diff --git a/approveLogic.php b/approveLogic.php index d748fa15f0894a7f059dc5a04b67e22a733e4c33..54acff3d859121372e7bac345ccc4269258fd6a0 100644 --- a/approveLogic.php +++ b/approveLogic.php @@ -22,8 +22,26 @@ if(!isset($_SESSION['id'])) { } } -$db->update('public_comments', $_GET['id'], ['is_approved' => 1]); +$sql = 'SELECT * FROM public_comments +WHERE is_approved = 1 AND is_deleted = 0 AND is_denied = 0 AND userId = :id AND bookId = :bookId'; +$stmt = $db->conn->prepare($sql); +$stmt->execute(['id' => $_SESSION['id'], 'bookId' => $_GET['bookId']]); +$comments = $stmt->fetchAll(PDO::FETCH_ASSOC); + +// var_dump($comments); +// die(); + +if(count($comments) == 0) { + $db->update('public_comments', $_GET['id'], ['is_approved' => 1]); + $db->update('public_comments', $_GET['id'], ['is_denied' => 0]); + +} else { + $_SESSION['error'] = 'Comment cannot be approved, user already has a comment on this book'; +} + header('location: ./pending_comments.php'); -die(); + die(); + + ?> \ No newline at end of file diff --git a/book.php b/book.php index cd9c4d79a825350f844ba9f0d0e2fcc5bfad03af..bc22bfaca88870f20f75933f848b95c742f4f2c2 100644 --- a/book.php +++ b/book.php @@ -8,8 +8,35 @@ if($_SERVER['REQUEST_METHOD'] == 'GET') { $db = new Database(); $db->connect(); - $bookPublicComments = $db->selectAllBookComments($_GET['id']); + $sql = 'SELECT pc.id as commentId, pc.comment, u.fullName, pc.userId as commentUserId FROM public_comments pc JOIN users u on pc.userId = u.id + JOIN book b on pc.bookId = b.id + WHERE pc.bookId = :bookId AND pc.is_deleted = 0 AND pc.is_approved = 1'; + $stmt = $db->conn->prepare($sql); + $stmt->execute(['bookId' => $_GET['id']]); + $bookPublicComments = $stmt->fetchAll(PDO::FETCH_ASSOC); + if(isset($_SESSION["id"])) { + + //here we are selecting private notes for specific user + + $sql = 'SELECT * FROM private_notes pn JOIN users u on pn.userId = u.id + JOIN book b on pn.bookId = b.id + WHERE pn.userId = :userId AND pn.bookId = :bookId AND pn.is_deleted = 0'; + $stmt = $db->conn->prepare($sql); + $stmt->execute(['userId' => $_SESSION['id'], 'bookId' => $_GET['id']]); + $notes = $stmt->fetchAll(PDO::FETCH_ASSOC); + + //here we are selecting pending comments for specific user + + $sql = 'SELECT pc.id as commentId, pc.comment, u.fullName FROM public_comments pc JOIN users u on pc.userId = u.id + JOIN book b on pc.bookId = b.id + WHERE pc.bookId = :bookId AND pc.is_deleted = 0 AND pc.is_approved = 0 and pc.userId = :userId AND pc.is_denied = 0'; + $stmt = $db->conn->prepare($sql); + $stmt->execute(['bookId' => $_GET['id'], 'userId' => $_SESSION['id']]); + $bookPendingComment = $stmt->fetchAll(PDO::FETCH_ASSOC); + + } + } ?> @@ -32,6 +59,7 @@ if($_SERVER['REQUEST_METHOD'] == 'GET') { <title>Document</title> </head> <body> + <?php if(isset($_SESSION["success"])) { @@ -47,12 +75,20 @@ if(isset($_SESSION["error"])) { unset($_SESSION["error"]); } +//edit your comments section +// + foreach($bookPublicComments as $comment){ - if($comment['is_deleted'] == 0 && $comment['is_approved'] == 1) { - echo "<p>$comment[comment]</p>"; - } + echo "<div class='d-flex'> + <p>{$comment['fullName']} says: {$comment['comment']}</p>"; + if($comment['commentUserId'] == $_SESSION['id']) { + echo "<a href='./delete_comment.php?id={$comment['commentId']}&bookId={$_GET['id']}' class='btn btn-outline-dark hover-effect'>Delete</a>"; + } + echo "</div>"; } +//////////////////////////////// + if(isset($_SESSION['id'])){ $user = $db->selectById("users", $_SESSION['id']); echo "<form action='./comment_logic.php' method='POST'> @@ -61,6 +97,24 @@ if(isset($_SESSION['id'])){ <input type='text' class='form-control' name='comment'> <button type='submit' class='btn btn-outline-dark hover-effect'>Comment</button> </form>"; + + foreach($notes as $note) { + echo "<p>$note[note]</p>"; + } + + echo "<form action='./notes_logic.php' method='POST'> + <input type='hidden' name='bookId' value='{$_GET['id']}'> + <input type='hidden' name='userId' value='{$user['id']}'> + <input type='text' class='form-control' name='note'> + <button type='submit' class='btn btn-outline-dark hover-effect'>Note</button> + </form>"; + + foreach($bookPendingComment as $comment){ + echo "<div class='d-flex'> + <p>Your pending comment : {$comment['comment']}</p> + <a href='./removeCommentFromPendingList.php?id={$comment['commentId']}&bookId={$_GET['id']}' class='btn btn-outline-dark hover-effect'>Remove</a> + </div>"; + } } ?> diff --git a/book_crud.php b/book_crud.php index 8abdfcadd88dd3b88549c6621c6084707de131a9..f4e72a8fce412fc8d54d837b726a2c5aec8ba644 100644 --- a/book_crud.php +++ b/book_crud.php @@ -37,6 +37,7 @@ $allBooks = $db->select("book"); integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous" /> + <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/sweetalert2@11/dist/sweetalert2.min.css"> <link rel="stylesheet" href="./style.css" /> <title>Document</title> </head> @@ -61,30 +62,24 @@ $allBooks = $db->select("book"); <a href="./addBookForm.php" class="btn btn-outline-dark hover-effect">Add</a> </div> <div class="table-wrapper"> - <table class="table"> + <table class="table"> <thead> <tr> <th scope="col">Book name</th> <th scope='col' class="text-center">Action</th> </tr> - </thead> <tbody class='table-group-divider'> <?php - foreach ($allBooks as $book) { if($book['is_deleted'] == 0) { echo " <tr> <td>{$book['title']}</td> <td class='d-flex gap-3 justify-center'> - <form action='./deleteLogic.php' method='POST'> - <input type='text' name='tableName' value='book' hidden> - <input type='text' name='id' value='{$book['id']}' hidden> - <button class='btn btn-outline-dark hover-effect'>Delete</button> - </form> - + <button class='btn btn-outline-dark hover-effect delete-btn'>Delete</button> <a href='./editBookForm.php?id={$book['id']}' class='btn btn-outline-dark hover-effect'>Edit</a> + <input type='hidden' class='book-id' value='{$book['id']}'> </td> </tr> "; @@ -101,5 +96,9 @@ $allBooks = $db->select("book"); <p>Brainster Library</p> </div> </div> + +<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/sweetalert2@11/dist/sweetalert2.min.css"> +<script src="https://cdn.jsdelivr.net/npm/sweetalert2@11"></script> + <script src="./deleteBook.js"></script> </body> </html> \ No newline at end of file diff --git a/comment_logic.php b/comment_logic.php index 1beac7dc87b638edc4b2091c1859b7a13825e91e..44b51b2e09079ed0b4941c87364b1d75326d9f03 100644 --- a/comment_logic.php +++ b/comment_logic.php @@ -6,8 +6,27 @@ if($_SERVER['REQUEST_METHOD'] != 'POST') { die(); } +require_once 'config.php'; session_start(); +$db = new Database(); +$db->connect(); + +$sql = 'SELECT * FROM public_comments WHERE userId = :id AND bookId = :bookId AND is_deleted = 0 AND is_denied = 0'; +$stmt = $db->conn->prepare($sql); +$stmt->execute(['id' => $_POST['userId'], 'bookId' => $_POST['bookId']]); +$comment = $stmt->fetchAll(PDO::FETCH_ASSOC); + + +if(count($comment) > 0) { + + $_SESSION['error'] = 'You have already commented on this book or your comment is on admin review'; + header('location: ./book.php?id='.