34968-vm/leave_review.php

<?php
session_start();
require_once 'db/config.php';

// Ensure user is logged in
if (!isset($_SESSION['user_id'])) {
    header("Location: login.php");
    exit();
}

include 'header.php';
$db = db();
$user_id = $_SESSION['user_id'];
$order_id = isset($_GET['order_id']) ? (int)$_GET['order_id'] : 0;

$error_message = '';
$order = null;

if ($order_id > 0) {
    // 1. Verify the order exists, belongs to the user, and is delivered
    $stmt = $db->prepare("SELECT * FROM orders WHERE id = ? AND user_id = ?");
    $stmt->execute([$order_id, $user_id]);
    $order = $stmt->fetch();

    if (!$order) {
        $error_message = "This order could not be found or does not belong to you.";
    } elseif ($order['status'] !== 'Delivered') {
        $error_message = "You can only review orders that have been delivered.";
    } else {
        // 2. Check if a review already exists for this order
        $stmt_rating = $db->prepare("SELECT id FROM ratings WHERE order_id = ?");
        $stmt_rating->execute([$order_id]);
        if ($stmt_rating->fetch()) {
            $error_message = "You have already submitted a review for this order.";
        }
    }
} else {
    $error_message = "No order was specified.";
}
?>

<div class="container mt-5">
    <h2>Leave a Review</h2>
    <hr>

    <?php
    if (isset($_SESSION['success_message'])) {
        echo '<div class="alert alert-success">' . $_SESSION['success_message'] . '</div>';
        unset($_SESSION['success_message']);
    }
    if (isset($_SESSION['error_message'])) {
        echo '<div class="alert alert-danger">' . $_SESSION['error_message'] . '</div>';
        unset($_SESSION['error_message']);
    }
    ?>

    <?php if ($error_message): ?>
        <div class="alert alert-danger"><?php echo $error_message; ?></div>
    <?php else: ?>
        <p>You are reviewing Order #<?php echo htmlspecialchars($order_id); ?></p>
        
        <form action="process_review.php" method="POST">
            <input type="hidden" name="order_id" value="<?php echo htmlspecialchars($order_id); ?>">
            <input type="hidden" name="restaurant_id" value="<?php echo htmlspecialchars($order['restaurant_id']); ?>">

            <div class="form-group">
                <label><strong>Rating</strong></label>
                <div class="rating">
                    <input type="radio" name="rating" id="star5" value="5" required><label for="star5">★</label>
                    <input type="radio" name="rating" id="star4" value="4"><label for="star4">★</label>
                    <input type="radio" name="rating" id="star3" value="3"><label for="star3">★</label>
                    <input type="radio" name="rating" id="star2" value="2"><label for="star2">★</label>
                    <input type="radio" name="rating" id="star1" value="1"><label for="star1">★</label>
                </div>
            </div>

            <div class="form-group">
                <label for="review"><strong>Review (optional)</strong></label>
                <textarea name="review" id="review" class="form-control" rows="4" placeholder="Tell us about your experience..."></textarea>
            </div>

            <button type="submit" class="btn btn-primary">Submit Review</button>
        </form>
    <?php endif; ?>
</div>

<?php include 'footer.php'; ?>