<?php
session_start();
require_once 'db/config.php';

if (!isset($_SESSION['user_id'])) {
    header("Location: login.php");
    exit();
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $user_id = $_SESSION['user_id'];
    $order_id = $_POST['order_id'];
    $restaurant_id = $_POST['restaurant_id'];
    $rating = $_POST['rating'];
    $comment = $_POST['comment'];

    // Validation
    if (empty($order_id) || empty($restaurant_id) || empty($rating) || $rating < 1 || $rating > 5) {
        // Handle error - redirect back to profile with an error message
        $_SESSION['rating_error'] = "Invalid data provided.";
        header("Location: profile.php");
        exit();
    }

    // Check if the user has already rated this order
    $stmt = $db()->prepare("SELECT id FROM ratings WHERE user_id = ? AND order_id = ?");
    $stmt->execute([$user_id, $order_id]);
    if ($stmt->fetch()) {
        $_SESSION['rating_error'] = "You have already rated this order.";
        header("Location: profile.php");
        exit();
    }

    // Insert the rating
    $stmt = $db()->prepare("INSERT INTO ratings (user_id, order_id, restaurant_id, rating, comment) VALUES (?, ?, ?, ?, ?)");
    if ($stmt->execute([$user_id, $order_id, $restaurant_id, $rating, $comment])) {
        $_SESSION['rating_success'] = "Thank you for your feedback!";
    } else {
        $_SESSION['rating_error'] = "Something went wrong. Please try again.";
    }

    header("Location: profile.php");
    exit();
} else {
    header("Location: profile.php");
    exit();
}
?>