From f2a79e6506b9e902ea7e62c460c9a616192ecb42 Mon Sep 17 00:00:00 2001
From: Joshua Perry <45966243+jpez-development@users.noreply.github.com>
Date: Sun, 20 Nov 2022 15:38:33 +0000
Subject: [PATCH] added reviews and bids

---
 public/listing.php | 91 ++++++++++++++++++++++++++++++++++++----------
 1 file changed, 71 insertions(+), 20 deletions(-)

diff --git a/public/listing.php b/public/listing.php
index c4ed9cf..2dddf7e 100644
--- a/public/listing.php
+++ b/public/listing.php
@@ -2,16 +2,49 @@
 session_start();
 require_once '../functions.php';
 $pageTitle = 'iBuy - Product Listing'; 
+
+$listing = getListing();
+
+$pdo = startDB();
+if (isset($_POST['bidSubmit'])) {
+    $stmt = $pdo->prepare('INSERT INTO bids(amount, user_id, listing_id)
+    VALUES(:amount, :user_id, :listing_id)');
+    $values = [
+        'amount' => $_POST['bid'],
+        'user_id' => $_SESSION['loggedin'],
+        'listing_id' => $listing['listing_id']
+    ];
+    $stmt->execute($values);
+}
+else if (isset($_POST['reviewSubmit'])) {
+    $stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email');
+    $values = [
+        'email' => $listing['email']
+    ];
+    $stmt->execute($values);
+    $user = $stmt->fetch();
+
+    $stmt = $pdo->prepare('INSERT INTO review (review_user, review_date, review_contents, user_id)
+    VALUES (:review_user, :review_date, :review_contents, :user_id)');
+    $values = [
+        'review_user' => $_SESSION['loggedin'],
+        'review_date' => date('Y-m-d'),
+        'review_contents' => $_POST['reviewtext'],
+        'user_id' => $user['user_id']
+    ];
+    $stmt->execute($values);
+}
+
 $pageContent = '<h1>Product Page</h1>
-<article class="product">'. populateContent() .'</article>';
+<article class="product">'. populateContent($listing) .'</article>';
 
 require '../layout.php';
 
 checkListing();
 
-function populateContent() {
+
+function populateContent($listing) {
     $pdo = startDB();
-    $listing = getListing();
     
     $stmt = $pdo->prepare('SELECT * FROM category WHERE category_id = :category_id');
     $values = [
@@ -41,40 +74,58 @@ function populateContent() {
         <p>Auction created by <a href="#">'. $user['first_name'].$user['last_name'] .'</a></p> 
         <p class="price">Current bid: '. $bid['MAX(amount)'] .'</p>
         <time>Time left:'. round((strtotime($listing['endDate']) - strtotime(date('Y-m-d H:i:s')))/60/60,1 ) .' Hours</time>
-        <form action="#" class="bid">
-            <input type="text" name="bid" placeholder="Enter bid amount" />
-            <input type="submit" value="Place bid" />
+        <form action="listing.php?listing_id='.$listing['listing_id'].'" class="bid" method="POST">
+            <input type="number" step="0.1" name="bid" value="'. $bid['MAX(amount)'] .'" />
+            <input name="bidSubmit" type="submit" value="Place Bid" />
         </form>
     </section>
     <section class="description">
     <p>'. $listing['description'] .'</p>
 
 
-    </section>
+    </section>';
 
-    <section class="reviews">
-        <h2>Reviews of User.Name </h2>
-        <ul>
-            <li><strong>Ali said </strong> great ibuyer! Product as advertised and delivery was quick <em>29/09/2019</em></li>
-            <li><strong>Dave said </strong> disappointing, product was slightly damaged and arrived slowly.<em>22/07/2019</em></li>
-            <li><strong>Susan said </strong> great value but the delivery was slow <em>22/07/2019</em></li>
+    $output .= '<section class="reviews">
+        <h2>Reviews of '. $user['first_name'].$user['last_name'].' </h2>
+        <ul>'. getReviews($user['user_id']) .'</ul>
 
-        </ul>
-
-        <form>
+        <form action="listing.php?listing_id='.$listing['listing_id'].'" method="POST">
             <label>Add your review</label> <textarea name="reviewtext"></textarea>
-
-            <input type="submit" name="submit" value="Add Review" />
+            <input type="submit" name="reviewSubmit" value="Add Review" />
         </form>
     </section>';
 
+    
+
     if($user['user_id'] === $_SESSION['loggedin']) {
         $output .= '<a href ="account/editAuction.php?listing_id='. $listing['listing_id'] . '">edit</a>';
     }
 
     return $output;
 }
+
+function getReviews($user_id) {
+    $pdo = startDB();
+    $output = '';
+    $stmt = $pdo->prepare('SELECT * FROM review WHERE user_id = :user_id');
+    $values = [
+        'user_id' => $user_id
+    ];
+    $stmt->execute($values);
+    $reviews = $stmt->fetchAll();
+
+    
+
+    foreach ($reviews as &$review) {
+        $stmt = $pdo->prepare('SELECT * FROM users WHERE user_id = :user_id');
+        $values = [
+            'user_id' => $review['review_user']
+        ];
+        $stmt->execute($values);
+        $user = $stmt->fetch();
+        $output .= '<li><strong>'.$user['first_name'].$user['last_name'].' said </strong>'.$review['review_content'].' <em>'. $review['review_date'] .'</em></li>';
+    }
+}
+
 ?>
-//TODO: add functionality for bid form
-//TODO: add functionality for review form
 //TODO: add bid history
\ No newline at end of file