db = $database->getConnection(); $this->review = new Review($this->db); } public function getReviews($params) { $product_id = $params['product_id']; $reviews = $this->review->getReviewsByProduct($product_id); http_response_code(200); echo json_encode(array("reviews" => $reviews)); } public function createReview() { $data = json_decode(file_get_contents("php://input")); if (!isset($data->product_id) || !isset($data->rating) || !isset($data->comment)) { http_response_code(400); echo json_encode(array("message" => "Missing required fields")); return; } // Get user ID from token (assuming JWT or session) $headers = getallheaders(); $token = isset($headers['Authorization']) ? str_replace('Bearer ', '', $headers['Authorization']) : ''; if (!$token) { http_response_code(401); echo json_encode(array("message" => "Access denied. No token provided.")); return; } // Decode token to get user_id (implement proper JWT decoding) // For now, we'll assume user_id is passed in the request if (!isset($data->user_id)) { http_response_code(400); echo json_encode(array("message" => "User ID required")); return; } // Check if user has already reviewed this product if ($this->review->userHasReviewed($data->user_id, $data->product_id)) { http_response_code(400); echo json_encode(array("message" => "You have already reviewed this product")); return; } $this->review->user_id = $data->user_id; $this->review->product_id = $data->product_id; $this->review->rating = $data->rating; $this->review->comment = $data->comment; $this->review->is_approved = 0; // New reviews need approval - back to requiring approval $this->review->is_visible = 0; // Not visible until approved - back to requiring approval if ($this->review->create()) { http_response_code(201); echo json_encode(array("message" => "Review created successfully. Waiting for approval.")); } else { http_response_code(503); echo json_encode(array("message" => "Unable to create review")); } } public function updateReview($params) { $data = json_decode(file_get_contents("php://input")); $review_id = $params['id']; if (!isset($data->rating) || !isset($data->comment) || !isset($data->user_id)) { http_response_code(400); echo json_encode(array("message" => "Missing required fields")); return; } $this->review->id = $review_id; $this->review->user_id = $data->user_id; $this->review->rating = $data->rating; $this->review->comment = $data->comment; if ($this->review->update()) { http_response_code(200); echo json_encode(array("message" => "Review updated successfully")); } else { http_response_code(503); echo json_encode(array("message" => "Unable to update review")); } } public function deleteReview($params) { $data = json_decode(file_get_contents("php://input")); $review_id = $params['id']; if (!isset($data->user_id)) { http_response_code(400); echo json_encode(array("message" => "User ID required")); return; } $this->review->id = $review_id; $this->review->user_id = $data->user_id; if ($this->review->delete()) { http_response_code(200); echo json_encode(array("message" => "Review deleted successfully")); } else { http_response_code(503); echo json_encode(array("message" => "Unable to delete review")); } } public function getProductRating($params) { $product_id = $params['product_id']; $rating_data = $this->review->getAverageRating($product_id); http_response_code(200); echo json_encode($rating_data); } public function getAllReviews() { $limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 10; $offset = isset($_GET['offset']) ? (int)$_GET['offset'] : 0; $include_hidden = isset($_GET['include_hidden']) ? (bool)$_GET['include_hidden'] : true; $reviews = $this->review->getAllReviews($limit, $offset, $include_hidden); http_response_code(200); echo json_encode(array("reviews" => $reviews)); } public function approveReview($params) { $review_id = $params['id'] ?? null; if (!$review_id) { http_response_code(400); echo json_encode(array("success" => false, "message" => "Review ID required")); return; } if ($this->review->approveReview($review_id)) { http_response_code(200); echo json_encode(array("success" => true, "message" => "Review approved successfully")); } else { http_response_code(503); echo json_encode(array("success" => false, "message" => "Unable to approve review")); } } public function hideReview($params) { $review_id = $params['id'] ?? null; if (!$review_id) { http_response_code(400); echo json_encode(array("success" => false, "message" => "Review ID required")); return; } if ($this->review->hideReview($review_id)) { http_response_code(200); echo json_encode(array("success" => true, "message" => "Review hidden successfully")); } else { http_response_code(503); echo json_encode(array("success" => false, "message" => "Unable to hide review")); } } public function showReview($params) { $review_id = $params['id'] ?? null; if (!$review_id) { http_response_code(400); echo json_encode(array("success" => false, "message" => "Review ID required")); return; } if ($this->review->showReview($review_id)) { http_response_code(200); echo json_encode(array("success" => true, "message" => "Review shown successfully")); } else { http_response_code(503); echo json_encode(array("success" => false, "message" => "Unable to show review")); } } public function deleteReviewAdmin($params) { $review_id = $params['id'] ?? null; if (!$review_id) { http_response_code(400); echo json_encode(array("success" => false, "message" => "Review ID required")); return; } if ($this->review->deleteReview($review_id)) { http_response_code(200); echo json_encode(array("success" => true, "message" => "Review deleted successfully")); } else { http_response_code(503); echo json_encode(array("success" => false, "message" => "Unable to delete review")); } } } ?>