix it. I'm just someone muddling through myself :(

Sorry...

 

--------

JerseyNB, thanks for your reply.

[VegasVik]

Hey, no problem. Thanks very much for trying as much as you did!

[decapper]

I'm a bit confused? Do I enter the top code in or do I delete my whole code and replace it with your last entry of code?

[MeMadMax]

Hello,

 

I just added your fix and it works fine.... thank you!

 

Jim

 

PS... I have not had the problem you did, but why wait!

 

:D

[Guest]

could you possibly tell me how to stop reviews being written at all

i have disabled the review box but it still comes up on the products info page and allows a customer to write a review on the product

i want to get rid of this totally

thanks for any help

[Guest]

To JOHN:

Follow the instructions from my first post in this thread, the others do not apply if you use MS2. So as instructed, add the code to your existing code. None of the original code gets deleted, just amended.

EDIT: my original post has been badly distorted when the osCommerce crew installed the new forum. The code is between the quote tags.

 

To THAISERVERS:

You are mixing two things up. The review infobox is independent from products_info.php (that's also the reason why I removed it BTW, there's no practical use in that). You need to change products_info.php

Now here's the problem. I have made so many alterations to my MS2 copy (quite proud of it too) that I can't recall what the original file looked like. Just search for file references (e.g. REVIEW) in your code and you should be able to get rid of that section. Not brutally, but I assume you have some experience with code so you should be able to delete it elegantly. If you can't work it out, start a new topic with your question and for sure someone will help you out.

 

To MEMADMAX,

Glad you like it! I haven't had any personal experience either with annoying teens (my site is not live yet), but I test everything, certainly needed after all the changes. I really love osCommerce and tingling with it, I sure hope when I'm finished I have a website that really stands out while still being very professional looking. Even more important are the sales though :D

[danielcompton]

thanks for much for this, just what I needed as I running a point reward for reviews and now can prevent them add lots of reviews to gain points.

[sukumart]

I thought I'd make a little contribution, considering this has given me quite a headache this afternoon.

 

I found out that writing a review for a product can be done regardless of previously written reviews by the same customer, thus allowing annoying teenagers to submit "this products sux big time don't buy" hundreds of times.

 

With an easy tweak it's a problem of the past:

 

In /catalog/product_reviews_write.php, look for

Below this lines, you can add this:

Simply change 'Only one entry allowed.' to the warning message you want to appear. In my case it's hardcoded but you could of course take the better approach.

 

In anycase this code snippet should no longer allow any customer to make more than one review for any given product.

 

I'd appreciate it if you let me know whether or not you found this useful and if it works for you.

 

Thanks for this contribution and it works for me. I see a additional problem that what if customer goes and writes for other products and start gaining points. Is there a way the reviews can be restricted to be written for products that are only brough by them before. Can the code check their order history and link the products purchased so that they can only write reviews for it.