diff --git a/approveLogic.php b/approveLogic.php
index d748fa15f0894a7f059dc5a04b67e22a733e4c33..54acff3d859121372e7bac345ccc4269258fd6a0 100644
--- a/approveLogic.php
+++ b/approveLogic.php
@@ -22,8 +22,26 @@ if(!isset($_SESSION['id'])) {
}
}
-$db->update('public_comments', $_GET['id'], ['is_approved' => 1]);
+$sql = 'SELECT * FROM public_comments
+WHERE is_approved = 1 AND is_deleted = 0 AND is_denied = 0 AND userId = :id AND bookId = :bookId';
+$stmt = $db->conn->prepare($sql);
+$stmt->execute(['id' => $_SESSION['id'], 'bookId' => $_GET['bookId']]);
+$comments = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+// var_dump($comments);
+// die();
+
+if(count($comments) == 0) {
+ $db->update('public_comments', $_GET['id'], ['is_approved' => 1]);
+ $db->update('public_comments', $_GET['id'], ['is_denied' => 0]);
+
+} else {
+ $_SESSION['error'] = 'Comment cannot be approved, user already has a comment on this book';
+}
+
header('location: ./pending_comments.php');
-die();
+ die();
+
+
?>
\ No newline at end of file
diff --git a/book.php b/book.php
index cd9c4d79a825350f844ba9f0d0e2fcc5bfad03af..bc22bfaca88870f20f75933f848b95c742f4f2c2 100644
--- a/book.php
+++ b/book.php
@@ -8,8 +8,35 @@ if($_SERVER['REQUEST_METHOD'] == 'GET') {
$db = new Database();
$db->connect();
- $bookPublicComments = $db->selectAllBookComments($_GET['id']);
+ $sql = 'SELECT pc.id as commentId, pc.comment, u.fullName, pc.userId as commentUserId FROM public_comments pc JOIN users u on pc.userId = u.id
+ JOIN book b on pc.bookId = b.id
+ WHERE pc.bookId = :bookId AND pc.is_deleted = 0 AND pc.is_approved = 1';
+ $stmt = $db->conn->prepare($sql);
+ $stmt->execute(['bookId' => $_GET['id']]);
+ $bookPublicComments = $stmt->fetchAll(PDO::FETCH_ASSOC);
+ if(isset($_SESSION["id"])) {
+
+ //here we are selecting private notes for specific user
+
+ $sql = 'SELECT * FROM private_notes pn JOIN users u on pn.userId = u.id
+ JOIN book b on pn.bookId = b.id
+ WHERE pn.userId = :userId AND pn.bookId = :bookId AND pn.is_deleted = 0';
+ $stmt = $db->conn->prepare($sql);
+ $stmt->execute(['userId' => $_SESSION['id'], 'bookId' => $_GET['id']]);
+ $notes = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+ //here we are selecting pending comments for specific user
+
+ $sql = 'SELECT pc.id as commentId, pc.comment, u.fullName FROM public_comments pc JOIN users u on pc.userId = u.id
+ JOIN book b on pc.bookId = b.id
+ WHERE pc.bookId = :bookId AND pc.is_deleted = 0 AND pc.is_approved = 0 and pc.userId = :userId AND pc.is_denied = 0';
+ $stmt = $db->conn->prepare($sql);
+ $stmt->execute(['bookId' => $_GET['id'], 'userId' => $_SESSION['id']]);
+ $bookPendingComment = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+ }
+
}
?>
@@ -32,6 +59,7 @@ if($_SERVER['REQUEST_METHOD'] == 'GET') {
<title>Document</title>
</head>
<body>
+
<?php
if(isset($_SESSION["success"])) {
@@ -47,12 +75,20 @@ if(isset($_SESSION["error"])) {
unset($_SESSION["error"]);
}
+//edit your comments section
+//
+
foreach($bookPublicComments as $comment){
- if($comment['is_deleted'] == 0 && $comment['is_approved'] == 1) {
- echo "<p>$comment[comment]</p>";
- }
+ echo "<div class='d-flex'>
+ <p>{$comment['fullName']} says: {$comment['comment']}</p>";
+ if($comment['commentUserId'] == $_SESSION['id']) {
+ echo "<a href='./delete_comment.php?id={$comment['commentId']}&bookId={$_GET['id']}' class='btn btn-outline-dark hover-effect'>Delete</a>";
+ }
+ echo "</div>";
}
