Error on 5 star rating mouse over script

Hi,

I got a 5 star rating script on my site here: http://rewards.yourpshome.net

And after a server update from plesk 10 to plesk 11 the script no longer does its mouse over action so users can not rate items.

It’s still pulling the right data from the mysql database its just the voting part no longer works.

Here is the full php code below, help is really welcome because I’m not a php coder.

Thank you.

[php]<?php
require_once(‘config2.php’);
mysql_connect($db_server, $db_username, $db_password) or die(mysql_error());
mysql_select_db($db_database) or die(mysql_error());

$div_id = isset( $_GET[‘id’] )? $_GET[‘id’]: false;
$rating = isset( $_GET[‘rating’] )? $_GET[‘rating’]: false;
$stars = isset( $_GET[‘stars’] )? $_GET[‘stars’]: false;
$report = isset( $_GET[‘report’] )? $_GET[‘report’]: false;

if($rating){
//Check that this person hasn’t already left a rating
$result = mysql_query(“SELECT id FROM ratings WHERE div_id = '” . $div_id . “’ AND ip = '” . $_SERVER[‘REMOTE_ADDR’] . “’”) or die(mysql_error());
$row = mysql_fetch_array( $result );
if(!$row[‘id’]){
$result = mysql_query(“INSERT INTO ratings (rating,div_id,ip) VALUES(’” . $rating . “’,’” . $div_id . “’,’” . $_SERVER[‘REMOTE_ADDR’] . “’)”) or die(mysql_error()); if($result){ $report = “<span style=“color: green;”> You rated this: $rating”; }
} else {
$report = “<span style=“color: red;”> You have already rated this.”;
}
}
?>

<?php $result = mysql_query("SELECT avg(rating), COUNT(*) FROM ratings WHERE div_id = '" . $div_id . "'") or die(mysql_error()); $row = mysql_fetch_array( $result ); $x=1; while($x<=5){ $stars .= "

$x

"; $x++; } ?>

• <? echo $stars; ?>

[/php]

i’m assuming nothing is printed on the screen which would suggest it fails at the if statement
i would firstly change the if($rating) to if($rating != false) i also prefer to use the following instead of $div_id = isset( $_GET[‘id’] )? $_GET[‘id’]: false;

if(isset($_GET[‘id’])){
$rating = $_GET[‘id’];
}
else{
$rating = false;
}

however you could scrap the else and just change the if statement if($rating != false) to if(isset($rating))

Hi,

That does not work, i still get the same problem, also editing

[php]$div_id = isset( $_GET[‘id’] )? $_GET[‘id’]: false;[/php]

To

[php]if(isset($_GET[‘id’])){
$rating = $_GET[‘id’];
}
else{
$rating = false;
}[/php]

Give me the error:

Notice: Undefined variable: div_id in /var/www/vhosts/******/public_html/rateanything.php on line 33

I was also told this below else where, but they will not point out what they mean, even know it seems they know

[php]$rating = $_GET[‘rating’];
// PHP Notice: Undefined index: rating
// $_GET[‘rating’] is not defined (e.g., the URL you entered does not have ?rating=something).
// check if the index exists before trying to assign it as a value (see my first post).

$stars .= “

<a onClick=“javascript:addRating(’$div_id’,’$x’);” class=“star$x”>$x

”;
// PHP Notice: Undefined variable: stars
// the first time through the loop, $stars is undefined,
// so you get an error when you try to append a value to it.
// define the variable before the loop (e.g., $stars = ‘’; )

echo "<span style=“color: grey;”>Rating: " . round($row[0],1) . “/5 (” . $row[1] . " Ratings) " . $report;
// PHP Notice: Undefined variable: report
// because there is no value assigned to $rating,
// the loop where you defined $report is never run,
// but you’re still trying to print it.
// You need to change your logic so you don’t try to print $report if it isn’t set.

// This should be a big clue as to what is going wrong with your mouseover, as well.[/php]

in that case change your code back to what it was originally the problem with your rating software is that it isn’t getting the variables in your url.
basically if you have google.co.uk/index.php?id=1

and you put $_GET[‘id’];

$_GET[‘id’] is equal to one

so in your url your should have ?id=something&report=something&stars=something&rating=something

if not the page that directs to this page is your problem or the page that would pass the information to this page

Hi,

thank you for your reply but i think you miss understand the code, it does not edit the page address at all, its a ajax rating system where div_id is used to make the id of the rating div.

eg:

firstly the can you change the mysql_query to echo the query and then check that the sql generated is correct. then secondly when the ajax loops where is it getting the $_GET variables as it doesn’t pick anything up? are these variables that will be passed back by the ajax script?

Hi CarlaBirch,

It looks like the necessary javascript may be missing. The code that you posted includes a onClick call to a javascript function (addRating). I viewed the source for your page and I do not see this function anywhere. I would expect this function to be part of an included (or required) file. Do you by chance have a link to a site that is using the same 5 start rating system (that appears to be working). We could verify whether this is the issue or not by viewing the working site’s source.

Hi,

I have set up a test page that removed all unwanted code so its just about the 5 star rating.
http://rewards.yourpshome.net/startest.html

you will see the js is linked in and as the code of

[code] $(document).ready(function() {
$(‘div’).each(function() {
if(this.id.match(‘rate_’)){
$(this).load(‘http://rewards.yourpshome.net/rateanything.php?id=’+this.id.replace(‘rate_’,’’));
}
});
});

function addRating(div_id,rating){
 $.ajax({
   type: "GET",
   url: "http://rewards.yourpshome.net/rateanything.php",
   data: "id="+div_id+"&rating="+rating,
   success: function(data){
	 $('#rate_'+div_id).hide().html(data).fadeIn('slow');
   }
});
}[/code]

This script used to work fine before server updates where they upgraded from plesk 10 to plesk 11, they also said they did the following:

The security and hardening has been completed . Below is the information.

---

-Apache installed with Mod_security

-Apache Server version: Apache/2.2.15

-PHP 5.3.3 with Zend Guard Loader and ioncube loader and suhosin

-PHP hardening done by disabling security functions
exec, passthru, shell_exec, system, pcntl_exec, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid,

posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, popen, curl_multi_exec, show_source, curl_exec, parse_ini_file

-Verified that kernel is updated

-csf has been installed and configured

-Installed clamav

-secured /tmp

-System configuration file sysctl.conf has been secured and hardened to prevent DDOS attacks.

-System Configuration File host.conf has been secured and hardened to prevent DNS lookup poisoning and also provide protection against spoofs.

-SSH hardening done by restricting the SSH Protocol to SSH 2. SSH will still function the same way, just more secure.

-Installed rkhunter

-Root email login alert will be sent to your email address [email protected]

-Your FTP server Pure-FTPD software has been upgraded and secured.

I told them about this script no longer working and they said they could not help, my guess is something they did is now blocking/breaking this script as it used to work and no code was edited.

Just a fast heads up to let you know i have fixed this problem now, it seems when they updated my server they left the old php.ini in place and not the new version, so i renamed the newest php.ini-bk (this matched the date when they did the updates) to php.ini and restarted server and now the script is working again.

Glad to hear it Carla! I wouldn’t have suspected php.ini for this problem!