From 9a3cdd975a042a86a0e00dd9b11253779a63bc10 Mon Sep 17 00:00:00 2001
From: fsst <fabian.schieder.1010.1916@gmail.com>
Date: Wed, 18 Mar 2026 15:39:15 +0100
Subject: [PATCH] Review adder made limit 1 review per user

---
 productpage.php | 120 +++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 92 insertions(+), 28 deletions(-)

diff --git a/productpage.php b/productpage.php
index 02767af..82b1dd9 100644
--- a/productpage.php
+++ b/productpage.php
@@ -400,43 +400,107 @@ $productId = isset($_GET['id']) ? (int)$_GET['id'] : 0;
             }
             ?>
 
-            <div class="review-card">
-                <?php if (isset($_SESSION['user_id'])): ?>
-                    <form class="review-input-form" method="post" autocomplete="off">
-                        <input type="hidden" name="submit_review" value="1">
+            <div class="review-add">
+                <h2 class="reviews-title">Füge deine Bewertung hinzu!</h2>
 
-                        <div class="rating-input">
-                            <input type="radio" id="star5" name="rating" value="5" required />
-                            <label for="star5" title="5 Sterne">★</label>
+                <?php
+                $userHasReviewed = false;
 
-                            <input type="radio" id="star4" name="rating" value="4" />
-                            <label for="star4" title="4 Sterne">★</label>
+                // 1. Prüfen, ob der eingeloggte Nutzer schon bewertet hat
+                if (isset($_SESSION['user_id'])) {
+                    $stmtCheckRev = mysqli_prepare($conn, "SELECT 1 FROM reviews WHERE userID = ? AND productID = ? LIMIT 1");
+                    mysqli_stmt_bind_param($stmtCheckRev, "ii", $_SESSION['user_id'], $productId);
+                    mysqli_stmt_execute($stmtCheckRev);
+                    mysqli_stmt_store_result($stmtCheckRev);
 
-                            <input type="radio" id="star3" name="rating" value="3" />
-                            <label for="star3" title="3 Sterne">★</label>
+                    if (mysqli_stmt_num_rows($stmtCheckRev) > 0) {
+                        $userHasReviewed = true;
+                    }
+                    mysqli_stmt_close($stmtCheckRev);
+                }
 
-                            <input type="radio" id="star2" name="rating" value="2" />
-                            <label for="star2" title="2 Sterne">★</label>
+                // 2. Bewertung speichern (NUR wenn noch keine existiert!)
+                if (
+                        $_SERVER['REQUEST_METHOD'] === 'POST' &&
+                        isset($_POST['submit_review']) &&
+                        isset($_SESSION['user_id']) &&
+                        !$userHasReviewed
+                ) {
+                    $rating = (int)$_POST['rating'];
+                    $comment = trim($_POST['comment']);
+                    $userID = $_SESSION['user_id'];
 
-                            <input type="radio" id="star1" name="rating" value="1" />
-                            <label for="star1" title="1 Stern">★</label>
+                    if ($rating >= 1 && $rating <= 5 && !empty($comment)) {
+
+                        $stmtInsertRev = mysqli_prepare(
+                                $conn,
+                                "INSERT INTO reviews (userID, productID, rating, comment) VALUES (?, ?, ?, ?)"
+                        );
+
+                        if ($stmtInsertRev) {
+                            mysqli_stmt_bind_param(
+                                    $stmtInsertRev,
+                                    "iiis",
+                                    $userID,
+                                    $productId,
+                                    $rating,
+                                    $comment
+                            );
+
+                            mysqli_stmt_execute($stmtInsertRev);
+                            mysqli_stmt_close($stmtInsertRev);
+
+                            // JS Weiterleitung
+                            echo "<script>window.location.href = 'productpage.php?id=" . $productId . "';</script>";
+                            exit;
+                        }
+                    }
+                }
+                ?>
+
+                <div class="review-card">
+                    <?php if (!isset($_SESSION['user_id'])): ?>
+                        <div class="review-login-prompt">
+                            <p class="review-login-msg">Du musst eingeloggt sein, um eine Bewertung abzugeben.</p>
+                            <a href="login.php">
+                                <input class="auth__submit" type="button" value="Zum Einloggen">
+                            </a>
                         </div>
 
-                        <textarea class="review-comment-input" name="comment" rows="4"
-                                  placeholder="Teile deine Meinung mit anderen!" required></textarea>
+                    <?php elseif ($userHasReviewed): ?>
+                        <div class="review-login-prompt">
+                            <p class="review-login-msg">Du hast dieses Produkt bereits bewertet. Vielen Dank!</p>
+                        </div>
 
-                        <input class="auth__submit" type="submit" value="Senden">
-                    </form>
-                <?php else: ?>
-                    <div class="review-login-prompt">
-                        <p class="review-login-msg">Du musst eingeloggt sein, um eine Bewertung abzugeben.</p>
-                        <a href="login.php">
-                            <input class="auth__submit" type="button" value="Zum Einloggen">
-                        </a>
-                    </div>
-                <?php endif; ?>
+                    <?php else: ?>
+                        <form class="review-input-form" method="post" autocomplete="off">
+                            <input type="hidden" name="submit_review" value="1">
+
+                            <div class="rating-input">
+                                <input type="radio" id="star5" name="rating" value="5" required />
+                                <label for="star5" title="5 Sterne">★</label>
+
+                                <input type="radio" id="star4" name="rating" value="4" />
+                                <label for="star4" title="4 Sterne">★</label>
+
+                                <input type="radio" id="star3" name="rating" value="3" />
+                                <label for="star3" title="3 Sterne">★</label>
+
+                                <input type="radio" id="star2" name="rating" value="2" />
+                                <label for="star2" title="2 Sterne">★</label>
+
+                                <input type="radio" id="star1" name="rating" value="1" />
+                                <label for="star1" title="1 Stern">★</label>
+                            </div>
+
+                            <textarea class="review-comment-input" name="comment" rows="4"
+                                      placeholder="Teile deine Meinung mit anderen!" required></textarea>
+
+                            <input class="auth__submit" type="submit" value="Senden">
+                        </form>
+                    <?php endif; ?>
+                </div>
             </div>
-        </div>
 
 <?php endif; ?>
 <?php include 'footer.php'; ?>