+////////////////////////////////
+
if(isset($_SESSION['id'])){
$user = $db->selectById("users", $_SESSION['id']);
echo "<form action='./comment_logic.php' method='POST'>
@@ -61,6 +97,24 @@ if(isset($_SESSION['id'])){
<input type='text' class='form-control' name='comment'>
<button type='submit' class='btn btn-outline-dark hover-effect'>Comment</button>
</form>";
+
+ foreach($notes as $note) {
+ echo "<p>$note[note]</p>";
+ }
+
+ echo "<form action='./notes_logic.php' method='POST'>
+ <input type='hidden' name='bookId' value='{$_GET['id']}'>
+ <input type='hidden' name='userId' value='{$user['id']}'>
+ <input type='text' class='form-control' name='note'>
+ <button type='submit' class='btn btn-outline-dark hover-effect'>Note</button>
+ </form>";
+
+ foreach($bookPendingComment as $comment){
+ echo "<div class='d-flex'>
+ <p>Your pending comment : {$comment['comment']}</p>
+ <a href='./removeCommentFromPendingList.php?id={$comment['commentId']}&bookId={$_GET['id']}' class='btn btn-outline-dark hover-effect'>Remove</a>
+ </div>";
+ }
}
?>
diff --git a/book_crud.php b/book_crud.php
index 8abdfcadd88dd3b88549c6621c6084707de131a9..f4e72a8fce412fc8d54d837b726a2c5aec8ba644 100644
--- a/book_crud.php
+++ b/book_crud.php
@@ -37,6 +37,7 @@ $allBooks = $db->select("book");
integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH"
crossorigin="anonymous"
/>
+ <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/sweetalert2@11/dist/sweetalert2.min.css">
<link rel="stylesheet" href="./style.css" />
<title>Document</title>
</head>
@@ -61,30 +62,24 @@ $allBooks = $db->select("book");
<a href="./addBookForm.php" class="btn btn-outline-dark hover-effect">Add</a>
</div>
<div class="table-wrapper">
- <table class="table">
+ <table class="table">
<thead>
<tr>
<th scope="col">Book name</th>
<th scope='col' class="text-center">Action</th>
</tr>
-
</thead>
<tbody class='table-group-divider'>
<?php
-
foreach ($allBooks as $book) {
if($book['is_deleted'] == 0) {
echo "
<tr>
<td>{$book['title']}</td>
<td class='d-flex gap-3 justify-center'>
- <form action='./deleteLogic.php' method='POST'>
- <input type='text' name='tableName' value='book' hidden>
- <input type='text' name='id' value='{$book['id']}' hidden>
- <button class='btn btn-outline-dark hover-effect'>Delete</button>
- </form>
-
+ <button class='btn btn-outline-dark hover-effect delete-btn'>Delete</button>
<a href='./editBookForm.php?id={$book['id']}' class='btn btn-outline-dark hover-effect'>Edit</a>
+ <input type='hidden' class='book-id' value='{$book['id']}'>
</td>
</tr>
";
@@ -101,5 +96,9 @@ $allBooks = $db->select("book");
<p>Brainster Library</p>
</div>
</div>
+
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/sweetalert2@11/dist/sweetalert2.min.css">
+<script src="https://cdn.jsdelivr.net/npm/sweetalert2@11"></script>
+ <script src="./deleteBook.js"></script>
</body>
</html>
\ No newline at end of file
diff --git a/comment_logic.php b/comment_logic.php
index 1beac7dc87b638edc4b2091c1859b7a13825e91e..44b51b2e09079ed0b4941c87364b1d75326d9f03 100644
--- a/comment_logic.php
+++ b/comment_logic.php
@@ -6,8 +6,27 @@ if($_SERVER['REQUEST_METHOD'] != 'POST') {
die();
}
+require_once 'config.php';
session_start();
+$db = new Database();
+$db->connect();
+
+$sql = 'SELECT * FROM public_comments WHERE userId = :id AND bookId = :bookId AND is_deleted = 0 AND is_denied = 0';
+$stmt = $db->conn->prepare($sql);
+$stmt->execute(['id' => $_POST['userId'], 'bookId' => $_POST['bookId']]);
