FSST/Geizkragen
FSST/Geizkragen
2
0
Fork 0
Code Issues Projects 1 Releases 1 Wiki Activity

Allow moderators to delete reviews in productpage.php

Browse Source
This commit is contained in:
Fabian Schieder 2026-04-04 20:03:34 +02:00
parent 2773f4c636
commit 98e5a362e0
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
productpage.php
View File

@ -48,11 +48,11 @@ if ($checkResult->num_rows === 0) {
/** /**
* @brief Behandelt das Löschen von Bewertungen. * @brief Behandelt das Löschen von Bewertungen.
* @details Administrator-Nutzer können Bewertungen über einen POST-Request löschen. * @details Administrator- und Moderator-Nutzer können Bewertungen über einen POST-Request löschen.
* Überprüft die Nutzerrolle in der Session und führt das DELETE-Statement aus. * Überprüft die Nutzerrolle in der Session und führt das DELETE-Statement aus.
*/ */
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_review']) && isset($_POST['delete_review_id'])) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_review']) && isset($_POST['delete_review_id'])) {
if (!empty($_SESSION['user_roles']) && in_array('ADMIN', $_SESSION['user_roles'], true)) { if (!empty($_SESSION['user_roles']) && (in_array('ADMIN', $_SESSION['user_roles'], true) || in_array('MODERATOR', $_SESSION['user_roles'], true))) {
$deleteId = (int)$_POST['delete_review_id']; $deleteId = (int)$_POST['delete_review_id'];
$delStmt = $conn->prepare("DELETE FROM reviews WHERE reviewID = ?"); $delStmt = $conn->prepare("DELETE FROM reviews WHERE reviewID = ?");
$delStmt->bind_param("i", $deleteId); $delStmt->bind_param("i", $deleteId);
@ -523,7 +523,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<div class="review-comment"> <div class="review-comment">
<?= nl2br(htmlspecialchars($review['comment'])) ?> <?= nl2br(htmlspecialchars($review['comment'])) ?>
</div> </div>
<?php if (!empty($_SESSION['user_roles']) && in_array('ADMIN', $_SESSION['user_roles'], true)): ?> <?php if (!empty($_SESSION['user_roles']) && (in_array('ADMIN', $_SESSION['user_roles'], true) || in_array('MODERATOR', $_SESSION['user_roles'], true))): ?>
<div class="review-admin-actions" style="margin-top: 10px; text-align: right;"> <div class="review-admin-actions" style="margin-top: 10px; text-align: right;">
<form method="post" action="productpage.php?id=<?= $productId ?>" onsubmit="return confirm('Bewertung wirklich löschen?');"> <form method="post" action="productpage.php?id=<?= $productId ?>" onsubmit="return confirm('Bewertung wirklich löschen?');">
<input type="hidden" name="delete_review_id" value="<?= $review['reviewID'] ?>"> <input type="hidden" name="delete_review_id" value="<?= $review['reviewID'] ?>">