$_POST['bookId']); + die(); + +} + + if(strlen(trim($_POST['comment'])) == 0) { $_SESSION['error'] = 'Comment cannot be empty'; @@ -15,10 +34,7 @@ if(strlen(trim($_POST['comment'])) == 0) { die(); } -require_once 'config.php'; -$db = new Database(); -$db->connect(); $data = $_POST; $data['is_deleted'] = 0; diff --git a/config.php b/config.php index 936c0ab16d55249bc0ee24d2916a8c515323f913..380fc13631343fc93db8935f9d13afa5201cedf5 100644 --- a/config.php +++ b/config.php @@ -44,13 +44,6 @@ class Database { return $stmt->fetch(PDO::FETCH_ASSOC); } - public function selectAllBookComments($bookId){ - $sql = "SELECT * FROM public_comments WHERE bookId = :bookId"; - $stmt = $this->conn->prepare($sql); - $stmt->execute(['bookId' => $bookId]); - return $stmt->fetchAll(PDO::FETCH_ASSOC); - } - public function login($id) { $sql = 'UPDATE users SET is_logged = 1 WHERE id = :id'; $stmt = $this->conn->prepare($sql); @@ -67,6 +60,8 @@ class Database { $sql = "UPDATE $tableName SET is_deleted = 1 WHERE id = :id"; $stmt = $this->conn->prepare($sql); $stmt->execute(['id' => $id]); + + return; } public function update($tableName, $id, $data) { @@ -102,6 +97,12 @@ class Database { $stmt->execute(); return $stmt->fetchAll(PDO::FETCH_ASSOC); } + + public function deleteAllBookData($tableName, $bookId){ + $sql = "UPDATE $tableName SET is_deleted = 1 WHERE bookId = :bookId"; + $stmt = $this->conn->prepare($sql); + $stmt->execute(['bookId' => $bookId]); + } } ?> \ No newline at end of file diff --git a/deleteBook.js b/deleteBook.js new file mode 100644 index 0000000000000000000000000000000000000000..064a19adcbfc5a530fb642dae7a2e78ed967a41d --- /dev/null +++ b/deleteBook.js @@ -0,0 +1,34 @@ +document.addEventListener("DOMContentLoaded", () => { + const deleteButtons = document.querySelectorAll(".delete-btn"); + + deleteButtons.forEach((button) => { + button.addEventListener("click", () => { + const row = button.closest("tr"); + const bookId = row.querySelector(".book-id").value.trim(); + deleteBook(bookId); + }); + }); +}); + +function deleteBook(bookId) { + Swal.fire({ + title: "Are you sure?", + text: "You won't be able to revert this!", + icon: "warning", + showCancelButton: true, + confirmButtonColor: "#3085d6", + cancelButtonColor: "#d33", + confirmButtonText: "Yes, delete it!", + }).then((result) => { + if (result.isConfirmed) { + fetch("softDeleteBook.php", { + method: "POST", + headers: { + "Content-Type": "application/json", + }, + body: JSON.stringify({ id: bookId }), + }); + location.reload(); + } + }); +} diff --git a/delete_comment.php b/delete_comment.php new file mode 100644 index 0000000000000000000000000000000000000000..739d1212701c48ac83a8548258a937558a1b9790 --- /dev/null +++ b/delete_comment.php @@ -0,0 +1,24 @@ +<?php + +require_once './config.php'; +session_start(); + +$db = new Database(); +$db->connect(); + +//checking if the user is logged in +if(!isset($_SESSION['id'])) { + + header('location: ./index.php'); + die(); + +} + +$db->delete('public_comments', $_GET['id']); +$_SESSION['success'] = 'Comment deleted successfully'; + +header('location: ./book.php?id='.$_GET['bookId']); +die(); + + +?