+$comment = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+
+if(count($comment) > 0) {
+
+ $_SESSION['error'] = 'You have already commented on this book or your comment is on admin review';
+ header('location: ./book.php?id='.$_POST['bookId']);
+ die();
+
+}
+
+
if(strlen(trim($_POST['comment'])) == 0) {
$_SESSION['error'] = 'Comment cannot be empty';
@@ -15,10 +34,7 @@ if(strlen(trim($_POST['comment'])) == 0) {
die();
}
-require_once 'config.php';
-$db = new Database();
-$db->connect();
$data = $_POST;
$data['is_deleted'] = 0;
diff --git a/config.php b/config.php
index 936c0ab16d55249bc0ee24d2916a8c515323f913..380fc13631343fc93db8935f9d13afa5201cedf5 100644
--- a/config.php
+++ b/config.php
@@ -44,13 +44,6 @@ class Database {
return $stmt->fetch(PDO::FETCH_ASSOC);
}
- public function selectAllBookComments($bookId){
- $sql = "SELECT * FROM public_comments WHERE bookId = :bookId";
- $stmt = $this->conn->prepare($sql);
- $stmt->execute(['bookId' => $bookId]);
- return $stmt->fetchAll(PDO::FETCH_ASSOC);
- }
-
public function login($id) {
$sql = 'UPDATE users SET is_logged = 1 WHERE id = :id';
$stmt = $this->conn->prepare($sql);
@@ -67,6 +60,8 @@ class Database {
$sql = "UPDATE $tableName SET is_deleted = 1 WHERE id = :id";
$stmt = $this->conn->prepare($sql);
$stmt->execute(['id' => $id]);
+
+ return;
}
public function update($tableName, $id, $data) {
@@ -102,6 +97,12 @@ class Database {
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
+
+ public function deleteAllBookData($tableName, $bookId){
+ $sql = "UPDATE $tableName SET is_deleted = 1 WHERE bookId = :bookId";
+ $stmt = $this->conn->prepare($sql);
+ $stmt->execute(['bookId' => $bookId]);
+ }
}
?>
\ No newline at end of file
diff --git a/deleteBook.js b/deleteBook.js
new file mode 100644
index 0000000000000000000000000000000000000000..064a19adcbfc5a530fb642dae7a2e78ed967a41d
--- /dev/null
+++ b/deleteBook.js
@@ -0,0 +1,34 @@
+document.addEventListener("DOMContentLoaded", () => {
+ const deleteButtons = document.querySelectorAll(".delete-btn");
+
+ deleteButtons.forEach((button) => {
+ button.addEventListener("click", () => {
+ const row = button.closest("tr");
+ const bookId = row.querySelector(".book-id").value.trim();
+ deleteBook(bookId);
+ });
+ });
+});
+
+function deleteBook(bookId) {
+ Swal.fire({
+ title: "Are you sure?",
+ text: "You won't be able to revert this!",
+ icon: "warning",
+ showCancelButton: true,
+ confirmButtonColor: "#3085d6",
+ cancelButtonColor: "#d33",
+ confirmButtonText: "Yes, delete it!",
+ }).then((result) => {
+ if (result.isConfirmed) {
+ fetch("softDeleteBook.php", {
+ method: "POST",
+ headers: {
+ "Content-Type": "application/json",
+ },
+ body: JSON.stringify({ id: bookId }),
+ });
+ location.reload();
+ }
+ });
+}
diff --git a/delete_comment.php b/delete_comment.php
new file mode 100644
index 0000000000000000000000000000000000000000..739d1212701c48ac83a8548258a937558a1b9790
--- /dev/null
+++ b/delete_comment.php
@@ -0,0 +1,24 @@
+<?php
+
+require_once './config.php';
+session_start();
+
+$db = new Database();
+$db->connect();
+
+//checking if the user is logged in
+if(!isset($_SESSION['id'])) {
+
+ header('location: ./index.php');
+ die();
+
+}
+
+$db->delete('public_comments', $_GET['id']);
+$_SESSION['success'] = 'Comment deleted successfully';
+
+header('location: ./book.php?id='.$_GET['bookId']);
+die();
+
+
+?>
\ No newline at end of file
diff --git a/denied_comments.php b/denied_comments.php
