FSST/Geizkragen
FSST/Geizkragen
2
0
Fork 0
Code Issues Projects 1 Releases 1 Wiki Activity

Allow authors to delete their own reviews in productpage.php

Browse Source
This commit is contained in:
Fabian Schieder 2026-04-04 20:06:23 +02:00
parent 98e5a362e0
commit e95e6e6d56
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
productpage.php
View File

@ -48,16 +48,26 @@ if ($checkResult->num_rows === 0) {
/**
* @brief Behandelt das Löschen von Bewertungen.
* @details Administrator- und Moderator-Nutzer können Bewertungen über einen POST-Request löschen.
* @details Administrator-, Moderator-Nutzer und der Autor können Bewertungen über einen POST-Request löschen.
* Überprüft die Nutzerrolle in der Session und führt das DELETE-Statement aus.
*/
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_review']) && isset($_POST['delete_review_id'])) {
if (!empty($_SESSION['user_roles']) && (in_array('ADMIN', $_SESSION['user_roles'], true) || in_array('MODERATOR', $_SESSION['user_roles'], true))) {
$deleteId = (int)$_POST['delete_review_id'];
$deleteId = (int)$_POST['delete_review_id'];
$isAdminOrMod = !empty($_SESSION['user_roles']) && (in_array('ADMIN', $_SESSION['user_roles'], true) || in_array('MODERATOR', $_SESSION['user_roles'], true));
if ($isAdminOrMod) {
$delStmt = $conn->prepare("DELETE FROM reviews WHERE reviewID = ?");
$delStmt->bind_param("i", $deleteId);
$delStmt->execute();
$delStmt->close();
} elseif (isset($_SESSION['user_id'])) {
$delStmt = $conn->prepare("DELETE FROM reviews WHERE reviewID = ? AND userID = ?");
$delStmt->bind_param("ii", $deleteId, $_SESSION['user_id']);
$delStmt->execute();
$delStmt->close();
}
if ($isAdminOrMod || isset($_SESSION['user_id'])) {
echo "<script>window.location.href = 'productpage.php?id=" . $productId . "';</script>";
exit;
}
@ -464,7 +474,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
*/
// HIER ANGEPASST: profilePicture und createdAt zum SELECT hinzugefügt
$stmt = mysqli_prepare($conn,
" SELECT reviews.reviewID, rating, comment, users.displayname, users.profilePicture, reviews.createdAt
" SELECT reviews.reviewID, reviews.userID AS reviewUserID, rating, comment, users.displayname, users.profilePicture, reviews.createdAt
FROM reviews
INNER JOIN users ON reviews.userID = users.userID
WHERE productID = ? ORDER BY rating DESC");
@ -523,7 +533,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<div class="review-comment">
<?= nl2br(htmlspecialchars($review['comment'])) ?>
</div>
<?php if (!empty($_SESSION['user_roles']) && (in_array('ADMIN', $_SESSION['user_roles'], true) || in_array('MODERATOR', $_SESSION['user_roles'], true))): ?>
<?php
$isAdminOrMod = !empty($_SESSION['user_roles']) && (in_array('ADMIN', $_SESSION['user_roles'], true) || in_array('MODERATOR', $_SESSION['user_roles'], true));
$isAuthor = isset($_SESSION['user_id']) && $_SESSION['user_id'] == $review['reviewUserID'];
if ($isAdminOrMod || $isAuthor):
?>
<div class="review-admin-actions" style="margin-top: 10px; text-align: right;">
<form method="post" action="productpage.php?id=<?= $productId ?>" onsubmit="return confirm('Bewertung wirklich löschen?');">
<input type="hidden" name="delete_review_id" value="<?= $review['reviewID'] ?>">