> \ No newline at end of file diff --git a/denied_comments.php b/denied_comments.php new file mode 100644 index 0000000000000000000000000000000000000000..c3701ea1733690485e9b14465bee5f346c36a194 --- /dev/null +++ b/denied_comments.php @@ -0,0 +1,76 @@ +<?php + +require_once './config.php'; +session_start(); + +$db = new Database(); +$db->connect(); + +//checking if the user is logged in +if(!isset($_SESSION['id'])) { + + header('location: ./index.php'); + die(); + +} else { + //if user is logged in, check if he is an admin + $user = $db->selectById("users", $_SESSION['id']); + + if($user['is_admin'] == 0) { + header('location: ./index.php'); + die(); + } +} + +$sql = 'SELECT users.fullName,public_comments.id as commentId, public_comments.comment, public_comments.is_approved, public_comments.is_deleted, public_comments.is_denied, book.title, book.id as bookId + FROM users JOIN public_comments ON users.id = public_comments.userId + JOIN book ON public_comments.bookId = book.id + WHERE public_comments.is_denied = 1'; +$stmt = $db->conn->prepare($sql); +$stmt->execute(); +$allComments = $stmt->fetchAll(PDO::FETCH_ASSOC); + +?> + +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <script src="https://cdn.tailwindcss.com"></script> + <link + href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" + rel="stylesheet" + integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" + crossorigin="anonymous" + /> + <link rel="stylesheet" href="./style.css" /> + <title>Document</title> +</head> +<body> + <table> + <thead> + <tr> + <th scope="col">Comment</th> + <th scope="col">User</th> + <th scope="col">Book</th> + <th scope="col">Action</th> + </tr> + </thead> + <tbody> + <?php + foreach ($allComments as $comment) { + echo "<tr> + <td>{$comment['comment']}</td> + <td>{$comment['fullName']}</td> + <td>{$comment['title']}</td> + <td> + <a href='./approveLogic.php?id={$comment['commentId']}&bookId={$comment['bookId']}' class='btn btn-outline-dark hover-effect'>Approve</a> + </td> + </tr>"; + } + ?> + </tbody> + </table> +</body> +</html> \ No newline at end of file diff --git a/denyLogic.php b/denyLogic.php index 9c08a85bf6928561959098854968c5d8870464ba..b14991e22f4be6578275354c69dc4a9a684b8ae9 100644 --- a/denyLogic.php +++ b/denyLogic.php @@ -23,6 +23,7 @@ if(!isset($_SESSION['id'])) { } $db->update('public_comments', $_GET['id'], ['is_denied' => 1]); +$db->update('public_comments', $_GET['id'], ['is_approved' => 0]); header('location: ./pending_comments.php'); die(); diff --git a/notes_logic.php b/notes_logic.php new file mode 100644 index 0000000000000000000000000000000000000000..3e5f6f2cfe351a2a11d4ef432d266cc34e69c6fc --- /dev/null +++ b/notes_logic.php @@ -0,0 +1,33 @@ +<?php + +if($_SERVER['REQUEST_METHOD'] != 'POST') { + + header('location: ./index.php'); + die(); + +} + +session_start(); + +if(strlen(trim($_POST['note'])) == 0) { + + $_SESSION['error'] = 'Yout note cannot be empty'; + header('location: ./book.php?id='.$_POST['bookId']); + die(); +} + +require_once 'config.php'; + +$db = new Database(); +$db->connect(); + +$data = $_POST; +$data['is_deleted'] = 0; + +$db->insert('private_notes', $data); +$_SESSION['success'] = 'Note has been successfully added'; +header('location: ./book.php?id='.$_POST['bookId']); +die(); + + +?