new file mode 100644
index 0000000000000000000000000000000000000000..c3701ea1733690485e9b14465bee5f346c36a194
--- /dev/null
+++ b/denied_comments.php
@@ -0,0 +1,76 @@
+<?php
+
+require_once './config.php';
+session_start();
+
+$db = new Database();
+$db->connect();
+
+//checking if the user is logged in
+if(!isset($_SESSION['id'])) {
+
+ header('location: ./index.php');
+ die();
+
+} else {
+ //if user is logged in, check if he is an admin
+ $user = $db->selectById("users", $_SESSION['id']);
+
+ if($user['is_admin'] == 0) {
+ header('location: ./index.php');
+ die();
+ }
+}
+
+$sql = 'SELECT users.fullName,public_comments.id as commentId, public_comments.comment, public_comments.is_approved, public_comments.is_deleted, public_comments.is_denied, book.title, book.id as bookId
+ FROM users JOIN public_comments ON users.id = public_comments.userId
+ JOIN book ON public_comments.bookId = book.id
+ WHERE public_comments.is_denied = 1';
+$stmt = $db->conn->prepare($sql);
+$stmt->execute();
+$allComments = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <script src="https://cdn.tailwindcss.com"></script>
+ <link
+ href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css"
+ rel="stylesheet"
+ integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH"
+ crossorigin="anonymous"
+ />
+ <link rel="stylesheet" href="./style.css" />
+ <title>Document</title>
+</head>
+<body>
+ <table>
+ <thead>
+ <tr>
+ <th scope="col">Comment</th>
+ <th scope="col">User</th>
+ <th scope="col">Book</th>
+ <th scope="col">Action</th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php
+ foreach ($allComments as $comment) {
+ echo "<tr>
+ <td>{$comment['comment']}</td>
+ <td>{$comment['fullName']}</td>
+ <td>{$comment['title']}</td>
+ <td>
+ <a href='./approveLogic.php?id={$comment['commentId']}&bookId={$comment['bookId']}' class='btn btn-outline-dark hover-effect'>Approve</a>
+ </td>
+ </tr>";
+ }
+ ?>
+ </tbody>
+ </table>
+</body>
+</html>
\ No newline at end of file
diff --git a/denyLogic.php b/denyLogic.php
index 9c08a85bf6928561959098854968c5d8870464ba..b14991e22f4be6578275354c69dc4a9a684b8ae9 100644
--- a/denyLogic.php
+++ b/denyLogic.php
@@ -23,6 +23,7 @@ if(!isset($_SESSION['id'])) {
}
$db->update('public_comments', $_GET['id'], ['is_denied' => 1]);
+$db->update('public_comments', $_GET['id'], ['is_approved' => 0]);
header('location: ./pending_comments.php');
die();
diff --git a/notes_logic.php b/notes_logic.php
new file mode 100644
index 0000000000000000000000000000000000000000..3e5f6f2cfe351a2a11d4ef432d266cc34e69c6fc
--- /dev/null
+++ b/notes_logic.php
@@ -0,0 +1,33 @@
+<?php
+
+if($_SERVER['REQUEST_METHOD'] != 'POST') {
+
+ header('location: ./index.php');
+ die();
+
+}
+
+session_start();
+
+if(strlen(trim($_POST['note'])) == 0) {
+
+ $_SESSION['error'] = 'Yout note cannot be empty';
+ header('location: ./book.php?id='.$_POST['bookId']);
+ die();
+}
+
+require_once 'config.php';
+
+$db = new Database();
+$db->connect();
+
+$data = $_POST;
+$data['is_deleted'] = 0;
+
+$db->insert('private_notes', $data);
+$_SESSION['success'] = 'Note has been successfully added';
+header('location: ./book.php?id='.$_POST['bookId']);
+die();
+
+
+?>
\ No newline at end of file
diff --git a/pending_comments.php b/pending_comments.php
index d1e23e19170b2a5bf846b7a9ee493690b3742bc8..28303ab603c7fe32e32adfca46a64d2ec770f7e6 100644
--- a/pending_comments.php
+++ b/pending_comments.php
@@ -24,7 +24,8 @@ if(!isset($_SESSION['id'])) {
