From 52956bca90994fe3e199fa4cbc0598f10039d600 Mon Sep 17 00:00:00 2001
From: Fabian Schieder <fabian.schieder.1010@gmail.com>
Date: Mon, 30 Mar 2026 20:24:59 +0200
Subject: [PATCH] Add admin review deletion functionality in productpage.php

---
 productpage.php | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/productpage.php b/productpage.php
index 47af509..ef67f64 100644
--- a/productpage.php
+++ b/productpage.php
@@ -21,6 +21,18 @@ if ($checkResult->num_rows === 0) {
     include __DIR__ . '/404.php';
     exit;
 }
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_review']) && isset($_POST['delete_review_id'])) {
+    if (!empty($_SESSION['user_roles']) && in_array('ADMIN', $_SESSION['user_roles'], true)) {
+        $deleteId = (int)$_POST['delete_review_id'];
+        $delStmt = $conn->prepare("DELETE FROM reviews WHERE reviewID = ?");
+        $delStmt->bind_param("i", $deleteId);
+        $delStmt->execute();
+        $delStmt->close();
+        echo "<script>window.location.href = 'productpage.php?id=" . $productId . "';</script>";
+        exit;
+    }
+}
 ?>
 
 
@@ -330,7 +342,7 @@ if ($checkResult->num_rows === 0) {
     <?php
     // HIER ANGEPASST: profilePicture und createdAt zum SELECT hinzugefügt
     $stmt = mysqli_prepare($conn,
-            " SELECT rating, comment, users.displayname, users.profilePicture, reviews.createdAt 
+            " SELECT reviews.reviewID, rating, comment, users.displayname, users.profilePicture, reviews.createdAt 
               FROM reviews 
               INNER JOIN users ON reviews.userID = users.userID
               WHERE productID = ? ORDER BY rating DESC");
@@ -386,6 +398,14 @@ if ($checkResult->num_rows === 0) {
                     <div class="review-comment">
                         <?= nl2br(htmlspecialchars($review['comment'])) ?>
                     </div>
+                    <?php if (!empty($_SESSION['user_roles']) && in_array('ADMIN', $_SESSION['user_roles'], true)): ?>
+                        <div class="review-admin-actions" style="margin-top: 10px; text-align: right;">
+                            <form method="post" action="productpage.php?id=<?= $productId ?>" onsubmit="return confirm('Bewertung wirklich löschen?');">
+                                <input type="hidden" name="delete_review_id" value="<?= $review['reviewID'] ?>">
+                                <button type="submit" name="delete_review" style="background-color: #ef4444; color: white; border: none; padding: 5px 10px; border-radius: 4px; cursor: pointer; font-size: 0.8rem;">Löschen</button>
+                            </form>
+                        </div>
+                    <?php endif; ?>
 
                 </div>