> \ No newline at end of file diff --git a/pending_comments.php b/pending_comments.php index d1e23e19170b2a5bf846b7a9ee493690b3742bc8..28303ab603c7fe32e32adfca46a64d2ec770f7e6 100644 --- a/pending_comments.php +++ b/pending_comments.php @@ -24,7 +24,8 @@ if(!isset($_SESSION['id'])) { $sql = 'SELECT users.fullName,public_comments.id as commentId, public_comments.comment, public_comments.is_approved, public_comments.is_deleted, public_comments.is_denied, book.title FROM users JOIN public_comments ON users.id = public_comments.userId - JOIN book ON public_comments.bookId = book.id'; + JOIN book ON public_comments.bookId = book.id + WHERE public_comments.is_approved = 0 AND public_comments.is_deleted = 0 AND public_comments.is_denied = 0'; $stmt = $db->conn->prepare($sql); $stmt->execute(); $allComments = $stmt->fetchAll(PDO::FETCH_ASSOC); @@ -47,6 +48,16 @@ $allComments = $stmt->fetchAll(PDO::FETCH_ASSOC); <title>Document</title> </head> <body> + <?php + + if(isset($_SESSION['error'])) { + echo "<div class='alert alert-danger' role='alert'> + {$_SESSION['error']} + </div>"; + unset($_SESSION['error']); + } + + ?> <table> <thead> <tr> @@ -59,18 +70,16 @@ $allComments = $stmt->fetchAll(PDO::FETCH_ASSOC); <tbody> <?php foreach ($allComments as $comment) { - if($comment['is_approved'] == 0 && $comment['is_deleted'] == 0 && $comment['is_denied'] == 0){ - echo "<tr> - <td>{$comment['comment']}</td> - <td>{$comment['fullName']}</td> - <td>{$comment['title']}</td> - <td> - <a href='./approveLogic.php?id={$comment['commentId']}' class='btn btn-outline-dark hover-effect'>Approve</a> - <a href='./denyLogic.php?id={$comment['commentId']}' class='btn btn-outline-dark hover-effect'>Deny</a> - </td> - </tr>"; + echo "<tr> + <td>{$comment['comment']}</td> + <td>{$comment['fullName']}</td> + <td>{$comment['title']}</td> + <td> + <a href='./approveLogic.php?id={$comment['commentId']}' class='btn btn-outline-dark hover-effect'>Approve</a> + <a href='./denyLogic.php?id={$comment['commentId']}' class='btn btn-outline-dark hover-effect'>Deny</a> + </td> + </tr>"; } - } ?> </tbody> </table> diff --git a/removeCommentFromPendingList.php b/removeCommentFromPendingList.php new file mode 100644 index 0000000000000000000000000000000000000000..08eecb78282a7e08b52b3fe81f76c895f8e1decd --- /dev/null +++ b/removeCommentFromPendingList.php @@ -0,0 +1,31 @@ +<?php + +require_once './config.php'; +session_start(); + +$db = new Database(); +$db->connect(); + +//checking if the user is logged in +if(!isset($_SESSION['id'])) { + + header('location: ./index.php'); + die(); + +} else { + //if user is logged in, check if he is an admin + $user = $db->selectById("users", $_SESSION['id']); + + if($user['is_admin'] == 0) { + header('location: ./index.php'); + die(); + } +} + +$db->delete('public_comments', $_GET['id']); +$_SESSION['success'] = 'Comment deleted successfully'; + +header('location: ./book.php?id=' . $_GET['bookId']); +die(); + +?> \ No newline at end of file diff --git a/softDeleteBook.php b/softDeleteBook.php new file mode 100644 index 0000000000000000000000000000000000000000..9d31ad325df16a4ca999a5c7c735dce9715a8f74 --- /dev/null +++ b/softDeleteBook.php @@ -0,0 +1,23 @@ +<?php + +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + session_start(); + + $data = json_decode(file_get_contents('php://input'), true); + $bookId = $data['id']; + + require_once 'config.php'; + $db = new Database(); + $db->connect(); + + $db->delete('book', $bookId); + $db->deleteAllBookData('public_comments', $bookId); + $db->deleteAllBookData('private_notes', $bookId); + $_SESSION['success'] = 'Book has been successfully deleted'; + header('location: ./book_crud.php'); + die(); + +} + +?> \ No newline at end of file