Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/book.gyaniguru.org/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/book.gyaniguru.org/submit-review.php
<?php
require_once 'includes/db.php';
session_start();

header('Content-Type: application/json');

if (!isset($_SESSION['user_id'])) {
    http_response_code(401);
    echo json_encode(['success' => false, 'message' => 'Please login to submit a review.']);
    exit();
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['success' => false, 'message' => 'Invalid request method.']);
    exit();
}

$book_id = intval($_POST['book_id'] ?? 0);
$rating = intval($_POST['rating'] ?? 0);
$title = trim($_POST['title'] ?? '');
$comment = trim($_POST['comment'] ?? '');
$user_id = $_SESSION['user_id'];

if ($book_id <= 0 || $rating < 1 || $rating > 5 || empty($comment)) {
    http_response_code(400);
    echo json_encode(['success' => false, 'message' => 'Please provide a valid rating (1-5) and review comment.']);
    exit();
}

// Check if book exists
$book = get_row("SELECT id FROM books WHERE id = ?", [$book_id]);
if (!$book) {
    http_response_code(404);
    echo json_encode(['success' => false, 'message' => 'Book not found.']);
    exit();
}

// Check if user already reviewed this book
$existing = get_row("SELECT id FROM reviews WHERE book_id = ? AND user_id = ?", [$book_id, $user_id]);
if ($existing) {
    http_response_code(409);
    echo json_encode(['success' => false, 'message' => 'You have already reviewed this book.']);
    exit();
}

query(
    "INSERT INTO reviews (book_id, user_id, rating, title, comment) VALUES (?, ?, ?, ?, ?)",
    [$book_id, $user_id, $rating, $title, $comment]
);

echo json_encode(['success' => true, 'message' => 'Your review has been submitted. Thank you!']);

Youez - 2016 - github.com/yon3zu
LinuXploit