| Server IP : 3.111.61.48 / Your IP : 216.73.216.67 Web Server : Apache System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64 User : ubuntu ( 1000) PHP Version : 8.2.31 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/vhost/book.gyaniguru.org/ |
Upload File : |
<?php
require_once 'includes/db.php';
session_start();
header('Content-Type: application/json');
if (!isset($_SESSION['user_id'])) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Please login to submit a review.']);
exit();
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['success' => false, 'message' => 'Invalid request method.']);
exit();
}
$book_id = intval($_POST['book_id'] ?? 0);
$rating = intval($_POST['rating'] ?? 0);
$title = trim($_POST['title'] ?? '');
$comment = trim($_POST['comment'] ?? '');
$user_id = $_SESSION['user_id'];
if ($book_id <= 0 || $rating < 1 || $rating > 5 || empty($comment)) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Please provide a valid rating (1-5) and review comment.']);
exit();
}
// Check if book exists
$book = get_row("SELECT id FROM books WHERE id = ?", [$book_id]);
if (!$book) {
http_response_code(404);
echo json_encode(['success' => false, 'message' => 'Book not found.']);
exit();
}
// Check if user already reviewed this book
$existing = get_row("SELECT id FROM reviews WHERE book_id = ? AND user_id = ?", [$book_id, $user_id]);
if ($existing) {
http_response_code(409);
echo json_encode(['success' => false, 'message' => 'You have already reviewed this book.']);
exit();
}
query(
"INSERT INTO reviews (book_id, user_id, rating, title, comment) VALUES (?, ?, ?, ?, ?)",
[$book_id, $user_id, $rating, $title, $comment]
);
echo json_encode(['success' => true, 'message' => 'Your review has been submitted. Thank you!']);