$sql = 'SELECT users.fullName,public_comments.id as commentId, public_comments.comment, public_comments.is_approved, public_comments.is_deleted, public_comments.is_denied, book.title
FROM users JOIN public_comments ON users.id = public_comments.userId
- JOIN book ON public_comments.bookId = book.id';
+ JOIN book ON public_comments.bookId = book.id
+ WHERE public_comments.is_approved = 0 AND public_comments.is_deleted = 0 AND public_comments.is_denied = 0';
$stmt = $db->conn->prepare($sql);
$stmt->execute();
$allComments = $stmt->fetchAll(PDO::FETCH_ASSOC);
@@ -47,6 +48,16 @@ $allComments = $stmt->fetchAll(PDO::FETCH_ASSOC);
<title>Document</title>
</head>
<body>
+ <?php
+
+ if(isset($_SESSION['error'])) {
+ echo "<div class='alert alert-danger' role='alert'>
+ {$_SESSION['error']}
+ </div>";
+ unset($_SESSION['error']);
+ }
+
+ ?>
<table>
<thead>
<tr>
@@ -59,18 +70,16 @@ $allComments = $stmt->fetchAll(PDO::FETCH_ASSOC);
<tbody>
<?php
foreach ($allComments as $comment) {
- if($comment['is_approved'] == 0 && $comment['is_deleted'] == 0 && $comment['is_denied'] == 0){
- echo "<tr>
- <td>{$comment['comment']}</td>
- <td>{$comment['fullName']}</td>
- <td>{$comment['title']}</td>
- <td>
- <a href='./approveLogic.php?id={$comment['commentId']}' class='btn btn-outline-dark hover-effect'>Approve</a>
- <a href='./denyLogic.php?id={$comment['commentId']}' class='btn btn-outline-dark hover-effect'>Deny</a>
- </td>
- </tr>";
+ echo "<tr>
+ <td>{$comment['comment']}</td>
+ <td>{$comment['fullName']}</td>
+ <td>{$comment['title']}</td>
+ <td>
+ <a href='./approveLogic.php?id={$comment['commentId']}' class='btn btn-outline-dark hover-effect'>Approve</a>
+ <a href='./denyLogic.php?id={$comment['commentId']}' class='btn btn-outline-dark hover-effect'>Deny</a>
+ </td>
+ </tr>";
}
- }
?>
</tbody>
</table>
diff --git a/removeCommentFromPendingList.php b/removeCommentFromPendingList.php
new file mode 100644
index 0000000000000000000000000000000000000000..08eecb78282a7e08b52b3fe81f76c895f8e1decd
--- /dev/null
+++ b/removeCommentFromPendingList.php
@@ -0,0 +1,31 @@
+<?php
+
+require_once './config.php';
+session_start();
+
+$db = new Database();
+$db->connect();
+
+//checking if the user is logged in
+if(!isset($_SESSION['id'])) {
+
+ header('location: ./index.php');
+ die();
+
+} else {
+ //if user is logged in, check if he is an admin
+ $user = $db->selectById("users", $_SESSION['id']);
+
+ if($user['is_admin'] == 0) {
+ header('location: ./index.php');
+ die();
+ }
+}
+
+$db->delete('public_comments', $_GET['id']);
+$_SESSION['success'] = 'Comment deleted successfully';
+
+header('location: ./book.php?id=' . $_GET['bookId']);
+die();
+
+?>
\ No newline at end of file
diff --git a/softDeleteBook.php b/softDeleteBook.php
new file mode 100644
index 0000000000000000000000000000000000000000..9d31ad325df16a4ca999a5c7c735dce9715a8f74
--- /dev/null
+++ b/softDeleteBook.php
@@ -0,0 +1,23 @@
+<?php
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+ session_start();
+
+ $data = json_decode(file_get_contents('php://input'), true);
+ $bookId = $data['id'];
+
+ require_once 'config.php';
+ $db = new Database();
+ $db->connect();
+
+ $db->delete('book', $bookId);
+ $db->deleteAllBookData('public_comments', $bookId);
+ $db->deleteAllBookData('private_notes', $bookId);
+ $_SESSION['success'] = 'Book has been successfully deleted';
+ header('location: ./book_crud.php');
+ die();
+
+}
+
+?>
\ No newline at end of file